T 0351/15 (Data processing method and apparatus/SONY) of 21.11.2017

Summary of Facts and Submissions

I. The appeal lies against the decision of the examining division, with reasons dispatched on 10 October 2014, to refuse European patent application No. 02 700 588.3 for lack of inventive step over the document

D1: "LSF JobScheduler Administrator's Guide", third ed., Platform Computing Corporation, 2000.

II. Notice of appeal was filed on 28 November 2014, the fee being paid on the same day. A statement of grounds of appeal was received on 6 February 2015. The appellant requested that the decision under appeal be set aside and that a patent be granted on the basis of claims according to a main request and auxiliary requests as filed with the grounds of appeal. It also filed new description pages 6, 8-9 and 11 to replace the corresponding previous description pages in all requests, the remaining documents on file being:

description, pages

1-5, 7, 10, 12-255 as filed on entry into the regional phase before the EPO,

drawings, sheets

1-114 as filed on entry into the regional phase before the EPO, and

115-117 as filed on 21 November 2002.

III. In an annex to a summons to oral proceedings, the board informed the appellant of its preliminary opinion that the claims were unclear, Article 84 EPC 1973, and that the claimed invention lacked inventive step over D1 or common knowledge alone, Article 56 EPC 1973. An objection under Article 123(2) EPC was also raised.

IV. In response to the summons, with letter dated 23 October 2017, the appellant filed new sets of claims 1-18 according to a main request and auxiliary requests 1 and 2 to replace all pending sets of claims.

V. Oral proceedings were held on 21 November 2017, during which the appellant filed a further set of claims 1-18 as the basis for an auxiliary request 3.

VI. Independent claims 1 and 9 of the main request read as follows:

"1. A data processing method performed by a Secure Application Module, SAM, chip (8), which is a tamper-resistant semiconductor circuit, in accordance with a plurality of processing requests,

said data processing method comprising the steps of:

receiving a processing request from an integrated circuit, IC, card (3) having a storage unit (50) storing data to be used for processing for a procedure performed with said SAM chip (8) or from a card reader/writer (4) inputting and outputting data with an IC card (3) having a storage unit (50) storing data to be used for processing for a procedure performed with said SAM chip (8);

polling with said IC card (3);

judging after the polling, whether a number of job management data stored in the SAM chip (8) is within a maximum number of job management data, which the SAM chip (8) can process simultaneously;

i) if said number is within said maximum number,

generating job management data corresponding to said processing request, said job management data including job execution order data showing an order of execution of a plurality of jobs, representing units of processing, forming processing in accordance with said processing request and status data showing a state of progress of execution of said plurality of jobs;

selecting one job management data (73_x) from said number of job management data stored in the SAM chip (8);

selecting a job to be executed next based on the status data (82) of said selected job management data (73_x) and the processing order data (85) of said selected job management data (73_x), wherein said status data (82) differentiates between a state before an instruction relating to execution of said job is issued to said IC card and a state after an instruction relating to execution of said job has been issued to said IC card;

executing said selected job; and

updating said status data (82) of said selected job management data (73_x) in accordance with the execution of that job;

ii) if said number is not within said maximum number,

ending processing of said processing request.

9. A Secure Application Module, SAM, chip (8), which is a tamper-resistant semiconductor circuit, for processing data in accordance with a plurality of processing requests, said SAM chip (8) comprising:

an interface (60) for inputting a processing request, wherein said interface (60) is configured to receive said processing request from an integrated circuit, IC, card (3) having a storage unit (50) storing data to be used for processing for a procedure performed with said SAM chip (8);

a storage circuit (65) for storing job management data, said job management data including job execution order data showing an order of execution of a plurality of jobs, representing units of processing, forming processing in accordance with said processing request and status data showing a state of progress of execution of said plurality of jobs; and

a control circuit (66) for

polling with said IC card (3);

judging after the polling, whether a number of job management data stored in the SAM chip (8) is within a maximum number of job management data, which the SAM chip (8) can process simultaneously;

i) if said number is within said maximum number,

generating job management data corresponding to said processing request and storing it in said storage circuit (65);

selecting one job management data (73_x) from said number of job management data stored in the SAM chip (8);

selecting a job to be executed next based on the status data (82) of said selected job management data (73_x) and the processing order data (85) of said selected job management data (73_x), wherein said status data (82) differentiates between a state before an instruction relating to execution of said job is issued to said IC card and a state after an instruction relating to execution of said job has been issued to said IC card;

executing said selected job; and

updating said status data (82) of said selected job management data (73_x) in accordance with the execution of that job;

ii) if said number is not within said maximum number,

ending processing of said processing request."

VII. In claims 1 and 9 of auxiliary request 1, all occurrences of the term "job management data" have been replaced by the term "IC card entity data". Moreover, the "receiving" step in claim 1 and the corresponding interface in claim 9 are now specified as follows:

"... receiving a processing request from an integrated circuit, IC, card (3) or from a card reader/writer (4) inputting and outputting data with an IC card (3) ..."

"... an interface (60) for inputting a processing request, wherein said interface (60) is configured to receive said processing request from an integrated circuit, IC, card (3) ..."

VIII. In auxiliary request 2, the preamble of claims 1 and 9 have been further amended to refer to a

"... communication system for enabling confidentiality of data in e-commercial transactions through the Internet and other networks ...",

and the "status data showing a state of progress of execution data of said plurality of jobs" has been qualified as being "updateable".

IX. Claims 1 and 9 of auxiliary request 3 are based on the claims of the main request. In claim 1, the preamble and the "generating" step were amended, which now read as follows (additions underlined):

"A data processing method performed by a Secure Application Module, SAM, chip (8), which is a tamper-resistant semiconductor circuit comprising an authentication processing unit (164) for authentication with an integrated circuit, IC, card (3) and an encryption/decryption unit (165) for encryption and decryption of data, in accordance with a plurality of processing requests, ...

generating job management data corresponding to said processing request for processing of a procedure between the IC card and a business using IC card entity template data corresponding to said business and stored in the SAM chip, said job management data including job execution order data showing an order of execution of a plurality of jobs, representing units of processing, forming processing in accordance with said processing request and status data showing a state of progress of execution of said plurality of jobs, said plurality of jobs comprising mutual authentication between the SAM chip and the IC card; ..."

Claim 9 has been correspondingly amended.

X. At the end of the oral proceedings, the chairman announced the decision of the board.

Reasons for the Decision

The invention

1. The application generally relates to transaction management in computer networks such as the Internet (see page 1, lines 6-11, of the description; all references herein will be to the version as filed on entry into the regional phase).

1.1 The application discloses that the "transactions" may relate to "settlement businesses", e-commerce, and the "purchase" of products (see page 2, lines 2-7; page 4, lines 3-6, figure 1; page 71, lines 15-17) but does not otherwise define the considered type of transactions or "businesses".

1.2 The general architecture of the system is depicted in figure 1. It shows an "application service provider" ASP server (6) communicating over the Internet with several PCs and, indirectly through the PCs (5) and IC card readers (4), with IC cards (3) (see also page 1, lines 16-20). The IC cards could be credit cards, and they could have their own local storage (see e.g. page 50, lines 12-24). The server receives "processing requests" from the PCs - or from the IC cards via the PCs - and serves them with the aid of a "SAM" unit comprising a "SAM" chip (6,8), SAM being the abbreviation of "secure application module" (see phrase bridging pages 47 and 48).

1.3 The SAM chip (see figure 9) is "tamper-resistant" (see page 58, line 16) and has parallel processing capabi­lity (see page 61, lines 5-6), especially for carrying out "processing for a plurality of IC cards" in parallel (see page 69, lines 17-24), up to a declared "maximum number of IC card entity data" (see page 55, lines 8-10, and figure 8). In the board's under­stan­ding, the declared maximum is a fixed constant that does not vary with the load on the SAM chip. This interpretation was contained in the board's preliminary opinion and was not challenged by the appellant.

1.4 When the SAM chip at the ASP server receives a pro­cessing request from an IC card, it "conducts polling with the IC card" so as to obtain its "entity data 73_x" (see page 72, lines 5-10), possibly based on what is called "IC card entity template data" (see page 61, penultimate paragraph). It then checks whether "the number of the IC card entity data 73_x present in the SAM chip" is "within the maximum number defined by the SC command" (page 59, lines 6-7 and 18-25; page 60, line 23 to page 61, line 1; page 62, line 11 et seq.; page 72, lines 10-15; see also figure 10). If so, it executes the requests, otherwise processing is ended.

The prior art

2. D1 relates to the job scheduler of a "Load Sharing Facility" LSF (see e.g. pages xi-xiii). The LSF suite is disclosed as allowing the scheduling of a workload across a network of computers (page 1, paragraph 1). In a typical situation, a "submission host" requests the execution of a job, a "master host" manages that information and selects an "execution host" for executing the job based on information collected by what is called the load information manager LIM (see page 13, paragraph 3), including the resource requirements of the job and the load conditions of all hosts (pages 13-14). The master host is chosen dynamically, except that there may be only one per "cluster" (see page 3, paragraphs 1-3); an LIM is available on every host (page 13, loc. cit.). It is possible for a physical machine to play more than one of the three "host" roles (see page 2, paragraph 2).

The decision and the appeal

3. The decision found that claim 1 of both requests pending at the time differed from D1 merely in that D1 specified the job requests to come from "submission hosts" whereas the claimed invention required them to come from IC cards and that this was an obvious choice for the skilled person and thus insufficient to establish an inventive step (see reasons 7.2, 7.3 and 8.2).

4. The appellant stated that the invention was meant to be used in online (cashless) payment systems and related to "the context of securing transactions over the internet" (see grounds of appeal, page 3, sections 2.1 and 2.2, and page 8, section 4.1).

4.1 The skilled person would not, the appellant argued, consider the inventive step of the claimed invention in view of D1 (loc. cit. and section 4.3). It further insisted that the invention was different from D1, because in D1 the jobs being scheduled were those submitted by the "submission hosts", whereas in the invention each request might give rise to several jobs which had to be scheduled and carried out (see page 6, paragraph 2). Moreover, the jobs eventually executed were "predefined" (loc. cit.). Also, in D1 all hosts could carry out tasks whereas in the invention only the SAM chip would (see page 6, paragraph 3). Likewise, it was argued that all hosts in D1 could perform all roles whereas in the inven­tion only the SAM chip carried out the "polling" and "job management" (see page 7, sections 3.4 and 3.5). Job management also did not require a comparison between several hosts, there being only one (the SAM chip) in the invention (loc. cit.). In summary, the architecture of D1 was "completely different" from that of the invention (section 4.1).

4.2 Starting from a different piece of prior art (see section 4.3), the appellant then argued why the claimed invention involved an inventive step.

Claim construction and clarity, Article 84 EPC 1973

5. In a nutshell, the appellant's argument on inventive step was that the examining division had relied on a comparison between the claimed invention and D1 which was incorrect and based on hindsight (see the grounds of appeal, section 3, section 4.1). In the board's view, the merit of this view depends, partly at least, on how the claimed invention is construed. This is, therefore, the first thing the board sets out to do.

6. Claim 9 specifies "A secure Application Module, SAM, chip (8)", claim 1 a corresponding "data processing method performed by a [...] SAM chip (8)".

6.1 The claims state that a SAM chip is "tamper-resistant" and imply that it is a microprocessor able to "process" several jobs simultaneously. Beyond that, the questions arise as to whether the characterisation of the chip as a "SAM" chip implies any specific and clear technical limitations on the claims (such as, for instance, a spe­cific amount of on-chip storage, a certain interface or a certain communication protocol), and whether the other claim features might have a specific meaning in the context of SAM chips (for instance, the terms "polling" and "job management data"/"IC card entity data").

6.2 The application contains no definition of the term "SAM chip" or "SAM unit", nor does it refer to any document that does. Also the appellant did not provide a definition. The board has no doubt that the term was used in the art but takes the view that this fact is not per se sufficient proof that the term has a clear technical meaning.

6.3 For illustration purposes, the appellant referred to the FeliCa smart card system that was widely used in Japan for electronic ticketing and as electronic money. Customers would use the FeliCa card, for instance, to purchase a metro ticket and the corresponding server would debit the ticket price from the customer's account. Since the server had to process sensitive customer data, it had to be better protected against tampering than a "normal" microprocessor. It would, for instance, be able to authenticate the incoming requests or provide cryptographic functionality. In this scenario, the FeliCa card and the server corresponded to the IC card and the SAM chip as claimed. The appellant argued that the claimed invention had to be interpreted in view of such intended uses.

6.4 The board notes that the mentioned use scenario is not mentioned in the claims and thus cannot be taken as a limitation of their scope. Moreover, even if it was assumed that the claimed invention had to be interpreted as being suitable for use in, say, an electronic ticketing system, no specific limitation on the claimed SAM chip would arise.

6.5 Although the appellant argued that SAM chips typically provided cryptographic and authentication functions, it confirmed the existence of several different sorts of SAM chips and that, therefore, the term "SAM" per se did not imply any specific microprocessor features. In contrast, it suggested that the term "SAM" did not make any difference for the scope of the claims and could thus be discarded.

6.6 Subsequently, however, when the board tentatively construed the claim as a multiprocessor performing "jobs" in response to a "request" and a confirmation by "polling", the appellant insisted that this inter­pre­tation ignored the fact that a SAM chip was claimed.

6.7 The board concludes that the presence of the term "SAM" in the claims renders them unclear, Article 84 EPC 1973, insofar as it cannot be determined, from the description and even with the appellant's help, which specific features of the claimed invention this term implied, if any, although it was apparently meant to represent a relevant limitation of the claims.

7. Claims 1 and 9 refer to the chip as being "tamper-resistant". The appellant argued that this term would imply the support of cryptographic functions by the chip. However, the term "tampering" has a much broader meaning in the art than that offered by the appellant. Tampering is used to refer to all kinds of unauthorised interference with the item in question. In the context of microprocessors, it has for instance been used to describe the unauthorised physical penetration of the circuit packaging. In this vein, the examining division had stated that any "main processors in computers are IC chips which cannot easily be t[a]mpered with" (see the decision, page 3, paragraph 1). The specification of the claimed chip as "tamper-resistant" thus does not imply any particular kind of chip protection. In claims 1 and 9 of auxiliary request 3, the claimed chip is specified as having "authentication" and "encryp­tion/decryption" units. However, the feature that the chip be "tamper-resistant" was retained as a separate feature, i.e. the amended claims specify the chip to provide the mentioned units in addition to being tam­per-resistant. The amendments are therefore insuffi­cient to clarify the meaning of "tamper-resistant".

8. Claims 1 and 9 of all requests refer to a chip which processes jobs in response to a request from an IC card, possibly via a "card reader/writer" (claim 1). More specifically, claim 9 specifies a chip interacting with an IC card (rather than a system comprising both the chip and the IC card), and claim 1 specifies a method "being performed by" that chip (rather than by the chip and the IC card). Both claims specify that the IC card has a "storage unit [...] storing data to be used for processing for a procedure performed with" the chip.

8.1 The board notes that the chip is not limited by the device from which the request originates. From the perspective of the chip, a request consists of signals detected at a particular interface, i.e. one or more of its PINs. Whether these signals are generated by an IC card or in a different manner can, in general, not be determined by the chip. In this context the board notes that claim 1 of the main request and auxiliary request 1 even allows for a card reader/writer to mediate the request of the IC card to the chip. In this situation, the request might, logically, originate from the IC card but is, physically, generated by the card reader/writer.

8.2 The appellant argued that the IC card will, in the considered scenario, identify itself towards the chip by way of parameters sent with the request or in response to the claimed polling.

8.3 However, this does not contradict the board's consideration. The request parameters are a matter of what signals are received by the chip and what they denote, not where they originate from. A fortiori, the request and its parameters do not allow a determination as to whether they came from an IC card with a storage unit holding particular data.

8.4 The appellant suggested that the mention of the IC card in claims 1 and 9 could be considered as redundant. If that was so evident, as the board apparently considered, the claims should not be considered to be unclear.

8.5 The board disagrees. Firstly, it notes that a claim comprising apparently redundant features is not concise, which is in itself against the requirements of Article 84 EPC 1973. Moreover, features which raise the issue of whether they are entirely redundant and thus must be ignored when construing the claim, or whether they represent a purpose or intended use and thus at least limit the remainder of the claim to be suitable for such purpose or use, must ipso facto be considered to be unclear. The latter is, in the board's view, the case here. Even though it would seem that the IC card referred to in the claims does not limit the claimed chip, the appellant repeatedly implied that the claimed invention had to be interpreted in view of its intended use in a system such as FeliCa.

8.6 The board also notes that claims 1 and 9 of auxiliary request 3, which the appellant filed during oral proceedings after the above discussion with the board, did not dispel the board's doubts in this regard.

8.6.1 The chip has been amended to comprise, inter alia, an "authentication processing unit [...] for authenti­ca­tion with the IC card", the jobs to comprise "mutual authentication between the SAM chip and the IC card", and the request to be "for processing of a procedure between the IC card and a business using IC card entity template data corresponding to said business".

8.6.2 These formulations suggest that carrying out the "au­then­tication" and the "procedure" was meant to involve some interaction with the IC card. At the same time, the appellant could not explain whether and in what way the authentication or the procedure were tech­nically characterised by the fact that they involved an IC card rather than any other computing device.

8.7 The board thus concludes that the reference to the IC-card and its features render claims 1 and 9 unclear, Article 84 EPC 1973.

9. In summary, the board finds claims 1 and 9 of all requests to be unclear at least due to the reference to a "SAM chip", this term, while being central to the invention, has an unclear technical meaning; due to the requirement that the chip be "tamper-resistant", said property having a very broad meaning and thus an unclear limiting value on the claims; and due to the repeated reference to the IC-card, although it is unclear in what way the IC-card limits the claimed SAM chip or the method being performed by it. Claims 1 and 9 of all claims requests thus do not comply with the requirements of Article 84 EPC 1973.

Order

For these reasons it is decided that:

The appeal is dismissed.