T 0541/10 (Sensitive information/PAYPAL) of 11.11.2015

European Case Law Identifier: ECLI:EP:BA:2015:T054110.20151111
Date of decision: 11 November 2015
Case number: T 0541/10
Application number: 00926493.8
IPC class: G06F 17/60
Language of proceedings: EN
Distribution: D
Download and more information:
Decision text in EN (PDF, 287.913K)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: SYSTEM AND METHOD FOR ELECTRONICALLY EXCHANGING VALUE AMONG DISTRIBUTED USERS
Applicant name: PayPal, Inc.
Opponent name: -
Board: 3.5.01
Headnote: -
Relevant legal provisions:
European Patent Convention Art 52(1)
European Patent Convention 1973 Art 56
Keywords: Patentable invention - technical and non-technical features
Inventive step - (no)
Catchwords:

-

Cited decisions:
T 0769/92
T 0844/09
Citing decisions:
-

Summary of Facts and Submissions

I. European patent application 00926493.8, published as WO 00/67177 A2, relates to a system and method for facilitating the exchange of value between financial accounts using a distributed computer system.

II. The examining division refused the application for lack of inventive step of the claimed invention in the light of a common electronic home banking system. The invention essentially proposed the use of alternative identifiers, other than bank account or credit card numbers, to avoid exposing critical bank account data during a financial transaction. The invention did not provide a technical solution to a technical problem but merely circumvented the technical problem of protecting such data by hiding the more sensitive information.

III. The appellant (applicant) lodged an appeal in due time and form against that decision. Three alternative sets of claims, headed "Main Request", "First Auxiliary Request", and "Second Auxiliary Request" were filed with the statement setting out the grounds of appeal, on 7 December 2009.

IV. In a communication giving a provisional opinion, the Board explained that it considered the contested decision was essentially right in its findings and in the reasons given for lack of inventive step.

V. Following a response letter maintaining the appeal requests, oral proceedings were held before the Board on 11 November 2015. The appellant addressed the Board, requesting that the decision under appeal be set aside and that a patent be granted on the basis of the claims of the Main Request or of the First or Second Auxiliary Requests, all filed with the grounds of appeal dated 26 November 2009.

VI. Claim 1 of the Main Request reads as follows:

"A computer system (102, 104), (106), 108), 110) [sic] for effecting value exchanges between financial accounts held in financial institutions by users who may communicate with the computer system using client apparatus (122a; 122b; 122c) via a communication network (120), wherein the computer system:

(a) is arranged

(i) for storing a plurality of registered user identification data identifying respectively a plurality of registered users,

(ii) for storing in association with said registered users respectively the identities of said financial accounts in relation to which value is to be exchanged when a transaction is executed, and

(iii) for storing a plurality of pre-existing identifiers which are associated respectively with said registered users and which are in the form of network address data intended for communication with the registered user via a communication network independently of the system;

(b) is arranged for receiving instructions for transactions, each between first and second registered users, said instructions:

( i) being received from said first registered user,

(ii) defining the value to be exchanged, and

(iii) identifying said second registered user by means of said pre-existing identifier associated with said second registered user; and

(c) is operable on the basis of said identities of said financial accounts, said pre-existing identifiers and said values defined in said transaction instructions to effect said value exchange between said financial accounts, associated with said first and second registered users."

Claim 1 of the First Auxiliary Request has the same wording as above, except for feature (b) which reads:

"(b) is arranged for receiving instructions for transactions, each between first and second registered users, said instructions being input on a client apparatus (122a; 122b; 122c) from software obtained from a server".

Claim 1 of the Second Auxiliary Request has various features amended; it reads as follows:

"A computer system (102, 104), (106), 108), 110) [sic] configured for facilitating value exchange transactions, the computer system comprising:

(a) a central database (102);

(i) for storing a plurality of registered user identification data identifying respectively a plurality of registered users,

(ii) for storing in association with said registered users respectively the identities of financial accounts in relation to which value is to be exchanged when a transaction is executed, and

(iii) for storing a plurality of pre-existing identifiers which are associated respectively with said registered users and which are in the form of network address data intended for communication with the registered user via a communication network independently of the system;

(b) a server (104) arranged for receiving instructions for transactions, each between first and second registered users, said instructions being input on a client apparatus (122a; 122b; 122c) through software obtained from the server (104); the instructions

(i) define the value to be exchanged, and

(ii) identify said second registered user by means of said pre-existing identifier associated with said second registered user; and

(c) the server (104) is operable on the basis of said identities of said financial accounts, said pre-existing identifiers and said values defined in said transaction instructions to effect said value exchange between said financial accounts, associated with said first and second registered users."

VII. The appellant's submissions given orally and in writing may be summarised as follows.

a) The subject matter of the invention was patentable. If duly considered in context, it was not simply a business idea suggesting to use some alternative identifiers instead of an account or credit card number. It went beyond that, essentially because of two things: first of all, the actual account information was hidden; and, secondly, a person using the system uses an electronic identifier such as its email address. This forms the basis for making a transfer between one person and another. The claimed invention was also novel and inventive over the prior art. It provided a inventive contribution over the common electronic home banking system cited by the examining division as closest prior art. The invention defined in claim 1 of the main request was distinguished from such a home banking system by the following features (numbering (F1) etc. added by the Board for ease of reference):

(F1) storing a plurality of pre-existing identifiers which are associated with registered users and which are in the form of network address data intended for communication with the registered users via a communication network,

(F2) identifying the second registered user by means of the pre-existing identifier associated with the second registered user, and

(F3) operating on the basis of the identities of the financial accounts, the pre-existing identifiers and the values defined in the transaction instructions to effect the value exchange between the financial accounts associated with the first and second registered users.

b) In respect of a common electronic home banking system, the invention as defined in claim 1 of the main request solved the objective technical problem of facilitating the transfer of funds in a secure way without revealing sensitive information.

c) The person receiving or sending the payment had never to disclose their financial account information to the other party. In the context of fraud, having the telephone number or network address was of no use; the critical credit card or bank account information, however, remained hidden by using identifiers which had a meaning outside of the computer system, such as a telephone number or email address, but which did not disclose critical information about the financial accounts involved in the transaction. In the prior art, such critical information could not be kept secret.

d) Keeping information secret, or, alternatively stated, securing information, was a key aspect of the modern age and was technical. To improve the security of the data exchange, all features - whether considered technical or non-technical - interacted to effect a secure transfer of funds and hence provided a technical contribution to the prior art. The skilled person, a computer expert with knowledge of banking systems, tasked with the problem of how to increase security in transactions would have focused on the existing approaches of the banking industry's computer systems. Although firms spent considerable effort and technology in ensuring that, when a user provided its credit card information, it was not vulnerable to attack or retrieval by third parties, there was no teaching in any such prior art which could or would have prompted the skilled person to modify or adapt the common electronic home banking system to arrive at the invention of claim 1.

e) The appellant advised of the extraordinary commercial success of the invention, which was directed generally to the arrangement employed by the appellant in practice, to allow users to interact and make transactions. In 2014, this represented approximately 214 billion dollars of transactions.

f) The appellant cited decisions T 769/92 General-purpose management system/SOHEI OJ EPO 1995, 525, and T 844/09, not published in the OJ EPC (PayPal Inc.). The Sohei-decision held that a computer system for handling financial and inventory management information could be granted if the invention provided a new way of resolving a technical difficulty. In the PayPal-decision, the present appellant had succeeded in obtaining grant of a patent. There was a striking similarity with the present application in that the examining division took recourse to the argument of a mere implementation of a non-technical activity in the context of electronic fraud prevention. The board had not concurred with the findings of the examining division, but found that the verification of a user's authorisation to use a financial account, which relied on a technical understanding of the operation of the transaction system and its respective components, lay within the scope of a technically-qualified person working in the field of computer-implemented online financial transaction systems and, notably, entrusted with the security aspects thereof. As highlighted in the PayPal-decision neither the business professional nor the administrative professional would be qualified or, indeed, able to devise any of these ideas, as they lay outside their areas of competence.

g) The arguments supplied in support of the main request applied equally to the first and second auxiliary requests.

Reasons for the Decision

1. The admissible appeal is not allowable since none of the requests before the Board overcomes the objection that the subject matter of claim 1 does not meet the requirement of inventive step as set out in Article 52(1) EPC and Article 56 EPC 1973.

2. A common electronic home banking system has been cited in the decision under appeal as closest prior art. The relevance of this piece of prior art has not been disputed by the appellant. The appellant explained the difference between the claimed invention and the common electronic home banking system, providing a list of the distinguishing features of the invention (F1, F2, and F3, see VII. a) above). The Board essentially concurs with the appellant's prior art analysis, albeit not with the formulation of the objective technical problem and subject to the interpretation that "network address data" are not used as network address data within the very same "communication network (120)" which is used for communication between the computer system and the client users. The "network address data", for example a telephone number or a Social Security number, is not functional as network address in communication network 120; it has such a function outside of the system (see e.g. A2-document, page 2, line 29 f., page 5, line 5 ff., page 11, line 20 ff.).

3. The technical aspects provided by distinguishing features F1, F2, and F3, therefore, are quite limited; they define a business-related scheme for identifying financial accounts. Although this scheme might be innovative, it nevertheless lacks technical character. If this scheme allows the hiding of some "more sensitive information" then this is not based on any technical effect but on social behaviour and banking practice. The innovation is actually completed before any field of technology comes into play: the very same scheme could be practised using conventional account books and pencil. A prior agreement to use a name, a Social Security number or even a telephone number, instead of more sensitive information, for identifying financial accounts need not involve any technical means.

4. It would not make any difference to the assessment of the technical character of the present invention if the claim were construed as meaning a two layered system, where the first layer was a kind of trustee that kept sensitive information under lock and key, retrieved the sensitive account information from the pre-existing identifier and forwarded it to the second layer, the financial institution that held the account and effected the value transfer. Such a transfer scheme is based on business considerations, possibly intermingled with legal concerns, and lacks any relevant technical effect.

5. Implementing a scheme as defined by distinguishing features F1, F2, and F3, or such a two layered transfer scheme, on a distributed computer system, such as a web application, does not add anything beyond the obvious: from the viewpoint of a skilled person, programming and implementing a business or trading method as a web application, for example, is no more than a routine task if, as in the present case, the implementation only requires the ordinary use of computer and network technology.

6. In support of its submissions, the appellant cited two decisions of the boards of appeal (Sohei and PayPal, see VII.f) above). It is first noted that the boards handing down the respective decision did not question that a technical contribution is the basis for the patentability of an invention. The Sohei-decision was concerned with the question of exclusion from patentability and is thus not directly relevant to the present case.

7. The PayPal-decision arrived at a positive conclusion regarding inventive step. The board found a need for technical considerations in the matter under scrutiny. In 5.3, the board stated that the "verification of the user's authorisation to use a financial account - relies on a technical understanding of the operation of the transaction system and its respective components." This distinguishes that case from the present, where no technical understanding beyond the trivial is required in using pre-existing identifiers in financial transactions.

8. In summary, the invention according to claim 1 of the main request does not provide a technical contribution over a common electronic home banking system which goes beyond a routine implementation of a business application on a common distributed computer system. Accordingly it does not meet the requirement of inventive step.

9. In respect of the auxiliary requests, it is noted that the appellant relied in its submissions only on those arguments already given in support of the main request. In accordance with the reasons given above, the Board can only conclude that the auxiliary requests do not overcome the objection of lack of inventive step for the same reasons. The appeal, therefore, can only be dismissed.

Order

For these reasons it is decided that:

The appeal is dismissed.

Quick Navigation