| European Case Law Identifier: | ECLI:EP:BA:2021:T325619.20210521 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Date of decision: | 21 May 2021 | ||||||||
| Case number: | T 3256/19 | ||||||||
| Application number: | 06748170.5 | ||||||||
| IPC class: | H04K 1/00 G06F 21/30 |
||||||||
| Language of proceedings: | EN | ||||||||
| Distribution: | D | ||||||||
| Download and more information: |
|
||||||||
| Title of application: | Passcodes | ||||||||
| Applicant name: | Biogy, Inc. | ||||||||
| Opponent name: | - | ||||||||
| Board: | 3.5.03 | ||||||||
| Headnote: | - | ||||||||
| Relevant legal provisions: |
|
||||||||
| Keywords: | Decision in written proceedings - (yes) Substantial procedural violation - violation of the right to be heard (yes): surprising novelty assessment Remittal - fundamental deficiency in examination proceedings (yes) Reimbursement of appeal fee - (yes) |
||||||||
| Catchwords: |
- |
||||||||
| Cited decisions: |
|
||||||||
| Citing decisions: |
|
||||||||
Summary of Facts and Submissions
I. The appeal is against the decision of the examining division to refuse the present European patent application for lack of novelty (Article 54 EPC) of claim 1 of all the applicant's claim requests.
II. The appellant requests that the decision under appeal be set aside and that a patent be granted based on the claim requests underlying the decision under appeal.
The board understands that the appellant further requests, as an auxiliary measure, that the case be remitted to the examining division for further prosecution.
Moreover, the appellant requests that the appeal fee be reimbursed in view of a substantial procedural violation on the part of the examining division.
Oral proceedings are requested unless the main request is granted or the case is remitted to the examining division.
III. Claim 1 of the main request underlying the decision under appeal reads as follows:
"A machine implemented method for determining whether to grant access to a secure entity comprising:
receiving (902) a passcode from a user;
retrieving (908) a passcode generator;
generating (910), via the machine, the passcode that is valid temporarily, based on information associated with a user from the passcode generator;
determining (912) whether the attempted access is permitted, based on the passcode, including
determining (912) whether the generated passcode matches the received passcode, and
if the generated passcode matches the received passcode, granting (914) the user access to a secure entity;
wherein the method further comprises:
if the generated passcode matches the received passcode, perturbing (916) the passcode generator to create a new passcode generator; and
storing (916) the new passcode generator in place of the passcode generator."
Reasons for the Decision
1. Decision in written proceedings
The appellant requested oral proceedings unless the main request is granted or the case is remitted to the examining division (cf. point II above). Given that the board decided to remit the case to the examining division for further prosecution, the decision is handed down in written proceedings (Article 116(1) EPC; Article 12(8) RPBA 2020).
2. Main request: claim 1 - feature labelling
Claim 1 of the main request has the following limiting features (as labelled by the board):
(a) A machine-implemented method for determining whether to grant access to a secure entity comprising:
(b) receiving a passcode from a user;
(c) retrieving a passcode generator;
(d) generating, via the machine, the passcode that is valid temporarily, based on information associated with a user from the passcode generator;
(e) determining whether the attempted access is permitted, based on the passcode,
(i) including determining whether the generated passcode matches the received passcode,
(ii) if the generated passcode matches the received passcode, granting the user access to a secure entity;
(f) if the generated passcode matches the received passcode, perturbing the passcode generator to create a new passcode generator;
(g) storing the new passcode generator in place of the passcode generator.
3. Review of the decision under appeal: the right to be heard as regards the novelty analysis
3.1 The procedural principle of the "right to be heard" is enshrined in Article 113(1) EPC, which stipulates that
"[t]he decisions of the European Patent Office may only be based on grounds or evidence on which the parties concerned have had an opportunity to present their comments".
This implies that a party may not be taken by surprise by the reasons of a decision, referring to unknown grounds or evidence (see R 3/13, Reasons 2.2; R 2/14, Reasons 6).
It is generally accepted that the term "grounds or evidence" in this context is to be understood as meaning the essential legal and factual reasoning on which the decision under appeal is based. Although a decision does not have to address each and every argument of a party in detail, it must comment on the crucial points of dispute to give the losing party a fair idea of why its arguments were not considered to be convincing (see e.g. T 1557/07, Reasons 2.6; T 2012/17, Reasons 3.1).
The board holds that, at least in terms of the factual reasoning, the applicant must have been taken by surprise by the reasons of the decision under appeal in view of the following observations.
3.2 Merely from a formal point of view, the novelty analysis set out in point 7 of the reasons of the decision under appeal mentions several passages of D1 that were never brought to the applicant's attention, namely at least
- column 9, lines 35 to 37 with respect to feature (b);
- column 8, lines 19 to 38 with respect to features (e), (e)_(i) and (e)_(ii).
3.3 From a substantive point of view, the mapping in point 7 of the reasons of the decision under appeal presented the applicant with new information relevant for understanding and appropriately replying to the examining division's chain of reasoning as regards the matter of novelty, namely for the following reasons:
3.3.1 As regards feature (b), the examining division referred in the impugned decision to lines 35 to 37 of column 9 of D1, which means that it must have equated the "passcode" of this feature, i.e. the "received passcode" referred to in features (e)_(i), (e)_(ii) and (f), with the "username and password" or the "biometrics feature" provided by the user of D1 to log on.
It is not apparent from the file that the examining division communicated this decisive mapping to the applicant before issuing their decision, in spite of the fact that, ahead of the oral proceedings before the examining division, the applicant
- explicitly commented that the novelty objection raised by the examining division was not explained with enough detail;
- had expressly regarded "the passcode" as a feature that renders the subject-matter of claim 1 new over D1.
3.3.2 Concerning feature (c), the examining division apparently regarded in point 7 of the reasons of the decision under appeal the passcode generator to be the "seed [value]" of column 3, lines 25 to 30 or of lines 11 to 19 of column 8 of D1.
However, from the file it is apparent that D1's "random number generator" itself and not its "seed value" were mapped by the examining division onto the "passcode generator" of feature (c). The file does not indicate that the examining division revised this feature mapping in the oral or written proceedings.
3.3.3 As regards feature (d), the examining division referred in the decision under appeal to column 3, lines 29 to 32 and, alternatively, to column 6, lines 52 to 65 of D1, from which it appears that the "generated passcode" as referred to in features (e)_(i) and (e)_(ii) must have been equated with the "user's new password" of lines 30 and 31 of column 3 of D1 or, correspondingly, with the "newly generated password" which is used to log on the user as mentioned in lines 31 and 32 of column 3 of D1.
3.3.4 As regards features (e), (e)_(i) and (e)_(ii), the examining division referred to column 8, lines 19 to 38 of D1 in the decision under appeal. Apart from this passage having never been indicated to the applicant, it also brings about an inconsistency in the examining division's feature mapping for the reasons set out below.
3.3.4.1 D1 teaches in column 8, lines 19 to 38 the following regarding the process flow of Figure 3 (reproduced below):
(i) "in step 320, the new randomly generated password is transmitted to the client 208 which, in turn, transmits the username (if provided) and the new password back to the server 102 in step 322" (emphasis added by the board);
(ii) "[i]n step 324, the biometrics account manager 224 compares the username and password received from the client 208 to the list of usernames and passwords stored in the users database 232" (emphasis added by the board);
(iii) if a match is found, the log on process is completed in step 330.
FORMULA/TABLE/GRAPHIC
3.3.4.2 The skilled reader would readily understand that the "new randomly generated password" mentioned in teaching (i) above regarding step 320 is the same as the "user's new password" of lines 30 and 31 or the "newly generated password" of lines 31 and 32 of column 3 of D1. It therefore represents the "generated passcode" of features (e)_(i) and (e)_(ii), referring to the passcode generated in accordance with feature (d) of claim 1 (see also point 3.3.3 above).
3.3.4.3 Furthermore, the skilled reader would also immediately recognise that the "password received from the client 208" of teaching (ii) is the "new randomly generated password" or, in short, "the new password" mentioned in teaching (i).
3.3.4.4 Feature (e)_(ii) requires the "generated passcode" of feature (d) to match the "received passcode" of feature (b). Mapping this requirement onto teachings (ii) and (iii), this means, in view of points 3.3.4.2 and 3.3.4.3 above, that the "received passcode" of feature (b) must be the "list of usernames and passwords stored in the users database 232" (board's emphasis) according to teaching (ii).
This mapping is, however, inconsistent with the identification in point 3.3.1 above, according to which the "received passcode" should be, in D1, the "username and password" or the "biometrics feature" provided by the user to log on.
3.3.5 As regards features (f) and (g), the examining division referred in the decision under appeal to column 3, lines 26 to 35, or, alternatively, to column 8, lines 11 to 19 of D1. They concluded in view of these references that "the generator is perturbed, because the new password is used as the new generator". This means that, in the decision under appeal, the examining division regarded
- the "user's new password" of lines 30 and 31 of column 3 of D1
or, correspondingly,
- "the newly generated password" of lines 31 and 32 or of line 34 of column 3 of D1
to be the "new passcode generator" of features (f) and (g).
However, the applicant stated in advance of the oral proceedings before the examining division that the examining division "overlooked that the main request, claim 1 line 22 defines 'a new passcode generator'". It is nonetheless not apparent from the file that the examining division mapped the "new passcode generator" onto D1 before issuing the decision under appeal. This is in spite of the applicant explicitly addressing this aspect also during the oral proceedings before the examining division, as can be gathered from the third sentence of point 5 of the minutes of these oral proceedings.
3.3.6 The board may only conclude, in view of
- the various instances at which the analysis of the examining division conducted in point 7 of the reasons of the decision under appeal presented the applicant with a feature mapping that was never communicated beforehand to the applicant
and
- the inconsistency of this feature mapping as set out in point 3.3.4 above,
that the applicant could have reasonably been expected to put forward possibly persuasive arguments as to the respective feature mapping, had the examining division informed the applicant of its feature mapping before issuing the decision under appeal. In this context, the board recalls that Article 113(1) EPC requires not merely that a party be given an opportunity to voice comments, but more importantly it requires that the deciding instance demonstrably hears and considers these comments (see e.g. T 763/04, Reasons 4.4).
3.3.7 Moreover, the examining division failed to correct the erratic and imprecise way in which it was conducting the examination proceedings, although the applicant pointed towards this conduct at several points in time during the proceedings. The board notes in particular the following:
3.3.7.1 Ahead of the oral proceedings before the examining division, the applicant insisted on a proper novelty analysis and even requested a postponement of the oral proceedings to allow the examining division to get more familiar with the case. For whatever reasons, the examining division did not grant this request for postponement and only provided a detailed feature mapping of claim 1 with respect to D1 when issuing the decision under appeal.
3.3.7.2 Points 3, 5 and 8 of the minutes of the oral proceedings before the examining division reflect that the applicant was plainly in need of more details on the novelty objection raised by the examining division. It is not apparent from these minutes, in particular not from points 4 and 9, that the feature mapping as presented in the decision under appeal was brought to the applicant's attention during the oral proceedings before the examining division.
3.3.7.3 Lastly, the examining division also did not rectify the decision under appeal by means of an interlocutory revision (Article 109(1) EPC), although the appellant had drawn their attention in the statement of grounds of appeal to several deficient aspects of the decision under appeal.
3.4 In sum, it is the board's view that the appellant's right to be heard under Article 113(1) EPC was violated in the proceedings before the examining division.
4. Substantial procedural violation - remittal - reimbursement of the appeal fee
4.1 It is established case law that a violation of the right to be heard amounts to a fundamental procedural deficiency and, as a rule, to "special reasons" to remit the case for further prosecution. The deficiency apparent in this case justifies an immediate remittal without any assessment on the merits (Article 111(1) EPC; Article 11 RPBA 2020).
4.2 The appellant's auxiliary request for remittal is thus allowable. Moreover, it is generally accepted that a breach of Article 113(1) EPC constitutes a substantial procedural violation within the meaning of
Rule 103(1)(a) EPC. Finally, with the clear causal link between the substantial violation and the appealed decision, full reimbursement of the appeal fee is rendered equitable.
Order
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the examining division for further prosecution.
3. The appeal fee is to be fully reimbursed.
