T 1075/15 (Error management in a safety unit/OMRON) 26-05-2020
Download and more information:
Input device of a safety unit
I. This appeal lies from the decision of the opposition division rejecting the opposition against the opposed patent under Article 101(2) EPC. The opposition division held that the patent as granted complied with Articles 83, 123(2), 54 and 56 EPC and concluded that the invoked grounds for opposition under Articles 100(a), (b) and (c) EPC did not prejudice the maintenance of the patent.
II. Oral proceedings before the board were held on 26 May 2020.
The appellant requested that the decision under appeal be set aside and that the patent be revoked.
The respondent requested that the appeal be dismissed, i.e. that the patent be maintained as granted (main request), or, in the alternative, that the patent be maintained in amended form on the basis of the claims of either of a first and second auxiliary request, both filed with the submission dated 14 May 2020 (i.e. after the notification of the summons to the oral proceedings before the board).
At the end of the oral proceedings, the board's decision was announced.
III. Claim 1 of the patent as granted (main request) reads as follows:
"A safety slave unit (1A) adapted to be connected to a plurality of input devices (4), to receive, from the input devices when connected to them, input signals and to be connected to a safety controller (2) through a network (3) so as to transmit the input signals to a communication master of the safety controller (2), the safety slave unit (1A) comprising:
an input terminal portion (101) having a plurality input terminals each adapted to receive an input signal having a raw logical value from an correspondingly connected input device (4) which is activated when a danger exists, wherein the raw logical value indicates presence or absence of activation of the correspondingly connected input device (4); and
an error diagnostic portion (102) that diagnoses an error of breaking or short circuit of wirings between each input terminal and the correspondingly connected input device (4), and generates, for each input terminal, a diagnosis status data having a logical value "High" upon the absence of the error and a logical value "Low" upon the presence of the error; and
a processing means (103) adapted to convert, for each input terminal, the input signal given to the corresponding input terminal to control data having a logical value which reflects the raw logical value, characterized in that
the logical value of the control data is compulsorily changed, regardless of the raw logical value of the input signal given to the corresponding input terminal, to the logical value corresponding to the presence of activation of the correspondingly connected input device (4) when the diagnosis status data of the input terminal is a logical "Low", and
the logical value of the control data is not changed when the diagnosis status data of the input terminal is a logical "High"; and
a data transmitting portion (104) adapted to transmit, to said communication master of said safety controller (2) when connected, a pair of the logical value of the control data and of the logical value of the corresponding diagnosis status data; wherein
the safety slave (1A) is adapted to execute an initial processing after power of the safety slave (1A) is turned on, in which, for each terminal, the logical value of the diagnosis status data is initially set to "Low" such that the logical value of the control data is compulsorily set to the logical value corresponding to the presence of activation of the correspondingly connected input device (4)."
IV. Claim 1 of the first auxiliary request reads as follows (amendments vis-à-vis claim 1 of the main request underlined by the board):
"A safety slave unit (1A) adapted to be connected to a plurality of input devices (4), to receive, from the input devices when connected to them, input signals and to be connected to a safety controller (2) through a network (3) so as to transmit the input signals to a communication master of the safety controller (2), the safety slave unit (1A) comprising:
an input terminal portion (101) having a plurality input terminals each adapted to receive an input signal having a raw logical value from an correspondingly connected input device (4) which is activated when a danger exists, wherein the raw logical value indicates presence or absence of activation of the correspondingly connected input device (4); and
an error diagnostic portion (102) that diagnoses an error of breaking or short circuit of wirings between each input terminal and the correspondingly connected input device (4), and generates, for each input terminal, a diagnosis status data having a logical value "High" upon the absence of the error and a logical value "Low" upon the presence of the error; and
a processing means (103) adapted to convert, for each input terminal, the input signal given to the corresponding input terminal to control data having a logical value which reflects the raw logical value, characterized in that
the logical value of the control data is compulsorily changed from HIGH, regardless of the raw logical value of the input signal given to the corresponding input terminal, to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device (4) when the diagnosis status data of the input terminal is a logical "Low", and
the logical value of the control data is not changed when the diagnosis status data of the input terminal is a logical "High"; and
a data transmitting portion (104) adapted to transmit, to said communication master of said safety controller (2) when connected, a pair of the logical value of the control data and of the logical value of the corresponding diagnosis status data; wherein
the safety slave (1A) is adapted to execute an initial processing after power of the safety slave (1A) is turned on, in which, for each terminal, the logical value of the diagnosis status data is initially set to "Low" such that the logical value of the control data is compulsorily set to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device (4)."
V. Claim 1 of the second auxiliary request reads as follows (amendments vis-à-vis claim 1 of the first auxiliary request indicated by the board):
"A safety slave unit (1A) adapted to be connected to a plurality of input devices (4), to receive, from the input devices when connected to them, input signals and to be connected to a safety controller (2) through a network (3) so as to transmit the input signals to a communication master of the safety controller (2), the safety slave unit (1A) comprising:
an input terminal portion (101) having a plurality input terminals each adapted to receive an input signal having a raw logical value from an correspondingly connected input device (4) which is activated when a danger exists, wherein the raw logical value indicates presence or absence of activation of the correspondingly connected input device (4); and
an error diagnostic portion (102) that diagnoses an error of breaking or short circuit of wirings between each input terminal and the correspondingly connected input device (4), and generates, for each input terminal, a diagnosis status data having a logical value "High" upon the absence of the error and a logical value "Low" upon the presence of the error; and
a processing means which is a central processing portion (103) adapted to convert, for each input terminal, the input signal given to the corresponding input terminal to control data having a logical value which reflects the raw logical value, characterized in that
(i), in case the raw logical value indicates absence of activation of the correspondingly connected input device (4), the logical value of the control data is compulsorily changed from HIGH, regardless of the raw logical value of the input signal given to the corresponding input terminal, to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device (4) when the diagnosis status data of the input terminal is a logical "Low", wherein the logical value of the control data is not changed when the diagnosis status data of the input terminal is a logical "High", and
(ii), in case the raw logical value indicates presence of activation of the correspondingly connected input device (4), the logical value of the control data is compulsorily set to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device (4) when the diagnosis status data of the input terminal is a logical "Low", wherein the logical value of the control data reflects the raw logical value indicating presence of activation of the correspondingly connected input device (4) when the diagnosis status data of the input terminal is a logical "High"; and
a data transmitting portion (104) adapted to transmit, to said communication master of said safety controller (2) when connected, a pair of the logical value of the control data and of the logical value of the corresponding diagnosis status data; wherein
the safety slave (1A) is adapted to execute an initial processing after power of the safety slave (1A) is turned on, in which, for each terminal and prior to executing the processing by the error diagnostic portion (102) for the first time, the logical value of the diagnosis status data is initially set to "Low" such that the logical value of the control data is compulsorily set to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device (4), and, following the initial processing, to cyclically execute (i) an input processing in which the processing of the input terminal portion (101), the processing of the error diagnostic portion (102) and the processing of the central processing portion (103) are executed, and (ii) a main processing in which the processing of the data transmitting portion (104) is executed."
1. MAIN REQUEST
Claim 1 of the main request comprises inter alia the following features, as labelled in the impugned decision:
1. the safety slave unit is adapted to
1.8 execute an initial processing after power of
the safety slave is turned on,
1.8.1 in which, for each terminal, the logical value
of the diagnosis status data is initially set
to "Low" such that
1.8.1.1 the logical value of the control data is
compulsorily set to the logical value
corresponding to the presence of activation of
the correspondingly connected input device.
1.1 Claim 1 - added subject-matter (Articles 100(c) and 123(2) EPC)
1.1.1 According to the jurisprudence of the Enlarged Board of Appeal (G 2/10, OJ EPO 2012, 376, Reasons 4.3), for assessing compliance with Article 123(2) EPC, it is to be examined whether an amendment may be derived by a skilled person directly and unambiguously, using common general knowledge, from the whole of the original disclosure.
1.1.2 In present claim 1, the expression "such that" implies a causal relationship between feature 1.8.1 and feature 1.8.1.1, as confirmed by the respondent in its written reply to the statement of grounds of appeal (see page 5, last paragraph, emphasis by the respondent): "... the whole original documents as well as the whole patent in dispute only disclose a dependency of the control data on the status data, namely (i) when status data are ON, the raw logical value given to the input terminal is reflected on the control data at it is, and, (ii) when status data are OFF, control data is compulsorily set to OFF (please see for example paragraphs [0064, 0066], [0024, 0025]).".
1.1.3 Such relationship is not disclosed in the application as filed. As regards the initial processing described in Fig. 6 and paragraphs [0056] to [0061] of the application as filed, the logical value of both control and status data is disclosed to be initially set to "OFF" (see paragraph [0056]: "... in step 601, the initial setting with control data = OFF ("LOW") and status data = OFF ("LOW") is carried out for each terminal. This initial setting processing is carried out for all the terminals 101 equipped on the safety slave 1 ..."). However, this disclosure cannot be construed to mean that the initial setting of the logical value of the control data depends on the initial setting of the logical value of the diagnosis status data to "Low", as required by feature 1.8.1.
1.1.4 The respondent submitted that the setting of the control and status data in step 601 of the "initial processing" is fairly identical to the setting in step 704 relating to the "input processing". Preceding to step 601, which followed turning ON the safety slave, the error diagnostic processing could not have been executed once, but it was apparent that the setting is done, as a precautionary measure, as if the error diagnosis was negative. As a result, the setting in step 601 (which was the same as in 704) meant that control data was set compulsorily to "OFF" as a result of the status data being "OFF".
The respondent referred to the last sentence of paragraph [0077]: "Additionally, according to this example, even if the control data is 'LOW' just after the power is turned ON, it is possible to confirm that the error diagnostic processing about that control data has not been finished based on a fact that the status data is also 'LOW'". According to the respondent, this sentence related to step 601. It unambiguously disclosed that there had to be a causal relationship between control data and status data, even before the diagnostic processing in step 602 was finished. Otherwise, the sentence would not make any sense, because, assuming there was no causal relationship, the status of the control data could not be interpreted by reference to the status data.
1.1.5 This argument is not persuasive. According to step 704 as described in paragraph [0064] of the application as filed (emphasis added) "... Control data = OFF ("LOW") means that the data status is turned OFF compulsorily as a result of diagnosis that an error exists and status data = OFF ("LOW") means that it is diagnosed that an error exists ...". Hence, in step 704, both control data and status data are set to OFF as a result of diagnosis that an error exists, following the determination of step 702 whether or not an error exists. According to paragraph [0062], fourth sentence, of the application as filed, "... [t]he content of this diagnostic processing is the same as the diagnostic processing (step 602) described with reference to FIG. 6 ...".
It follows therefrom that the processing of step 704 of Fig. 7 must be similar to the processing carried out in step 604 of Fig. 6, described in paragraph [0059] of the application as filed, and according to which (emphasis added) "... initial control data = OFF ("LOW") and status data = OFF ("LOW") is set for an input determined to have an error. Status data = OFF means that an error exists ...". In this case, both control data and status data are also set to OFF as a result of the diagnosis that an error exists, according to the determination of step 603. Thus, neither step 704 nor step 604 discloses the claimed relationship between status data and control data.
1.1.6 As regards step 601 and the last sentence of paragraph [0077] of the application as filed, it is not disputed that the initial setting of both control data and status data to OFF ("LOW") makes it possible for a subsequent control, e.g. by the safety controller receiving control and status data over the network, to recognise whether or not error diagnostic processing is finished. However, the fact that the setting of status data to OFF ("LOW") helps interpret the meaning of the control data being set to OFF ("LOW") cannot be equated with the claimed causal relationship between features 1.8.1 and 1.8.1.1 ("such that"). Contrary to the input processing according to Fig. 7, in the initial processing of Fig. 6, there is no raw logical value from a connected input device to be converted. Instead, the control and status data are set by the processing means autonomously before (step 601) and after (steps 603, 604 and 605) the diagnostic processing (step 602) is carried out.
1.2 Therefore, the subject-matter of claim 1 of the patent as granted does not meet the requirements of Article 123(2) EPC, so that the ground for opposition pursuant to Article 100(a) EPC prejudiced the maintenance of the opposed patent.
2. AUXILIARY REQUESTS
As to feature 1.8.1.1, claim 1 of the first and second auxiliary requests now includes the following wording (the amendment compared with claim 1 of the main request underlined by the board):
"the logical value of the control data is compulsorily set to the logical value LOW corresponding to the presence of activation of the correspondingly connected input device".
2.1 Claim 1 - added subject-matter (Article 123(2) EPC)
2.1.1 The board holds that the mere labelling of the respective logical value to which the control data is to be set as "LOW" does not remedy the objections raised under Article 123(2) EPC as set out above for the main request.
2.1.2 Hence, the reasons given in point 1.1 above apply mutatis mutandis to claim 1 of the first and second auxiliary requests. The respondent did not provide any additional arguments in that regard during the oral proceedings before the board.
2.2 In conclusion, the first and second auxiliary requests are not allowable under Article 123(2) EPC either.
3. As there is no allowable claim request, the opponent's appeal is successful.
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The patent is revoked.