T 1939/10 () of 5.11.2015

Summary of Facts and Submissions

I. This is an appeal against the refusal of European patent application No. 07 841 130 for lack of inventive step (Article 56 EPC 1973).

II. The applicant requested in writing that the decision under appeal be set aside and a patent be granted on the basis of claims 1 to 11 filed with letter dated 27 October 2009, as sole request.

Oral proceedings were also requested.

III. Claim 1 of this request reads as follows:

"1. A method for implementing a second-chance game to or an end of game drawing for players of a lottery game, comprising the steps of:

providing tickets for the lottery game, wherein the tickets are each assigned a unique validation code;

applying an algorithm to generate a unique, first encryption code for each ticket validation code;

storing the first encryption code in a record at a lottery provider;

distributing the tickets for possession by players of the lottery game;

allowing players to submit the unique validation codes for registration into a lottery provider's database;

on the part of the lottery provider, applying the algorithm to the submitted validation codes to create a second encryption code for each submitted validation code;

on the part of the lottery provider, comparing the second encryption code with the record of first encryption codes to determine whether a match exists; and

on the part of the lottery provider, registering players for the second-chance game or for the end of game drawing when such players submit a validation code that results in a match."

Claims 2 to 11 are dependent on claim 1.

IV. The following documents are mentioned in this decision:

D1 = US 2005/0262338 A

D2 = US 2006/0059363 A

D4 = "The UNIX Programming Environment", Prentice-Hall Inc., 1984, pp. 52-53

V. The examining division essentially argued that:

- Document D1 disclosed a lottery game in which tickets with a unique validation code were provided and distributed to the players of the lottery game. The problem to be solved by the application could be formulated as providing an alternative cryptographic access and authentication scheme to the scheme suggested in D1. Document D2 disclosed the generation and storage of hashes which were compared to hashed submitted information. The skilled person starting from D1 would incorporate the cryptographic access and authentication scheme of D2 in an obvious manner into D1 for the purpose of solving the problem. The remaining features of the method of claim 1 were rules and schemes of playing games and did not contribute in the assessment of inventive step.

VI. The appellant argued in writing essentially as follows:

- The present invention provided a secure validation and authentication system, wherein the players could enter instant lottery tickets, such as scratch-off tickets, into a subsequent game. According to one exemplary form of the present invention, lottery tickets were printed with a unique validation code. Once the validation codes were generated, the numbers were converted into encrypted validation codes. Along with a record of the encrypted validation codes, the tickets were transferred to a lottery provider who stored the record of the encrypted validation codes. Finally, the lottery provider distributed the lottery tickets. By encrypting the unique validation codes, it could be assured that there would be no record of these unique validation codes being accessible to unauthorized persons. Only the encrypted validation codes (first encryption codes) were transferred to the lottery provider. Thus a secure and easily manageable system for conducting a second-chance game or an end of game drawing based on instant-win lottery tickets was provided, since only the validation code from a ticket in the first game had to be entered to participate in the second-chance game. The system generated a second encryption code from the entered validation code and compared it to the first encryption code that was generated for that particular validation code. If the first and second encryption codes matched, then the player was automatically entered into the second-chance game or end of game drawing, and was eligible for winning the game without having to actually present the lottery ticket for redemption.

- Document D1 was considered by the examining division to be the closest prior art. This document disclosed a rather complicated method for authenticating a ticket across a network, including a plurality of document-printing terminals. Document D2 related to a completely different field than the present invention and D1. D2 centered on the correct delivery of a computerized device to a specific end user. Thus, there was no reason why a skilled person would look into D2 to solve the problem of the invention. The flow of information from a lottery provider to ticket terminals and back to the lottery provider (as in D1), as well as the flow of information from the distributor of computerized devices to an end user (as in D2) were not compatible and a combination was certainly not obvious to the skilled person.

VII. In a communication pursuant to Article 15(1) RPBA annexed to the summons to oral proceedings, the board informed the appellant of its provisional opinion that it shared his view that the combination of documents D1 and D2 did not lead to the invention, but that it nevertheless considered the invention to lack an inventive step having regard to a notorious lottery game and the disclosure of D4.

VIII. In reply to the objections raised by the board the appellant argued essentially that:

- Document D4 disclosed a broad teaching of the well-known UNIX system to store an encrypted record of passwords and, upon receipt of a password from a user, encrypting the received password and comparing such encryption to the record of stored encrypted passwords to determine validity of the received password. However, security of the validation record in the lottery industry was paramount and the flow of the validation numbers and validation records between the three involved entities: the lottery ticket manufacturer, the lottery provider, and the lottery player, were critical. The interplay between these entities was a relevant feature of the invention which had no relation to the UNIX system. Likewise, the relationship between the primary lottery game and the second-chance game or end of game drawing with respect to security had to be taken into account.

- With the current method, the ticket manufacturer generated the initial validation codes and printed such codes on the tickets in plain text format. These validation codes were the means for authenticating tickets in the primary lottery game. A fraudster gaining access to the validation codes at the ticket manufacturer could potentially determine wherein and whereto winning tickets were distributed, and the particular plain-text code printed on the winning tickets. The ticket manufacturer thus had a strong interest for developing a second chance game that was both user-friendly and secure.

- Even if a fraudster at the game provider with access to the game provider's server were somehow able to access individual tickets, the record of encrypted validation codes was essentially worthless to such fraudster in attempting to discern whether or not a ticket was a winning ticket. The record of encrypted validation codes was never linked back to a record of actual validation codes at the lottery ticket manufacturer. Thus, a fraudster having stolen a pack of tickets and having access to the record of encrypted validation codes could not use this information for trying to find out which of these tickets was a winning one. For this, he also would need to have access to the encryption algorithm. But even if the fraudster at the game provider were to gain access to the encryption algorithm, he would only be able to generate an encrypted validation code, and possibly compare this encrypted code to the record transmitted to the game provider. However, this would provide no useful information to the fraudster.

- If one would draw parallels, such a fraudulent determination of important information would correspond to getting access to the record of encrypted passwords on the UNIX server side as well as to stealing the corresponding user passwords and/or even the encryption algorithm. Such a scenario would be fatal for the use of the UNIX system. More specifically, in the case of a UNIX system, if a fraudster got to know the password of the user, he could use this password for entering the UNIX files of said user. A fraudster would not even need to have access to the record of encrypted validation codes and/or the encryption algorithm. Stealing a user password and gaining access to the UNIX system therefore led to a completely different scenario. Thus, a skilled person would not resort to the method described in D4 when wanting to offer security to the provider and comfort to the player for a second chance game.

- The flow of encrypted and plain-text validation codes between the parties served for purposes of the second chance game while ensuring security in the primary game. Thus, the method according to the invention kept up with the existing security standard for a primary game while at the same time using the already existing information, i.e. the individual validation code on the ticket, to provide for a unique method of enabling a secondary game. Accordingly, the ticket itself did not need to be altered compared to a ticket offering only one game. Only a record of encryption codes had to be established at the lottery provider as well as an algorithm, which calculated an encryption code based on the validation code transmitted by the player to the provider for the purpose of comparing the respective encrypted codes. The skilled person - even when being aware of the UNIX system according to D4 - would not come up with such a solution, which encompassed two different games having each their own security system, which however were linked via the same validation code on the ticket.

IX. The oral proceedings were held on 5 November 2015. Neither the appellant nor his representatives were present on the date of the oral proceedings. In a telephone conversation held by the board's registrar the representative's secretary informed her that the representative that had signed the last submissions in appeal was on holiday and the representative that had filed the appeal was not yet in his office. Thus the oral proceedings were held in the absence of the appellant.

Reasons for the Decision

1. The appeal is admissible.

2. Non-appearance of the appellant at the oral proceedings

2.1 The appellant requested oral proceedings with the statement of grounds of appeal. Hence summons to oral proceedings was issued by the board. The day of oral proceedings, after waiting some time to allow for a delay in the arrival of the appellant's representative, the registrar of the board telephoned the representative and was told that none of the representatives dealing with the case were present at their office. No indication of the representative's intention not to attend was received by the board before the start of the oral proceedings.

2.2 Decision T 69/07, in reasons 1.3 referred to Article 6 of the Code of Conduct of the Institute of Professional Representatives before the EPO (EPI), last published in Supplementary publication OJ EPO 1/2015, 121. This article requires EPI members to act courteously when dealing with the European Patent Office. Should there be some doubt as to the extent of the required courtesy, reference is made to the EPI resolution 4.2.4 in the Collection of decisions of the Council of the EPI (at the time of writing accessible at http://patentepi.com/assets/uploads/documents/institute/CoD_update_2015_04_25.pdf ). The resolution explicitly requires EPI members to inform the EPO of their non-attendance at oral proceedings, with regard to their obligation to act in a courteous manner in respect of their interactions with the EPO.

2.3 The conduct of the appellant's representatives shows a lack of the minimum courtesy owed to the board as a court of final appellate jurisdiction. In similar cases before the boards such a conduct was found to be reprehensible in the extreme (T 954/93, reasons point 2; T 69/07, reasons point 1, T 1760/09, reasons point 1). The present board shares this assessment and trusts that it will not be repeated.

2.4 According to Rule 71(2) EPC 1973, the proceedings may continue in the absence of a party. In accordance with Article 15(3) RPBA, the board relied for its decision on the appellant's written submissions.

3. Inventive step (Article 56 EPC 1973).

3.1 The examining division found that the method of claim 1 lacked an inventive step having regard to the combination of documents D1 and D2. The board however shares the view of the appellant that the skilled person would have no reasons to look at document D2 when searching for an alternative authentication method to the one disclosed in D1, since the technical fields of both documents are too far away from each other. D1 relates to a method for securing and authenticating remotely printed documents (see Abstract) while D2 relates to a method for controlling access to a computerized device delivered to an end user (see Abstract).

3.2 In the following discussion the second-chance game or end of game drawing will be generally referred as the "secondary lottery game" while the first game will be referred as the "primary lottery game".

3.3 As explained in the description, the idea of providing a secondary lottery game is to maintain the interest of players in buying lottery tickets in situations when the top prizes have already been claimed in the primary lottery game ([0003]).

3.4 The board, in agreement with the examining division, considers that implementing a secondary lottery game, and registering players for the secondary lottery game relate to the rules of playing a game, ie defining who can take part in the game (anyone having a ticket for the primary lottery game) and what has to be done in order to take part (to submit the ticket's validation code). Schemes and rules for playing games shall not be regarded as inventions within the meaning of Article 52(1) EPC, in accordance with Article 52(2) EPC, and are therefore deemed to be non-technical.

The appellant has not argued to the contrary.

3.5 It is the established practice of the Boards of Appeal when dealing with inventions that comprise technical and non-technical features that the non-technical features making no contribution to the technical character of the invention may be used in the formulation of the technical problem solved by the invention as an aim to be achieved (see Case Law of the Boards of Appeal, 7th edition 2013, I.D.9.1.5 "Formulation of the technical problem").

3.6 Hence the board considers that the technical problem underlying the present invention can be formulated as how to conduct a lottery game having a secondary lottery game which provides security to the provider and comfort to the player. This problem, although in slightly modified wording, corresponds to the one formulated by the appellant on top of page 10 of the statement of grounds of appeal.

3.7 The board considers a lottery game with tickets having a validation code to be notoriously well known in the state of the art (this is also acknowledged in the description at [0002]).

To assure that a lottery ticket is valid it has a validation code assigned to it. When a player claims a prize, the validation code has to be authenticated, ie be compared to a list containing the valid codes. Thus once the ticket is presented by the player to the lottery provider the validation code is compared to that list. The list of valid codes has to be protected however to prevent a fraudster from modifying it or obtaining knowledge of its content. This can either be done by restricting the access to the list only to a limited group of authorized personnel or by encrypting the list.

3.8 Unix systems, for example, store the encrypted passwords in a password file which is accessible to all users of the system. When a user wants to identify himself with the system, he enters his password wich is encrypted by the system. The encrypted password is then compared with the previously encrypted passwords stored in the password file to see if there is a match (see D4, central paragraph of page 53).

3.9 The security method chosen by the invention thus corresponds to the one used in UNIX systems, ie applying an algorithm to the validation codes assigned to each lottery ticket to generate a record of first encryption codes, applying the same algorithm to the validation code subsequently submitted by the player to obtain a second encryption code and comparing the secondary encryption code with the record of first encryption codes to determine whether a match exists.

3.10 The board considers thus that the skilled person, in this case a computer programmer having knowledge of data security and encryption methods, would apply the security method of D4 to authenticate the validation code of a lottery ticket, since it is easy to implement, provides adequate security and is easy to use.

3.11 The appellant argued that the circumstances of validating a user password in a UNIX system and of authenticating lottery tickets according to the present invention were completely different. If a fraudster gained access to the individual tickets and their validation codes, the record of encrypted validation codes would be essentially worthless for determining whether or not a ticket was a winning ticket. This scenario was comparable to stealing the corresponding user passwords. However, such a scenario would be fatal for the use of a UNIX system, since all the security would be thereby compromised. Hence the skilled person would not resort to the method of D4 when wanting to offer security to the provider and comfort to the players of a secondary lottery game.

3.12 The board however cannot recognize the difference alleged by the appellant. If the validation code of a lottery ticket is stolen there are no measures to prevent it to be registered with the lottery provider. No verification is foreseen to assure that the person registering a validation code is in fact the legal owner of the lottery ticket. This is comparable to stealing a password from an user in a UNIX system which compromises the security of the user's files in the system. In both cases the person presenting the validation code or password is accepted and registered as a valid user.

3.13 The appellant also argued that a fraudster who stole a lottery ticket could not know whether that ticket was a winning ticket or not. However this argument misses the point, since there are no indications in the present application whether the winning tickets of the secondary lottery game are determined when they are being printed or whether the winning tickets are drawn from the class of registered tickets or where and how the information on whether a ticket is or not a winning ticket is stored. All what the application discloses is that the validation codes are stored in a record in encrypted form. Hence a fraudster who has stolen a ticket may only hope that he has stolen a winning one (In a similar manner a fraudster stealing a password form a UNIX user cannot know in advance whether there is valuable information in the user's account or whether the stolen password is still valid or not). Moreover, if a fraudster has stolen a batch of tickets there are no measures to prevent him from registering them all, since it is very unlikely that the lottery provider would prevent players from buying more than one lottery ticket.

3.14 Hence the board considers the claimed steps of encrypting/hashing the validation codes, storing them in a record and comparing the encrypted/hashed input from a player with the stored encrypted/hashed codes in that record to be the straightforward use of a hashing method.

3.15 The board judges, for these reasons, that the method of claim 1 of the sole request does not involve an inventive step within the meaning of Article 56 EPC 1973.

4. The appellant's request is thus not allowable.

Order

For these reasons it is decided that:

The appeal is dismissed