| European Case Law Identifier: | ECLI:EP:BA:2014:T078010.20140709 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Date of decision: | 09 July 2014 | ||||||||
| Case number: | T 0780/10 | ||||||||
| Application number: | 00986344.0 | ||||||||
| IPC class: | G06F 1/00 | ||||||||
| Language of proceedings: | EN | ||||||||
| Distribution: | D | ||||||||
| Download and more information: |
|
||||||||
| Title of application: | INTER-SERVER COMMUNICATION USING REQUEST WITH ENCRYPTED PARAMETER | ||||||||
| Applicant name: | MICROSOFT CORPORATION | ||||||||
| Opponent name: | - | ||||||||
| Board: | 3.5.06 | ||||||||
| Headnote: | - | ||||||||
| Relevant legal provisions: |
|
||||||||
| Keywords: | Amendments - added subject-matter (no) Remittal to the department of first instance |
||||||||
| Catchwords: |
- |
||||||||
| Cited decisions: |
|
||||||||
| Citing decisions: |
|
||||||||
Summary of Facts and Submissions
I. The appeal is directed against the decision of the examining division, posted on 9 November 2009, to refuse the application 00986344. The reason for the refusal was lack of inventive step over the following document:
D1 WO 96 42041 A, 27 December 1996.
II. A notice of appeal was received on 11 January 2010. The fee was received the same day. A statement of the grounds of appeal was received on 8 March 2010. Claim sets of a main and an auxiliary request were filed.
III. The board issued a summons to oral proceedings. Considering the significant amendments to the claimed subject-matter which had been introduced in the course of prosecution of the application, including to the purpose (from "A method of communicating with a first computing device" to "A method for facilitating electronic content distribution by a retail computing device"), the board concurred that D1 was no longer the most appropriate starting point for considering inventiveness. Accordingly, the board chose to start from another document cited in the international search report, but not used in the examination procedure:
D2 WO 98 58306 A, 23 December 1998.
The board gave reasons for its preliminary opinion that claim 1 of the main request lacked an inventive step over D2 (Article 56 EPC). Furthermore, with respect to the auxiliary request, the feature of a public portion of a key pair to be included in the encrypted information of the HTTP request, which had been added to claim 1 of the auxiliary request, was objected to as not being originally disclosed (Article 123(2) EPC).
IV. In a letter dated 6 June 2014, the appellant filed a marked-up version of the auxiliary request highlighting the amendments as compared to the main request and including references to passages in the original application. Description page 2a was also amended to acknowledge D2.
V. Oral proceedings were held on 9 July 2014 during which the appellant filed an amended claim set and withdrew all other requests. At the end of the oral proceedings, the board announced its decision.
VI. The appellant requests that the decision be set aside and a patent be granted on the basis of claims 1-37 filed during the oral proceedings.
The further text on file is: description pages 1, 3-63 as published, pages 2, 2b, 64 filed on 20 April 2005, page 2a filed on 6 June 2014; drawing sheets 1-8 as published.
VII. Claim 1 reads as follows:
"1. A method for facilitating electronic content distribution by a retail computing device (71, 72, 74) configured to provide functionality for a retailer of electronic content, said method comprising:
receiving, at the retail computing device from a client computing device (90, 92), a purchasing order for electronic content;
encrypting, at the retail computing device, information including at least a set of parameters relating to the purchased electronic content (10), the set of parameters comprising at least an identification of the electronic content, the encrypted information being destined for a content computing device (78) configured to provide the electronic content, the content computing device being different from the client computing device and from the retail computing device;
creating, at the retail computing device, an HTTP request which includes an address of said content computing device and the encrypted information; and
transmitting said HTTP request from the retail computing device to the client computing device allowing the client computing device to supplement said HTTP request with a public portion of a key pair associated with a purchaser of the electronic content associated with the client computing device, the key pair having been issued to the purchaser for use on the client computing device upon condition of the purchaser tendering authenticatable credentials and upon further condition of the key pair not having previously been issued for use by the purchaser on a number of devices that exceeds a limit."
Reasons for the Decision
1. Overview of the invention
The application relates to a server architecture (70 in figures 3 and 4) comprising a front-end retail server (72 in figures 3, 4; called "retail computing device" in the claims) for selling, but not downloading (original description page 12, lines 20-23) electronic content (such as electronic books, video, audio, software executables; see page 6, lines 23-24) to end-users and a download server (78 in figures 3, 4; called "content computing device") responsible for the download of content sold by the retail server (page 12, lines 23-25) to end-users' devices. End-users select and purchase content (200 and 202 in figure 9) using e.g. a browser on a "client computing device" (90, 92 in figures 3, 4) from the retail server and then receive a URL from the retail server for downloading the content from the download server (page 37, line 29 to page 38, line 1). An example of such a URL including a download command and a set of encrypted parameters related to the purchased content can be found on page 14, lines 1-2. A non-exclusive list of parameters that can be encrypted can be found in page 23, line 15 to page 25, line 18. These parameters include in particular an identification of the purchased content (page 13, line 20; page 23, lines 20-22). The encryption is done using a symmetric key which is a secret between the retail server and the download server (page 22, lines 3-17). The end-user receives a receipt in form of a URL on a web page (lines 17-19) which, when followed, transmits the encrypted parameters to the download server (lines 19-20) where they are decrypted using the shared symmetric key (line 20) and a download is initiated upon their proper decryption. If no other party than the retailer and the download server knows the symmetric key, a proper decryption authenticates the URL receipt as having been generated by a legitimate retailer (page 14, lines 6-10; page 22, line 25 to page 23, line 2). For so-called "level 5 protected" content the client system adds an activation certificate to the URL before accessing the download server, and the public key contained therein is used to encrypt a decryption key for the content, so that the client and only the client can decrypt this key using its activation private key (page 38, lines 1-13).
2. Overview of the decision
After the examination as to the admissibility of the request and its original disclosure, the board shall decide on the appeal. The board may either exercise any power within the competence of the examining division or remit the case for further prosecution. In the case at hand, the board uses its discretion and remits the case to the department of first instance for the reasons given below.
3. Admissibility of the request
3.1 The claims were filed during the oral proceedings and hence according to Article 13(1) of the Rules of Procedure of the Boards of Appeal (RPBA) the board has discretion whether or not to admit them into the proceedings. They are based on the auxiliary request filed with the grounds. One effect of their amendments in comparison with said auxiliary request is the deletion of the feature of a public portion of a key pair to be included in the encrypted information of the HTTP request which had been objected to by the board in the summons and during oral proceedings as added subject-matter (Article 123(2) EPC). Essentially the amendment is responsive to an objection which the appellant had not understood until there was the opportunity to discuss it in depth at the oral proceedings.
3.2 Moreover, the auxiliary request filed with the grounds of appeal is judged by the board to be a legitimate attempt to overcome the inventive step objection raised by the examining division. Given that the amendment made in the oral proceedings before the board simply successfully overcomes the above mentioned objection with respect to Article 123(2) EPC (see below), the request is admitted into the procedure (Article 13(1) RPBA).
4. Original disclosure of the request
4.1 The examining division did not raise any objections under Article 123(2) EPC in its decision and the board concurs that there was no reason to do so with respect to the claims as refused. Current claim 1 has been significantly rewritten. As to the various amendments, the board finds that they satisfy the requirements of Article 123(2) EPC (added wording in comparison with claim 1 of the refused main request is marked by underlining):
- "receiving, at the retail computing device from a client computing device (90, 92), a purchasing order for electronic content": see page 37, lines 26-28 and page 13, lines 26-30;
- "encrypting, at the retail computing device, information including at least a set of parameters relating to the purchased electronic content": see page 21, line 29 to page 22, line 7, and page 13, line 15 to page 14, line 5;
- "the content computing device being different from the client computing device and from the retail computing device": see 78, 90/92, 72 in figures 3 and 4;
- "creating, at the retail computing device, an HTTP request which includes an address of said content computing device and the encrypted information": see page 22, lines 14-17;
- "transmitting said HTTP request from the retail computing device to the client computing device": see page 22, lines 17-20;
- "allowing the client computing device to supplement said HTTP request with a public portion of a key pair associated with a purchaser of the electronic content associated with the client computing device": see page 38, lines 1-4 and 20-24;
- "the key pair having been issued to the purchaser for use on the client computing device upon condition of the purchaser tendering authenticatable credentials and upon further condition of the key pair not having previously been issued for use by the purchaser on a number of devices that exceeds a limit": see page 33, line 22 to page 34, line 21 and page 36, line 23 to page 37, line 23.
4.2 As to the amendments of the description (page 2a, second paragraph), the board also takes the view that they satisfy the requirements of Article 123(2) EPC, since it has simply been amended to indicate background art D2, as required to satisfy Rule 42(1)(b) EPC.
5. Other provisions of the EPC and remittal of the case to the department of first instance
5.1 The independent claim has been significantly rewritten compared to the claims as refused. In particular, it includes the features of allowing the client computing device to supplement said HTTP request with a public portion of a key pair associated with a purchaser of the electronic content associated with the client computing device, the key pair having been issued to the purchaser for use on the client computing device upon condition of the purchaser tendering authenticatable credentials and upon further condition of the key pair not having previously been issued for use by the purchaser on a number of devices that exceeds a limit, disclosed within the framework of the so-called "fully individualized" or "level 5" protection in the original description (see page 38, lines 5-13; page 4, lines 3-8).
5.2 The claims before the examining division (including the dependent claims) were not restricted to level 5 protection, so the present subject-matter was not examined in the first instance; it is not known to the board even how far it has been searched. The amendments that have been made are by no means trivial or undeniably common knowledge. The board judges therefore that in the present circumstances it is not appropriate for the board alone to decide on inventive step on the basis of the prior art at hand.
5.3 Therefore, the board considers it to be appropriate to remit the case to the first instance for further examination. The board notes that this of course extends to all the requirements of the EPC which have not directly been touched by this decision. For example, it would appear debatable whether the claimed subject-matter is clear as to which devices are required to be present in order to fall within the ambit of the claim, and also whether the claim contains all the essential features. It contains no step of downloading the ordered content file (in contrast to the main request filed with the grounds or the refused main request). Furthermore, neither the HTTP request nor the public key are used in the claimed method. However, it is clear from the description (page 38, lines 5-13; page 4, lines 3-8) that they are transmitted to the content server where the public key is used for encrypting a license containing the symmetric content key and embedding it in a licence for "fully individualised" (level 5) content items.
Order
For these reasons it is decided that:
1) The decision under appeal is set aside.
2) The application is remitted to the department of first instance for further prosecution on the basis of claims 1-37 filed during oral proceedings on 9 July 2014.
