European Case Law Identifier: | ECLI:EP:BA:2013:T039810.20131009 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Date of decision: | 09 October 2013 | ||||||||
Case number: | T 0398/10 | ||||||||
Application number: | 06710774.8 | ||||||||
IPC class: | G06F 21/00 | ||||||||
Language of proceedings: | EN | ||||||||
Distribution: | D | ||||||||
Download and more information: |
|
||||||||
Title of application: | Method, device, system, token creating authorized domains | ||||||||
Applicant name: | Koninklijke Philips N.V. | ||||||||
Opponent name: | - | ||||||||
Board: | 3.5.06 | ||||||||
Headnote: | - | ||||||||
Relevant legal provisions: |
|
||||||||
Keywords: | Original disclosure - yes (after amendment) Clarity - yes (after amendment) Inventive step - 'first' and 'third auxiliary requests' (no), 'fourth auxiliary request' (yes, after amendment) |
||||||||
Catchwords: |
- |
||||||||
Cited decisions: |
|
||||||||
Citing decisions: |
|
Summary of Facts and Submissions
I. The appeal lies against the decision of the examining division, with written reasons dated 27 November 2009, to refuse the European patent application no. 06710774.8 for lack of an inventive step without reference to any specific prior art document.
II. An appeal was lodged on 15 January 2010 and the appeal fee was paid on the same day. A statement of grounds of appeal was filed on 3 February 2010. It was requested that the decision be set aside and a patent be granted based on the claims according to a main request as then on file or according to first or second auxiliary requests as filed with the grounds of appeal. For the auxil iary requests, amended description pages were also filed.
III. With a summons to oral proceedings, the board informed the appellant about its preliminary opinion. The board raised a number of clarity objections, Article 84 EPC 1973. It also cited two documents that had been re ferred to during the examination procedure, namely:
D1: WO 2004/038568 A2, and
D3: van den Heuvel S et al., "Secure Content Manage ment in Authorised Domains", Philips Research; pub lished in the Proceedings of the IBC Confe rence, September 2002, pages 467-474,
and argued that the independent claims of all three pen ding requests lacked an inventive step over D1 and D3, Article 56 EPC 1973.
IV. In response to the summons, with letter dated 6 Sep tember 2013, the appellant withdrew the main and second auxiliary requests, filed amended claims according to the first auxiliary request and new claims according to a third and a fourth auxiliary re quest. The labels "first", "third" and "fourth" were kept for the three remaining requests. Amended description pages for each of the three requests were also filed.
V. Oral proceedings were held as summoned on 9 October 2013 during which the appellant filed amended claims according to each of the pending requests. For the "fourth" auxiliary request amended description pages were also filed. The appellant requested the grant of a patent based on the following application documents:
"First auxiliary request"
claims, no.
1-9 as filed during the oral proceedings;
description, pages
1, 11-24 as originally filed;
2,3 filed on 14 August 2009;
4-10 filed on 6 September 2013; and
drawings, sheets
1-8 as originally filed
"Third auxiliary request"
claims, no.
1-9 as filed during the oral proceedings;
description, pages
1, 11-24 as originally filed;
2,3 filed on 14 August 2009;
4-8 filed on 6 September 2013; and
drawings, sheets
1-8 as originally filed
"Fourth auxiliary request"
claims, no.
1-6 as filed during the oral proceedings;
description, pages
1, 12-24 as originally filed;
2,3 filed on 14 August 2009;
5,6,8 filed on 6 September 2013;
4, 7, 11 filed during the oral proceedings; and
drawings, sheets
1-8 as originally filed.
VI. Independent claim 1 of the first auxiliary request reads as follows:
"A method (100) for creating, on a device (200) comprising a digital rights management system, a controlled device environment within which a content item (104) can be used by a limited number of persons based on a right (103) bound only to a first person, the right allowing the first person to perform said actions on the content item (104), the controlled device environment arranged for enabling a second person to exercise the right (103) on the device, the device being bound (108) to the first person (105), wherein the device binding the first person (105) comprises the first person being authenticated or identified by the device, the method (100) comprising:
- the device (200) binding to the second person (106) wherein the binding comprises the device (200) identifying or authenticating (119) the second person, whereby the second person (106) is added to the controlled device environment on the device (200); and
- the device (200) granting (110) the second person (106) to perform said actions on the content item (104) in response to the first person and the second person being bound to the device, without requiring the digital rights management system to transfer the right (103) bound only to the first person to the second person (106)."
Independent claim 1 of the third auxiliary request reads as follows:
"A method (100) for creating, on a device (200) comprising a digital rights management system (400), a controlled device environment within which an encrypted content item can be used by a limited number of persons based on a digital content license bound only to a first person, the digital content license allowing the first person to decrypt the encrypted content item using a decryption key and to perform certain actions on the decrypted content item (104), the controlled device environment arranged for enabling a second person to exercise the digital content license (103) on the device, provided that the device is bound (108) to the first person (105), wherein the device (200) being bound to the first person (105) comprises the first person being authenticated or identified by the device and the device having added a first identifier of the first person (105) to a user identifier list, the method (100) comprising:
- the device (200) binding to the second person (106) wherein the binding comprises the device (200) identifying or authenticating (119) the second person and adding a second identifier of the second person (106) to the user identifier list provided that the number of persons on the user identifier list is below a predetermined threshold, whereby the second person (106) is added to the controlled device environment on the device (200);
- the device (200) granting (110) the second person (106) to decrypt the encrypted content item using a decryption key associated with the encrypted content item and exercise one of said actions on the decrypted content item based on the digital content license (103) bound only to the first person, provided that the first identifier and the second identifier are in the user identifier list, the granting without requiring the digital rights management system to transfer the digital content license (103) to the second person (106); and
- the device (200) subject to the granting (110) decrypting the encrypted content item and exercising the one of said actions on the decrypted content item for the second person."
The first and third auxiliary requests each comprise an independent device claim formulated in terms closely corres ponding to the respective claim 1.
Independent claim 1 of the fourth auxiliary request co in cides with claim 1 of the third auxiliary request ex cept that the word "limited" was discarded and at the end the following features are added:
"- the device unbinding the first person on user request or after a predetermined time interval following the device binding the first person, the unbinding comprising removal of the first identifier from the user identifier list,
- the device (200) subject to the unbinding of the first person no longer granting the second person to decrypt the encrypted content item using a decryption key associated with the encrypted content item and to exercise the one of said actions on the decrypted content item based on the digital content license."
Independent claim 5 of the fourth auxiliary reads as follows:
"A device (200) for creating, on the device (200) comprising a digital rights management system (400), a controlled device environment within which an encrypted content item can be used by a number of persons based on a digital content license bound only to a first person, the digital content license allowing the first person to decrypt the encrypted content item using a decryption key and to perform certain actions on the decrypted content item (104), the controlled device environment arranged for enabling a second person to exercise the digital content license (103) on the device, provided that the device is bound to the first person,
the device (200) comprising:
- means arranged for binding the device (200) to the first person (105) wherein the binding comprises the device identifying or authenticating the first person and adding a first identifier of the first person to the user identifier list;
- means arranged for binding the device (200) to the second person (106) wherein the binding comprises the device (200) identifying or authenticating (119) the second person and adding a second identifier of the second person (106) to the user identifier list provided that the number of persons on the user identifier list is below a predetermined threshold, whereby the second person (106) is added to the controlled device environment on the device (200);
- means arranged for granting (110) the second person (106) to decrypt the encrypted content item using a decryption key associated with the encrypted content item and exercise one of said actions on the decrypted content item based on the digital content license (103) bound only to the first person, provided that the first identifier and the second identifier are in the user identifier list, the granting without requiring the digital rights management system to transfer the digital content license (103) to the second person (106),
- means arranged for, subject to the granting (110), decrypting the encrypted content item and exercising the one of said actions on the decrypted content item for the second person
- means arranged for unbinding the first person on user request or after a predetermined time interval following the device binding the first person, the unbinding comprising removal of the first identifier from the user identifier list, and
- means arranged for, subject to the unbinding of the first person, no longer granting the second person to decrypt the encrypted content item using a decryption key associated with the encrypted content item and to exercise the one of said actions on the decrypted content item based on the digital content license."
VII. At the end of the oral proceedings, the chairman announced the decision of the board.
Reasons for the Decision
The invention
1. The application relates to digital rights ma nage ment (DRM). Such sys tems limit what users may do with digi tal content or, depending on perspective, enable users to use content (only) in certain ways. This is prima rily in the interest of the digital content providers and may be a nuisance for users, e.g. when it hinders free exchange of purchased content on and between de vi ces of the user's home network. The appli ca tion is con cerned with the balance between the interests of the con tent pro viders and the users.
1.1 As a solution to this problem the appellant has in tro duced the concept of "authorized domains" in previous publications (inter alia, see D1, page 1, lines 23-24; D3, para graph bridging pages 1-2; and the other do cu ments cited in the original description, page 2, line 11 - page 4, line 2). The "basic prin ciple" of autho rized domains is stated as "hav[ing] a controlled net work en vi ronment in which content can be used re la tive ly free ly as long as it does not cross [its] bor der" (see original description, page 2, lines 1-3).
1.2 In this context, the application is specifically con cerned with enabling users to share content with others, for instance when watching a video at a friend's place.
1.3 In a nutshell, the description proposes as a solution that a user of a gi ven device shall be allowed to use content acquired by another user provided that and as long as the latter has enabled this sharing by an ex pli cit action such as logging on to the device. This gives rise to a notion of an "authorized domain" which con sists, at any point in time, of all the users which have actively enabled the sharing of their content, for instance of all users which are logged-on at the same time (see page 15, lines 29-30). Users may leave an au thorized domain on request (e.g. by logging off) or be removed after a fixed pe ri od of time (see e.g. page 20, lines 7 and 8).
1.4 The independent claims of the first auxiliary request relate to "creating", on a "de vice com pri sing a digital rights manage ment system", a "controlled device envi ron ment" for "enabling a second person to exercise [a] right" relating to a "content item" even though the right is "bound only to a first person", provided that the device is "bound" to the first person, i.e. the first person has been "iden ti fied or authenticated" by the device (e.g. by way of a log-on procedure; see page 5, lines 21-22 and 30-33). If, then, the device also "bind[s] to the se cond per son", it will grant the se cond per son to exercise the right (or li cense) "with out requiring the trans fer of the right to the second person".
1.5 The independent claims of the third auxiliary request re fer to a "digital content license" instead of a "right". They also specify that content items are held in en crypted form and are decrypted when access is gran ted. Furthermore, they specify a "user identifier list" of limited size to which identifiers of the first and second per sons are added when they are bound by the device and to which the granting refers: The second per son is gran ted access to a con tent item belonging to the first person only if the identifiers of both persons are on the list.
1.6 The independent claims of the fourth auxiliary request further specify an operation of "unbinding" the first person from the device according to which the first iden tifier is removed from the user identifier list and the second person is no longer allowed to use the con tent item based on the digital content license bound to the first person.
Article 123 (2)
2. The board is of the opinion that the independent claims according to all three requests conform with Ar ticle 123 (2) EPC - except for a deficiency of claim 3 of the third auxiliary request which the appellant was pre pared to overcome by amendment (see point 2.6 below).
2.1 The independent claims of all requests refer to a "con trolled de vice environment" instead of an "authorized domain" as ori ginally claimed. On page 2 of the ori gi nal de scrip tion, the term "controlled network environ ment" is used to explain authorized domains. It is also disclosed, however, that the environ ment may be li mi ted to a single device (see e.g. page 4, lines 24-25 and fig. 7; see also the original claims). The board is thus of the opinion that the notion of a "con trolled device environment" is dis closed in the appli cation as ori ginally filed as a special case of a "controlled net work environment".
2.2 It is specified in all requests (if in slightly diffe rent words) that within the con trolled device en vi ron ment "a content item can be used by a number of persons based on a right bound only to a first person". The inven tion as de scribed is con cerned with granting a se cond person - and further per sons, possib ly up to a li mit (see e.g. page 15, lines 29-30, and page 17, lines 13-14) - a right which is bound to a first person (see ori gi nal page 4, lines 17-19; page 6, lines 15-17) and, in view of the fact that "[r]ights are always bound to a single per son" (see page 17, line 13), indeed only bound to the first per son.
2.3 The description discloses that granting of the right to the second person requires the device to be "associated to the second person" (page 6, line 1) which may "com prise the device binding to the second person". It is thus originally disclosed that the sharing of rights may require both persons to be bound to the device. Fur thermore, the description discloses that a device may "bind to a person" by the person "identifying or au thenticating at the device" (page 5, lines 30-33).
2.4 That the "right" might be a "content license" (see the third and fourth auxiliary requests) is dis closed on pages 15 (lines 11-12) and 17 (line 14). It is implicit in the given context that content, rights and licenses are all "di gi tal" objects. That "[t]he granting does not require the right to be transferred" is disclosed on page 6 (lines 17-19).
2.5 The original description discloses that "[t]he content item may be encrypted and the right may comprise access to a decryption key for decrypting the content" (page 10, lines 29-30). For many operations on the di gi tal con tent, such as playing a tune or a video or rendering an image, decryption is an implicit precon di tion: The description discloses that the ability to exer cise a right may include the ability to decrypt con tent; rights to decrypt are also disclosed (page 4, lines 27-28 and 33-34). The board therefore concludes that both the "allowing", resp. "granting", the first or second person "to de crypt the encrypted con tent" and the actu al "de cryp ting the encrypted con tent item" in response to the gran ting, as required in the third and fourth auxiliary requests, is disclosed in the original appli cation do cu ments.
2.6 Claim 3 of the third auxiliary request specifies that the digital content license "comprises the decryption key" whereas the description merely discloses that the right may "comprise access to a decryption key" which does not imply that the decryption itself is comprised in the right or license. Claim 3 of the third auxiliary requests thus infringes Article 123 (2) EPC. Claim 2 of the fourth auxiliary request specifies that the license merely "comprises access to the decryption key" which is in line with the description and hence not defi cient in this respect. During oral proceedings, the appellant expressed its willingness to amend claim 3 of the third auxiliary request accordingly.
2.7 The description discloses the use of a "list of UserIDs" to which a user ID may be added whenever a per son logs on and from which a user ID may be deleted after expiry. The description also discloses that the ex piry time may be "reset" by a log-on, i.e. that the ex piry time starts with the log-on operation (see page 20, lines 1-8). Elsewhere, the description dis cusses the "adding and removing [of] sharing possi bi li ties" by ex piry of a log-on or "by explicit removal triggered by the user" (page 17, lines 26-28). In the board's view, the skilled person would thus understand, directly and unambiguously, that "unbinding on user re quest" may "com prise removal of the" respective user ID "from the user identifier list" as specified in claims 1 and 5 of the fourth auxiliary request. Furthermore, the de scrip tion discloses that the "process" of binding a device to a person "is also referred to as log-on in this text" (see page 13, lines 28-29). This is unfortu nate in view of the fact that the description also dis closes "log-on" as only one instance of "binding" (see page 5, lines 30-33). Nevertheless, the skilled person would, in the board's view, directly and unambiguously under stand the term "log-on" as a synonym to "binding" in at least what follows the express statement on page 13. There fore, even though the discussion on page 20 lite ral ly refers only to persons logging on to a device, the skilled person would take this to disclose that the list of user IDs may also be main tained in res ponse to other forms of "binding" a device to a person, in par ti cular in response to a device "identi fy ing or au then ticating" a person as claimed. That the number of users that can be simultaneously bound by a device is limited by a threshold is disclosed, inter alia, on page 22, line 28-29 or page 23, lines 10-11. In summary, the fea tures rela ting to the user list in the independent claims of the fourth auxiliary request do not, in the board's judgment, go beyond the content of the appli ca tion as originally filed.
Claim construction and clarity, Article 84 EPC 1973
3. The board is of the opinion that the claims accor ding to the pending requests are clear in the sense of Article 84 EPC 1973. Some of the terms and phrases used in the claims must however be properly construed.
4. The description uses the term "binding" for three ra ther diffe rent relations, between devices and persons, be tween persons and content, and between persons and rights (see page 13, lines 5-9 and page 17, 13-14). the board takes the language an item X binding another item Y as meaning that X has a reference to Y but not ne cessa rily vice versa. The appellant confirmed this in ter pretation during the oral proceedings.
4.1 Even though the description stresses that the "di rec tion of these relations is of importance" (page 13, line 10) it uses the term "binding" rather sloppily. The de scription explains that "a person binds to con tent by means of rights" (page 13, lines 10-11) but the role of the rights in this indirect relation is neither expli cit ly described nor depicted (see fig. 1 and 2). Spe ci fically, it is not explicated how a right bound to a per son can mediate the relation between a person and con tent which has the inverse direction. Also, while the original description discloses that rights are bound to persons (loc. cit.), original claim 1 referred to a person bound to a right. Furthermore, the de scrip tion talks about a "person hold[ing] rights" without ex plaining the relation of "holding" and "binding".
4.2 The description, in order to explain the importance of the direction of the binding relations, states that "[t]here is no direct relation from content ... to person ..., meaning that a content ... may be bound ... to many persons" (page 13, lines 11-12). A similar state ment is made about devices and persons (page 13, lines 16-17). The board considers this explanation to be misleading: A content item may "be bound to" many per sons, independent of the direction of the relation. for illustration it is noted that the description appears not to have problem with a directed relation from per son to content even though persons would nor mally "be bound to" several content items.
4.3 The board is of the opinion that the description in this respect is deficient. However, the board also con siders that these deficiencies would be apparent to the skilled person desirous of understanding the appli ca tion and therefore do not cause a lack of cla rity of the claims. Rather, the board considers that the skilled person would inter pret the term "binding" in the claims as follows:
- A device "bound" to a person holds - i.e. stores - the identity of the person.
- A right, by nature, relates a content item with a person and thus refers to - i.e. "binds to" - both the person and content item.
- All rights relating to - i.e. held by - the same per son must be retrievable when the person and the desired content item are known. This is possible for instance by a trivial (al beit impractical) ite ra tion over all rights existing on the device. In this sense, a person "binds to content by means of rights".
4.4 The crucial element of the invention as claimed is that the second person is granted a first person's rights on ly on the condition that the latter is bound to the same de vice.
5. The claims of all requests require that the second per son is granted access to desired digital content only on the condition that the first and the second person are "bound to the device", meaning that both have been "authenticated or identified" by the device. It is there fore necessary to interpret the operation of "iden tifying or authenticating" and to assess whether the mentioned condition implies any limi ta tion on the claimed "digital rights management sys tem" or "con trolled device environment".
5.1 The board is of the opinion that it is consistent with the claims of the first auxiliary request to consider all users to have been "authenticated or iden tified" by the device if they have undergone an initial registra tion proce dure, in particular one which requires users to iden tify (e.g. by giving their name and address) and/or authenticate themselves (by providing an access code they may have bought or by confirming a password they may have chosen themselves). In the board's judg ment it is further consistent with the claims to assume that a user registra tion will normally not expire so that a user, once re gis tered, will remain "authentica ted or iden tified" for an unlimited period of time. From this perspective, the independent claims of the first auxiliary request allow the reading that any registered user can exercise the rights of all other regis tered users. Furthermore, the claimed controlled device environment, relying on the fact that any con tent on the device belongs to a registered user, may give any "second person" access to rights "bound only to a first person" without having to perform any addi tional check. This interpretation is central for the board's assess ment of inventive step (see below).
5.2 With regard to the claims of the third auxiliary re quest the board notes that the maintenance of a "users list" does not contradict this interpretation if one assumes that the registration procedure maintains a list of registered users.
5.3 In contrast, the independent claims of the fourth auxil ia ry request specify that the first person may be unbound from the device and that, as a consequence, the second person is no longer granted the pertinent right. In the board's view this implies that the claimed con trolled device environment has to perform a check to estab lish whether the first and second persons are bound to the device before the second person is granted the desired right.
The prior art
6. DRM systems are, per se, widely known in the art, which is conceded by the description itself (see page 1, lines 17-20). As commonly understood, DRM systems con trol users' access to digital content by reference to some form of digital rights which define whether, under which conditions, at what price, and to what extent a user can use the content - e.g. play a tune, watch a movie, run a program.
7. D1, cited in the application (see page 3, line 2), also dis closes a form of authorized domains. As the present application, the systems according to D1 are based on content, persons, and rights linking in di vidual users to pieces of content (see page 6, last paragraph, and page 7, lines 21-22). Content is encrypted and must be decryp ted before use (see e.g. page 7, lines 21-25). Normally, a person is granted access to a piece of con tent only if there is a right directly authorizing this person accor dingly (see page 8, last paragraph). Beyond that, D1 discloses the definition of groups of users by way of a suitable "domain certi fi cates" within which con tent may be shared. That is, two users of the system may share content pro vided that there is a "domain cer ti ficate" which "connects" them (see page 4, lines 26-28; see e.g. page 9, last paragraph - page 10, 1st pa ra graph; page 11, lines 21-26).
8. In D3, also cited in the application (page 2, lines 11-14), "authorised domains" are defined as a set of com pliant units (see page 2, 3rd paragraph), i.e. de vices. Rights belong to a domain: That is, they may be exer cised at all devices within the domain but not out side of it (see e.g. page 6, penult. line; page 7, lines 5-6). Conse quently, content is shared between the users if they operate devices within a common autho rized do main. According to D3, rights are encrypted with a domain-specific key accessible by all devices with in that do main (page 6, item "1" in section "AD de vice management" and on top of page 7).
Inventive step
First auxiliary request
9. The board considers that its perspective on inventive step can most clearly be presented without specific reference to either D1 or D3.
9.1 Rather, the board starts from any given multi-user com pu ter - say, a conventional PC - running some DRM sys tem which grants access to digital content only to the user having a respective right. The board deems such sys tems to be well-known in the art. D1 and D3 show such devices, but the additional details of the DRM sys tems according to D1 or D3 are not relevant for the board's argument.
9.2 The board considers that, in this context, it would na tu rally happen that one legitimate user of the device may want to access a protected piece of di gi tal con tent that another user has validly acquired.
9.3 In the board's judgment it would be an obvious solution to this problem to allow all users of a given device to share content as a matter of policy. To implement this policy the board sees two straightforward alternatives:
(i) The DRM system might simply reinterpret the exis ting digital rights, thereby taking a right rela ting to some content as extending over all users of the device.
(ii) New digital rights might be issued which express verbatim that they may be shared by others.
In the latter case (ii), the existing DRM system would not have to be changed at all: It would suffice if it continued to interpret all rights according to its li te ral meaning. In the former case (i), the DRM sys tem would merely have to ignore the person mentioned in an exis ting right, which the board considers as an imme di ate and obvious implementation of the above po licy.
9.4 The board tends to consider the choice of policy as a non-tech nical issue which ipso facto could, according to estab lished jurisprudence of the boards of appeal, appear in the formulation of the technical problem to be solved (see T 641/00, OJ EPO 2003, 352; headnote 2).
9.5 In the present case, however, this question may be left open because the board anyway considers the above po li cy as an obvious solution to a problem that naturally arises.
9.6 The board stresses that this ar gument also remains valid when starting from D1. It will, in the board's view, natu rally occur that a legitimate user of a de vice accor ding to D1 wants to access a piece of content even though this user is not mentioned in any relevant do main certifi cate. This may happen, say, to a tempora ry guest of a family whose domain cer tificate only lists the family members (see D1, p. 11, lines 21-22). The immediate solution, to give the guest access to the account of some family member may appear in appropriate for security reasons. As argued above, however, this problem can be solved in a straightfor ward manner by allowing all users of a single device to share content freely.
9.7 As a consequence, the board concludes that the indepen dent claims of the first auxiliary request lack an in ventive step both over common knowledge and over D1, Article 56 EPC 1973.
Third auxiliary request
10. The additional features of the independent claims of the third auxiliary request relate to
(a) the maintenance of a user list holding iden ti fi ers per sons having been "authenticated or iden ti fied" and thus "being bound" by the device, up to a pre de termined threshold, and the con di tion that the second person is granted the de sired right "pro vi ded that the first identifier [of the first person] and the second identifier [of the second person] are in the user identifier list", and to
(b) the fact that content is provided in encrypted form and that a content item is decrypted when access to it has been granted.
(c) Furthermore, the third auxiliary requests refers to a "digital content license" instead of a "right".
10.1 Re. difference (a): The board considers it obvious for a device to maintain a list of all validly registered users. As argued above (point 5.2) such a list quali fies as the claimed user identifier list. It is common practice that such lists may only grow up to a limit defined by some predetermined system constant. The board fur ther considers it obvious that, in the situa tion addressed by the claims, the iden tifier of both the "first" and the "second person" are on this list and that, hence, this precon di tion of the claimed gran ting is trivially satisfied and need not be checked. The sce nario considered for the inventive step assess ment of the first auxiliary request therefore remains con sis tent with the independent claims of the third auxiliary request.
10.2 Re. difference (b): The use of encryption to regulate access to protected digital content is, in the board's view, standard prac tice in the field of DRM. This opin ion, when pre sented by the board during oral proceedings, was not challenged by the appellant. Moreover, at least D1 discloses the use of encryption and decryption in the context of DRM (see e.g. page 7, lines 21-25).
10.3 Re difference (c): In the given context, the skilled person would understand both the terms "digital content license" and "right" to refer to some kind of digital object linking a person and a content item. From a technical perspective, the board does not see any difference between them.
10.4 The board thus considers that the additional fea tures are insufficient to overcome the assessment given above for the first auxiliary request and concludes that the independent claims of the third auxiliary request also lack an inventive step, Article 56 EPC 1973.
Fourth auxiliary request
11. The additional features of the independent claims of the fourth auxiliary request relate to
(c) the operation of "unbinding the first person", be it "on user request or a after a predetermined time interval following the device binding the first person" , and
(d) the fact that, as a consequence, the "device no longer granting the second person" the desired access.
11.1 In the board's judgment these additional features are sufficient to distinguish the initial registration of users at a device from the claimed "binding" of persons to devices. Specifically, the claims now invalidate the assumption made above that registered users will remain on the list for an unlimited period of time and that, therefore, the first and second persons can, without a dedicated check, be assumed to be on the list.
11.2 Rather, due to the additional features the board con si ders that the independent claims now imply that the claimed device must check, before granting the desired right the second person, whether the first person is pre sently "bound to" the device.
11.3 The claimed invention therefore does not merely imple ment the policy that all registered users at the device can share content amongst themselves. Rather, any hol der of a right retains some control over whether and when it wants to share its content with other users.
11.4 The claimed subject matter thus provides a simple and secure man ner in which users of a device can share di gi tal con tent - i.e. without the need to transfer rights between users and without affecting the sepa ra tion between user accounts - while, at the same time, retaining some control about the use of their content.
11.5 The provision of such a control mechanism by which users may actively enter or leave a sharing "state" goes beyond a mere policy issue but, rather, solves the above problem (point 11.4) with technical means.
11.6 These means are neither disclosed in nor, in the board's judgment, suggested by documents D1 or D3 or the common general knowledge in the art. The board therefore concludes that the independent claims of the fourth auxiliary request show the required inventive step, Article 56 EPC 1973.
ORDER
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first in stance with the order to grant a patent on the basis of:
claims, no.
1-6 of the fourth auxiliary request as filed during the oral proceedings;
description, pages
1, 12-24 as originally filed;
2, 3 filed on 14 August 2009;
5, 6, 8 filed on 6 September 2013;
4, 7, 11 filed during the oral proceedings; and
drawings, sheets
1-8 as originally filed.