T 2260/15 () of 6.11.2018

Summary of Facts and Submissions

I. The appeal is against the decision of the Examining Division refusing European patent application No. 08 100 065 on the grounds that the claimed subject-matter did not involve an inventive step within the meaning of Article 56 EPC.

II. In the statement of grounds of appeal the appellant requested that the decision under appeal be set aside and that a patent be granted on the basis of the main request or the first auxiliary request, both filed with the letter dated 15 May 2015, or the second or third auxiliary requests, both filed with the statement of grounds of appeal.

III. Oral proceedings before the Board were held in the absence of the appellant, the appellant having previously stated in writing that "neither they nor their representatives will take part in the oral proceedings scheduled for 6 November 2018."

IV. The following document is referred to:

D2: US 5 635 701

V. (a) Claim 1 of the main request reads as follows:

"A portable authentication device for the authentication of an individual to at least one Access Control System having access points, comprising:

a section for storing at least one credential which authenticates the device to the at least one Access Control System,

more than one interface protocol for exchanging data with at least one type of access point of said at least one Access Control System, :

a section for defining several contexts represented with context identification data referencing at least one credential and at least one interface protocol corresponding to a type of access point,

a selector for dynamically selecting one of said contexts to correspond to the type of access point used to access the at least one Access Control System,

a security module for protecting said at least one credential, and an interface module which includes said more than one interface protocol, and said selector, wherein the security module is removable from the portable authentication device,

characterized in that

the security module is a Subscriber Identity Module (SIM), and

the selector includes a detector for detecting a type of access point of said at least one Access Control System and a switch for automatically switching to the context which corresponds to said detected type of access point."

(b) Claim 1 of the first auxiliary request comprises all features of claim 1 of the main request, plus the following additional feature:

"wherein the interface and protocol that provide the context identification data may be different than the actual interface and protocol of the access point."

(c) Claim 1 of the second auxiliary request comprises all features of claim 1 of the first auxiliary request, plus the following additional feature:

"wherein the portable authentication device remains inactive until detecting the presence of the SIM, at which point a user is prompted for a PIN."

(d) Claim 1 of the third auxiliary request comprises all features of claim 1 of the first auxiliary request, plus the following additional feature:

"wherein, in accordance with the identified context, the credential, the access point inter-face protocol, and a user authentication policy suitable for further credential transfer and credential release is selected."

VI. With the summons to oral proceedings, the Board sent the appellant a communication under Article 15(1) RPBA setting out its provisional view that it was doubtful whether the subject-matter of claim 1 of the main request or of the first auxiliary request involved an inventive step within the meaning of Article 56 EPC. Formal objections under Article 84 EPC were raised against both requests, and it was questioned whether the first auxiliary request met the requirements of Article 123(2) EPC.

The Board expressed a doubt whether the second and third auxiliary requests met the requirements of Articles 84 and 123(2) EPC, and indicated that they might not be admitted into the procedure pursuant to Article 12(4) RPBA.

VII. The appellant's arguments, insofar as they are relevant to the present decision, may be summarised as follows:

Several of the features of claim 1 of the main request were not clearly and unambiguously disclosed in document D2.

Document D2 failed to disclose an access control system having more than one access point. It also failed to disclose using more than one interface protocol for exchanging data with at least one type of access point.

The passage in D2 mentioned by the Examining Division relating to "the exchange of the protocols enabling the ..." concerned setting up a physical link between fax machines, and did not address the selection of the appropriate protocol.

D2 did not disclose "a section for defining several contexts represented with context identification data referencing at least one credential and at least one interface protocol corresponding to a type of access point", as claimed.

Document D2 disclosed radioelectric, ultrasound, acoustic and infrared links, and was completely silent on the interaction of the portable device with an access control system having multiple types of access points and using multiple interface protocols, even for the same type of access point.

D2 also failed to disclose the claimed switch of the selector which switched to the context corresponding to the detected type of access point and referenced at least one credential and at least one interface protocol.

Finally, document D2 failed to disclose the use of a subscriber identity module (SIM) as security module.

Starting from D2, the current invention solved the problem of providing a single portable device or system per organization employee that was able to simulate multiple proximity contactless cards, and that did not require modification of the infrastructure. The device of D2 could only activate a specific physical interface and could not switch to a specific context that included the protocol used at an access point.

None of the other prior art documents disclosed or anticipated these features.

Concerning the first auxiliary request, none of the text portions cited in the decision spoke of the use of any interface or protocol for providing context identification. D2 disclosed an electromagnetic field detection loop, which was not an interface capable of communication and did not use any protocol. An electromagnetic field detection loop enabled the device of document D2 to identify the nature of the physical link, but did not allow identification of the protocol used by that physical link. The entire document was silent on the protocol selection process.

Providing the option of having an interface and protocol of different nature than the actual interface and protocol of the access point made the system much more flexible and provided a number of practical advantages, as detailed in the description. A detection circuit as described by document D2 could not in any way identify the physical link and the protocol used by that link at a specific location, i.e. it could not provide context identification data. In particular, it could not identify these characteristics using a physical interface and protocol which might be different than the actual interface and protocol of the access point.

Concerning the second auxiliary request, as D2 failed to disclose either a SIM or a PIN, it certainly did not disclose the additional security features claimed.

Concerning the third auxiliary request, D2 was limited to the identification and selection of the physical link, there was no discussion in D2 that a user authentication policy was present, or selected based on the context selection.

Reasons for the Decision

1. The appeal is admissible.

2. As announced in advance, the duly summoned appellant did not attend the oral proceedings. According to Rule 115(2) EPC, if a party duly summoned to oral proceedings does not appear as summoned, the proceedings may nevertheless continue, the party then being treated as relying only on its written case. As the present case was ready for decision at the conclusion of the oral proceedings (Article 15(5) and (6) RPBA), the voluntary absence of a party was not a reason for delaying the decision (Article 15(3) RPBA).

3. Main Request: Inventive Step

3.1 The Examining Division was of the view that the subject-matter of claim 1 differed from the arrangement of document D2 only in that the security module was a SIM. The appellant argues that there are further differences. On the basis of the statement of grounds of appeal, it appears to the Board that the following further features are regarded by the appellant as distinguishing the claimed subject-matter over D2:

(a) "more than one interface protocol for exchanging data with at least one type of access point of said at least one Access Control System";

(b) the portable authentication device comprises: "a section for defining several contexts represented with context identification data referencing at least one credential and at least one interface protocol corresponding to a type of access point"; and

(c) "a switch for automatically switching to the context which corresponds to said detected type of access point".

To these must be added the distinguishing feature acknowledged by the Examining Division:

(d) "the security module is a Subscriber Identity Module (SIM)".

3.2 Although there are other features of the claim which are not literally recited in D2, such features represent, in the opinion of the Board, mere differences of description rather than technical differences.

For example, the claimed device is defined to have an "interface module", which includes a "selector", which in turn includes the detector and the switch. The technical information conveyed is that the device comprises a detector and a switch. Defining the detector and switch to constitute (or to be included in) an entity referred to as a "selector" is merely a matter of labelling. Defining the selector and the "more than one interface protocol" to be included as components of an entity referred to as an "interface module" is again, in the opinion of the Board, a matter of labelling which does not impose any further technical limitation.

3.3 Since SIM cards are, by definition, removable from the devices in which they are used, the claimed feature that "the security module is removable from the portable authentication device" adds no further limitation in view of feature (d).

3.4 Feature (a)

3.4.1 Feature (a) defines the following:

"more than one interface protocol for exchanging data with at least one type of access point of said at least one Access Control System".

3.4.2 Contrary to the view of the appellant, the Board considers that D2 does disclose different types of access point, for example an entry gate and a highway toll-gate (column 2, lines 63-67). It is even acknowledged that the invention extends to solving the problems of a user who may have to cope with several types of entry system and different highway systems (column 1, lines 48-55).

In D2 the different types of access point are controlled by central processing units 103, and wireless communication may be established via one of four physical channels (radioelectric, sound, ultrasound and infrared) between the pack 101 and a respective type of central processing unit (column 3, lines 26-28: "The pack may thus physically communicate with at least four types of central processing units 103 by radioelectric, infrared, ultrasonic and voice-frequency acoustic links").

3.4.3 Communication via these channels clearly implies encoding and decoding of signals carried on the physical links, which in turn implies that there must be a set of rules by which the information is encoded and decoded. In its broadest sense, a communications protocol is nothing other than a set of rules allowing information to be encoded for transmission and decoded on reception in a communications system. It is thus implicit that the information signal carried over each physical link will conform to a protocol.

Hence, whether feature (a) is disclosed in D2 turns on the question whether it is implicit that at least two different protocols must be used (in which case feature (a) is disclosed), or whether it is possible that the same protocol could be used for all four channels (in which case feature (a) is not disclosed).

3.4.4 The Examining Division argued that since the physical links differ, "such protocols correspondingly have to be different protocols". In the opinion of the Board, this possibly goes too far. Implementing the system of D2 using a single protocol for all the physical links would presumably be a theoretical possibility. Hence, D2 is not seen as implicitly disclosing multiple protocols.

3.4.5 However, selecting multiple protocols corresponding to the multiple physical links would, in the opinion of the Board, be an obvious choice for the skilled person, since it would be natural to select a communication protocol typically used for the type of physical link in question.

3.4.6 For example, for communication via the "radiofrequency transmission/reception antenna 105", it would be obvious to select a communication protocol routinely used for such a link, such as a protocol used for contactless proximity cards or wireless personal area networks. For communication via the "transmitter-and-receiver infrared diode 106" it would be obvious to select a communication protocol of a type routinely used with infrared devices, such as remote control devices for consumer electronics. Thus, selecting different protocols for each of the physical links cannot be considered an inventive choice.

3.5 Feature (b)

3.5.1 Feature (b) defines the following:

"a section for defining several contexts represented with context identification data referencing at least one credential and at least one interface protocol corresponding to a type of access point".

The "section" defined by this feature therefore comprises the context identification data defining the several contexts, the context identification data referencing the "at least one credential" (stored in the claimed "section for storing at least one credential") and the "at least one interface protocol" (stored in the claimed "interface module").

3.5.2 D2 defines different "types of central processing units 103", each type having a corresponding physical link to the device (see column 3, lines 14-28) and each type controlling different applications (see column 4, lines 54-57), e.g. opening a gate, checking the passage of a vehicle or debiting an account on entry to a sports centre (column 2, lines 63-67). The particular applications (implying corresponding types of central processing unit and physical links) correspond to the "contexts" of claim 1. Data corresponding to these different applications must therefore be stored on the card at some location (or "section").

3.5.3 In column 3, lines 1-4, the following is stated:

"The different types of permission, control codes, debit memories, etc. are contained in the chip 104 placed in the card 102. As the case may be, this card may be dedicated to only one application or to several of them."

Thus, in the case where the card is dedicated to several applications the "credentials" (e.g. the types of permission, control codes, debit memories) for these several "contexts" will all be stored on the same card, and implicitly will be accessed (or "referenced") depending on the respective application (or "context").

3.5.4 Moreover, once the card has recognised the "context" (e.g. by the method disclosed in column 4, lines 21-65), communication will be set up between the chip card and the CPU (column 4, lines 58-65), which would clearly include setting up (or "referencing") a communication protocol.

3.5.5 For feature (b) to be consistent with the rest of the claim, it must, in the opinion of the Board, be understood in the sense that a different interface protocol is referenced for each different context (corresponding to each different type of access point). In the light of the preceding analysis, this is seen as the sole respect in which feature (b) differs from D2. Feature (b) therefore differs from D2 in precisely the same way that feature (a) differs from D2, a difference which the Board has already judged not to be inventive.

3.6 Feature (c)

3.6.1 Feature (c) defines the following:

"a switch for automatically switching to the context which corresponds to said detected type of access point" (the switch being included in the "selector" together with the "detector").

3.6.2 D2 explicitly discloses a detector ("detection circuit": column 4, lines 21-28) and implicitly discloses a switch which selects an application (i.e. context) in column 4, lines 54-57:

"If the chip card has an application compatible with the type of link thus determined, then the link will be activated in being first of all selected if it forms part of several distinct applications dedicated to distinct types of link."

As mentioned above, referring to the detector and switch as components of a "selector" is merely a matter of terminology.

3.6.3 The Board therefore considers that feature (c) is disclosed in D2.

3.7 Feature (d)

3.7.1 Feature (d) defines the following:

"the security module is a Subscriber Identity Module (SIM)".

3.7.2 In the communication pursuant to Article 15(1) RPBA, the Board stated that it was unable to identify any statement in the description explaining why the use of a SIM card to protect the credentials was inventive, nor any argument from the appellant in this regard. For example, no particular problem was mentioned in the application which is solved by means of a SIM card.

As a result, the provisional view of the Board was that the objective problem to be solved could only be seen as providing a suitable means to securely store data, i.e. the claimed "credentials". Since SIM cards were widely used in mobile telephony systems to securely store subscriber identity data and contact data, the use of such a means to solve the above problem appeared to be an obvious possibility for the skilled person.

3.7.3 Since this conclusion has not been challenged by the appellant, the Board sees no reason to alter its view.

3.8 In summary, the Board's findings on the features distinguishing claim 1 of the main request from D2 are as follows:

Features (a) and (b) essentially differ from D2 in the use of different interface protocols for exchanging data with different types of access point, which would be obvious to the skilled person starting from D2. Feature (c) is disclosed in D2. Feature (d) defines the security module to be a SIM card, which would be an obvious possibility for the skilled person. It has not been argued that there is a technical interaction between the use of multiple protocols and the use of a SIM card as the security module, nor does the Board see any synergy effect arising from these features.

The Board therefore judges that the subject-matter of claim 1 of the main request does not involve an inventive step within the meaning of Articles 52(1) and 56 EPC.

4. First Auxiliary Request

4.1 Claim 1 of the first auxiliary request comprises the following additional feature:

"wherein the interface and protocol that provide the context identification data may be different than the actual interface and protocol of the access point."

4.2 The phrase "may be different" implies that they also may not be different, hence this has no limiting effect. The only additional limitation is that the context identification data is provided via an interface according to a protocol.

4.3 D2 appears to disclose two arrangements in this respect. The context identification data may be provided via an electromagnetic field detection loop (column 4, lines 21-33) or via one of the four physical links (column 4, lines 33-38).

According to the first arrangement, there are "signals sent out by the central processing unit" which may be picked up via an electromagnetic field detection loop (hence the signals are electromagnetic in nature) and passed to the detection circuit 112. In other words the central processing unit comprises an electromagnetic transmitter and the device comprises an electromagnetic receiver, which together may be said to form an interface.

The disclosure of "signals sent out by the central processing unit" implies that information is encoded onto the electromagnetic field, to be decoded by the detection circuit. This in turn implies that there must be a set of rules by which the information is encoded in the signals, and which allow the signals to be decoded in the detection circuit, i.e. some form of communication protocol.

4.4 Similarly for the second option employing one or more of the four physical links as the interface, it is implicit that some form of communication protocol must be employed.

4.5 Claim 1 of the first auxiliary request therefore differs from claim 1 of the main request only in a feature implicitly disclosed in D2. The claimed subject-matter does not, therefore, involve an inventive step within the meaning of Articles 52(1) and 56 EPC for the reasons given above in connection with the main request, mutatis mutandis.

4.6 In the communication pursuant to Article 15(1) RPBA, the Board provisionally raised formal objections (under Articles 84 and 123(2) EPC) against the main and first auxiliary requests. In the light of the conclusions reached above, it is not necessary to pursue these objections in the present decision.

5. Second Auxiliary Request

5.1 In the communication pursuant to Article 15(1) RPBA, the Board raised the question whether the second and third auxiliary requests were to be admitted into the procedure (Article 12(4) RPBA). Since a preliminary assessment of these requests was already given in the communication, the Board finds it expedient to admit these requests and deal with them on their substantive merits.

5.2 The additional feature of claim 1 of the second auxiliary request is that:

"the portable authentication device remains inactive until detecting the presence of the SIM, at which point a user is prompted for a PIN."

The basis is said to be page 15, lines 14-16. However, in this passage, which is the only part of the original application in which the word "inactive" occurs, it is the "security module interface component" which remains inactive until it detects the presence of the card, not the entire portable authentication device.

5.3 The provisional view given in the Board's communication was that this appeared to represent a prima facie case of non-compliance with the requirements of Article 123(2) EPC. Since this conclusion has not been challenged by the appellant, the Board sees no reason to alter its view.

6. Third Auxiliary Request

6.1 The additional feature of claim 1 of the third auxiliary request is the following:

"wherein, in accordance with the identified context, the credential, the access point inter-face protocol, and a user authentication policy suitable for further credential transfer and credential release is selected."

The meaning of the feature "suitable for further credential transfer and credential release" is not clear. In particular, it is not apparent whether this refers to a further transfer and release of a credential already introduced in the claim, or to the transfer and release of a further credential, different to those already introduced. The only basis is on page 12, lines 1-3, which does not provide any additional clarification.

6.2 The provisional view given in the Board's communication was that this represented a lack of clarity within the meaning of Article 84 EPC. Since this conclusion has not been challenged by the appellant, the Board sees no reason to alter its view.

Order

For these reasons it is decided that:

The appeal is dismissed.