T 0787/18 (Passing authentication data to acquirer/CARDINALCOMMERCE) 14-12-2023
Download and more information:
WEB TERMINAL AND BRIDGE THAT SUPPORT PASSING OF AUTHENTICATION DATA TO ACQUIRER FOR PAYMENT PROCESSING
Amendments - allowable (yes)
Claims - clarity
Claims - main request (yes)
Claims - clarity after amendment (yes)
Appeal decision - remittal to the department of first instance (yes)
Remittal - (yes)
Remittal - special reasons for remittal
Remittal - further search for pertinent prior art required in order to assess inventive step of amended main request
I. This appeal is against the decision of the examining division refusing European patent application No. 06801071.9 pursuant to Article 97(2) EPC on the grounds of lack of clarity (Article 84 EPC) and lack of inventive step (Article 56 EPC) with regard to prior-art publication D1 (US2002/065839 A1) as well as on the ground of not fulfilling the requirements of Article 123(2) EPC.
II. In the statement setting out the grounds of appeal, the appellant requested that the appealed decision be set aside and that a patent be granted on the basis of the main, first or second auxiliary request as submitted with the statement setting out the grounds of appeal. Oral proceedings were requested as an auxiliary measure.
III. In a communication the Board expressed its preliminary opinion that it tended to agree with the decision under appeal that the subject-matter of independent claim 1 according to the main request lacked an inventive step over D1 for essentially the same reasons. While the set of claims according to the main request still lacked clarity, the amendments made to the set of claims according to the first auxiliary request appeared to overcome the objections under Articles 84 and 123(2) EPC. The Board expressed the view that it was not in a position to examine inventive step of the first auxiliary request without a further search being carried out and that it intended to remit the case to the department of first instance for further prosecution. The appellant was invited to inform the Board, whether the auxiliary request for oral proceedings was maintained and/or to file an amended main request considering the reasons given in this communication.
IV. In a reply dated 5 July 2023, the appellant filed a new main request based on the former first auxiliary request and made the second auxiliary request the new first auxiliary request. The appellant requested a grant or remittal on the basis of the new main request or that a patent be granted on the basis of the new first auxiliary request. The request for oral proceedings was upheld as an auxiliary measure in case that none of the above requests were allowable.
V. Independent claim 1 according to the main request reads as follows:
"1. A method of passing authentication result data (40f), such as authentication result data (40f) generated by an issuing bank during Secure 3-D authentication of a cardholder (30) during a transaction between the cardholder (30) and a merchant (10), to an acquirer (60), using a bridge server (70), the authentication result data reflecting a result of an attempt to authenticate the cardholder (30) and contained in an expansion field (56f) of a transaction record (56) also containing a transaction ID (40a) and transaction details (40b-40e) stored in a database (54) maintained in connection with an order management system (52) of the merchant (10), the method comprising:
a. providing, by the bridge server (70), a merchant (10) with a web page (72) over a communications network (20), said web page (72) requesting a transaction ID;
b. receiving, at the bridge server (70), the transaction ID over the communications network from the second party (10);
c. collecting, by the bridge server (70), transaction details using the received transaction ID, from the order management system (52) the transaction details including the authentication result data (40f) and being retrieved from the transaction record (56) stored in the database (54) maintained in connection with the order management system (52);
d. identifying, by the bridge server (70), the cardholder authentication result data (40f) within the collected transaction details;
e. formatting, by the bridge server (70), the transaction details according to a prescribed format; and
f. forwarding, by the bridge server (70), the formatted transaction details to the third party (60),
wherein the bridge server (70) is implemented by a server, connected to the order management system (53) and the acquirer (60) via the Internet."
VI. The appellant argued that the requirements of Articles 56, 84 and 123(2) EPC were fulfilled. The arguments relevant for the decision are discussed below.
The invention
1. The invention relates to online purchase transaction processing using a credit card, in particular where the transaction has two phases; cardholder authentication and payment authorisation.
The authentication procedure is a voluntary additional procedure such as the 3-D Secure by Visa. It produces "authentication result data" - known as "cardholder authentication verification value" (CAVV) in the case of 3-D Secure (see [0020] of the published application).
The claimed invention relates to the authorisation phase in the case that the merchant's order management system (OMS) cannot handle the authentication result data. Looking at Figures 1 and 3 of the application, the solution is to store the result in an expansion field 40f of the transaction data 40 in the OMS database 54 and to use a "bridge server" 70 to retrieve the data and incorporate in a correctly formatted transaction sent to the acquirer 60.
In appeal, the appellant has put much weight on the particular VISA(R) purchase transaction flow on the basis of the 3-D Secure transaction protocol, which with the amendments made is now part of the main request.
2. The contested decision was based on objections under Articles 56, 84 and 123(2) EPC.
The appellant has provided amended sets of claims. Amendments were not made on the basis of the refused independent claims, but on the basis of the original claims as filed in the PCT-application resulting in a significantly different wording of the claims now on file. However, since these amendments were made in reaction to the objections under Article 84 EPC in the contested decision and are directed to the same subject-matter, the Board admits them into the appeal proceedings.
Main request
3. Article 123(2) EPC - Amendments
Present independent claim 1 has basis in original claims 1 and 2 as well as in the application documents as filed, [0020 to 0026] and Figure 3 with the corresponding description of the authentication bridge.
Claim 1 of the present main request introduces the bridge server 70 as performing steps a) to f). Furthermore, it has the additional feature that authentication result data is generated during a 3-D Secure authentication and is thereby directed to a specific application in the environment of VISA transaction protocols. A basis for the amendments is found in [0005], [0020] and [0023-0024] of the description as filed.
In particular in [0020] an embodiment of the present invention is disclosed in which the authentication result 40f can be the cardholder authentication verification value (CAVV) produced in connection with the 3-D Secure(R) initiative supported by the Visa(R) payment network.
The objection under point 2.1.5 in the decision under appeal, directed to the last feature of claim 1 specifying the implementation of the bridge server, is not maintained by the Board. A basis for connecting the bridge server 70 to the OMS server 50 over the Internet 20 is found in [0026] on page 9, line 20 of the description.
The amendments therefore fulfill the requirements of Article 123(2) EPC.
4. Article 84 EPC
4.1 The Board does not consider it to be essential in the context of the present invention that the cardholder authentication data must be specified to be generated by a card issuing bank, in contrast to the decision under appeal (see point 1.2.2), because the authentication procedure is not part of the claimed invention, but only the resulting authentication data.
The other objections in points 1.2.4 and 1.2.5 in the contested decision refer to wording no longer present in present claim 1.
4.2 The contested decision held that the then independent claims did not specify which technical entity performs steps a) to f). In particular it was not clear whether the entity providing a transaction ID request (step a) is the same for receiving the transaction ID (step b). The Board agrees with the contested decision that it is essential for the functionality of the implementing architecture to know which entity performs what step in which order. This is regarded as essential for a complete technical teaching in view of the fact that it is to be applied to different cardholder authentication procedures such as the VISA 3-D Secure protocol referred to in the grounds of appeal or MasterCard SecureCode. Therefore the Board considers the role of the bridge server and its specification to be essential for defining the information flow in order to establish a clear technical teaching, particularly its connection with the order management system OMS, because legacy OMS are typically not able to handle the forwarding of cardholder authentication result data together with payment authorisation (see point 11 of the statement setting out the grounds of appeal).
4.3 Claim 1 of the present main request introduces the bridge server 70 as performing steps a) to f). Furthermore, it has the additional feature that authentication result data is generated during a 3-D Secure authentication and is thereby directed to a specific application in environment of VISA transaction protocols. With the new main request the appellant has specified the bridge server 70 as the entity providing a transaction ID request (step a) and receiving the transaction ID (step b).
4.4 The Board considers the bridge server and its connection with the order management system OMS and the acquirer 60 to clearly define the information flow. Thereby a complete technical teaching is defined in view of the fact that the method according to independent claim 1 of this request is explicitly directed to a cardholder authentication procedure of the VISA 3-D Secure authentication protocol. The objection under Article 84 EPC is therefore overcome.
5. Article 56 - Inventive step
The closest prior art D1 does not disclose any details of the VISA 3-D Secure authentication protocol. The appellant has provided some references to this protocol in the statement setting out the grounds of appeal (see points [1] to [3] and [5] on pages 3 and 4). While these references were presented in order to explain the technical background for establishing clarity, these references do not represent prior art for the present application, because the version of the publication ("verified-by-visa-acquirer-merchant-implementation-guide.pdf") which the Board could access over the Internet was post-published (May 2011). As far as the second phase of 3-D Secure, i.e. the post-authentication payment authorisation procedure is concerned (see chapter 5, in particular 5.2 to 5.4 dealing with CAVV data fields), it cannot be assumed that this document represents prior art published before the priority date of the present application (9 August 2005), which is necessary in order to assess inventive step for the claimed subject-matter. The Board also cannot be sure that aspects of 3-D Secure in the context of the invention were considered in the Search Reports (International Search Report and Supplementary European Search Report).
6. Remittal
Article 111(1) EPC gives the Board the discretion to either exercise any power within the competence of the department whose decision is appealed, i.e. in this case the examining division, or remit the case to that department for further prosecution. According to Article 11 RPBA 2020 - which applies to this case according to Article 25(1) RPBA 2020 - the Board shall not remit a case unless special reasons present themself for doing so.
For the reasons explained above, the Board is not in a position to examine inventive step of amended claim 1 according to the main request without a further search being carried out. This constitutes a special reason according to Article 11 RPBA justifying a remittal of the case to the department of first instance.
Since the purpose of appeal proceedings is a review of the decision, it would not be appropriate to carry out a complete examination of novelty and inventive step on the basis of the pertinent documented prior art for the first time in appeal proceedings.
The Board therefore exercises its discretion under Article 111(1) EPC and Article 11 RPBA 2020 and remits the case to the department of first instance on the basis of the main request for further examination and an additional search for the aspects mentioned above.
The Board can directly issue a written decision under the present circumstances without the need for holding oral proceedings, because it follows the appellant's request for remitting the case on the basis of the main request filed with letter dated 5 July 2023.
For these reasons it is decided that:
The decision under appeal is set aside.
The case is remitted to the department of first instance for further prosecution.