T 1901/08 09-02-2012
Download und weitere Informationen:
A self-service terminal
Summary of Facts and Submissions
I. This is an appeal against the refusal of application 05 250 955 for lack of an inventive step, Article 56 EPC 1973, over document D1: US2004/0016796 A.
II. Oral proceedings were held in the absence of the appellant applicant, of which the board had been informed in advance.
III. The appellant requested in writing that the decision under appeal be set aside and a patent granted on the basis of the following:
Claims: Claims 1 to 13 filed with the letter dated 3 February 2012;
Description: Page 1 filed with the letter dated 3 February 2012;
Pages 2 and 3 filed with the letter dated 22 November 2011;
Pages 4 to 13 as originally filed;
Drawings: Sheets 1/3 to 3/3 as originally filed.
IV. The appellant furthermore requested that the following questions be referred to the Enlarged Board of Appeal for consideration:
"1) Is an Examiner to be considered as a person skilled in the art for the purposes of determining what is known to the notional person skilled in the art, without documentary support for assertions of the state of knowledge of the person skilled in the art, notorious prior art excepted?
2) In determining the state of the art for the assessment of inventive step is it allowable for an Examiner to impute non-notorious features into the teaching of a prior art document, where the non-notorious features are not derivable, either explicitly or implicitly, from the teachings of either the prior art document itself or any other cited prior art document?"
V. Claim 1 reads as follows:
"A self-service terminal (10), for example an automated teller machine, comprising:
a plurality of detecting means each associated with a respective component (16, 18, 22, 24) of the self-service terminal (10), each of the plurality of detecting means being arranged to detect pre-determined conditions of the respective component associated therewith (16, 18, 22, 24);
a plurality of component level software agents (34), each associated with a respective component (16, 18, 22, 24), each of the component level software agents (34) being arranged to provide condition signals in response to the detection of one or more of said pre-determined conditions associated with the component level software agents respective component (34);
wherein the plurality of detecting means and the plurality of component level software agents are comprised in a fraud detection system arranged to detect if a fraudster has tampered with a card reader in some way, and wherein the fraud detection system comprises:
a first detecting means associated with a card reader mechanism (28), arranged to detect jamming of the card reader mechanism (28);
a first component level software agent (34) associated with the card reader mechanism and arranged to provide a condition signal in response to the first detecting means detecting jamming of the card reader mechanism (28); and
at least one higher level software agent (38) arranged to use the condition signal from the first component level software agent (34) and at least one other of the plurality of component level software agents (34) to detect potentially fraudulent activity based upon the content of said two condition signals."
Claim 10 reads as follows:
"A method of detecting if a fraudster has tampered with a card reader at a self-service terminal (10), for example, an automated teller machine, and wherein the method comprises the steps of:
i) detecting predetermined conditions of a plurality of components (16, 18, 22, 24) of a self-service terminal (10), at respective detecting means;
ii) generating, at respective component level software agents, condition signals indicative of a predetermined condition of at least one of the plurality of
components (16, 18, 22, 24);
iii) detecting, at a card reader detecting means, jamming of a card reader mechanism (28) of the self-service terminal (10);
iv) generating, at a component level software agent (34) associated with the card reader mechanism (28), a card reader mechanism condition signal indicative of the jamming of the card reader mechanism (28); and
v) detecting potentially fraudulent activity at a higher level software agent (38) using the card reader mechanism condition signal and at least one of the further condition signals."
VI. Reference is made to the following further prior art documents:
D2: US 6 539 361 B
D3: US 6 676 018 B
D4: WO 02/25613 A
D5: EP 0 977 163 A
D6: GB 2 351 590 A
D7: US 5 448 722 A.
VII. The appellant in substance provided the following arguments:
Document D1 was not concerned with a fraud detection system arranged to detect if a fraudster has tampered with a card reader in some way and failed to disclose a number of features of claim 1. The Examining Division have imputed both a level of inventiveness and common general knowledge to the person skilled in the art far beyond that of the notional person skilled in the art. Furthermore, the Examining Division did not provide any objective evidence for the level of inventiveness and common general knowledge they imputed. Accordingly, the subject-matter of claim 1 was new and involved an inventive step over D1. Rather, document D6 constituted the closest prior art. Document D6, however, relied on a proximity sensor for determining whether an activity carried out at an automated teller machine (ATM) was fraudulent or not. There was nothing in D6 or elsewhere suggesting modifying this teaching so as to arrive at the claimed subject-matter. Accordingly, the subject-matter of claim 1 was also new and involved an inventive step over D6
Reasons for the Decision
1. The appeal is admissible.
2. Amendments
Independent claim 1 as amended is based on claim 6 as originally filed and the description, page 9, line 1 to page 10, line 5 and figure 2.
Claims 2, 3 and 4 are based on the description, page 9, line 1 to page 10, line 5 and figure 2.
Claim 5 is based on the description, page 10, line 21 to page 11, line 7.
Claim 6 is based on the description, page 11, lines 8 to 19.
Claim 7 is based on the description, page 3, lines 21, 22.
Claim 8 is based on the description, page 3, lines 15 to 18.
Claim 9 is based on originally filed claim 7.
Claims 10 to 13 are method claims essentially corresponding to claims 1 to 4 above.
Accordingly, the amendments comply with Article 123(2) EPC.
3. Novelty, inventive step
3.1 Document D1
3.1.1 Document D1 discloses an automated banking apparatus, i.e. a self-service terminal, such as an ATM, operative to carry out banking transactions commonly required by merchants. The apparatus includes components such as a screen, a card reader, a keypad, a note dispenser, a depository for accepting envelope-type deposits, a rolled coin dispenser, a note acceptor and a bag depository (cf paragraphs [0076] to [0092]).
The apparatus further includes sensors connected to the terminal processor, which sense conditions of the components and malfunctions. Sensors are provided for controlling the note dispenser, the note acceptor, the bag depository and the rolled coin dispenser ([0107] to [0111]). Condition signals of the various components in the form of messages are sent to the terminal processor. In particular, sensory units in the note acceptor determine the type of notes inserted and distinguish valid notes from invalid notes ([132]).
Transaction performed using the apparatus include deposits of deposit bags, currency, and checks ([0192] to [0275]) and money exchanges ([0151] to [0275]). In particular a money exchange transaction using a bank card is disclosed which enables the user to receive notes or coins and charge them to an account such as a debit or credit card account ([0171] to [0189]). As part of this transaction, the user is prompted to insert the card into the card reader and to input a PIN using the keypad ([0172]).
The subject-matter of claim 1 differs from D1 in that
- the terminal comprises a fraud detection system arranged to detect if a fraudster has tampered with the card reader in some way, comprising a first detecting means associated with the card reader mechanism arranged to detect jamming of the card reader mechanism, and
- component level software agents, each associated with a respective component, are provided and at least one higher level software agent is provided, arranged to use the condition signal from the first component level software agent and at least one other of the plurality of component level software agents to detect potentially fraudulent activity based upon the content of said two condition signals.
The subject-matter of claim 1 is, thus, new over document D1 (Article 54(1) and (2) EPC 1973).
3.1.2 According to the decision under appeal, the first difference above defined the specific case of detecting the card reader tampering fraud scenario. However, the specific fraud scenario was a type of (fraudulent) human activity and did not represent in itself a technical difference but rather was a non-technical aspect. Thus, the presence of inventive step could not be assessed based on the specific fraud scenario itself but rather based on the technical means defined in order to detect this particular fraud scenario.
The requirement to detect a particular type of fraud was an administrative requirement based on circumstances (e.g. the fraudulent activities of a particular criminal gang in a neighbourhood). The description of the fraudulent activity, i.e. the specific fraud scenario was given to the person skilled in the art as a requirement and, being a non-technical aspect, it could be legitimately included in the definition of the technical problem. Thus, the (partial) technical problem to be solved by the person skilled in the art starting from the self-service terminal disclosed in document Dl was to implement in this self-service terminal the detection of the specific card reader tampering fraud scenario. As the specific conditions to detect and the specific components to monitor were thus provided to the person skilled in the art, he would adapt, without the exercise of inventive skill, the self service terminal of document Dl in order to detect a card reader jam and to use the generated signal in combination with other signals for detection of card reader tampering (cf reasons 2.1).
3.1.3 The board, however, cannot concur with the above finding concerning the first difference, that the requirement to detect a particular type of fraud was an administrative requirement and thus a non-technical aspect.
Although fraud detection may in certain cases involve non-technical aspects, this is not considered to be the case for the subject-matter of claims 1 and 10.
The detection of a particular type of fraud or fraud scenario in the present case, ie the recognition that card reader jamming in combination with an other condition signal of a component of the terminal (such as the request for the dispense of a large amount of cash or a PIN entry attempt) is indicative of a tamper attempt, relies on a technical understanding of the operation of the terminal and its respective components and, thus, lies within the scope of a technically qualified person working in the field of self-service terminals.
3.1.4 Detecting jamming of the card reader, as provided in the above first difference, in fact in combination with at least part of the above second difference providing the use of at least another condition signal, serves the purpose of detecting whether a fraudster has tampered with the card reader. This represents a technical aim to be achieved in the technical field of terminal security and cannot be fairly held to be an administrative, non-technical requirement.
Accordingly, it is not considered justified to include this requirement in the formulation of the technical problem, contrary to what is argued in the decision under appeal (essentially applying the principles of decision T 641/00 (OJ 2003, 352)).
3.1.5 The objective technical problem to be solved relative to D1 based on the above distinguishing features is to improve tampering detection.
Although fraud issues are addressed in some instances in document D1, the document is silent on any tampering issues specifically concerning the card reader. It cannot be reasonably held, that starting from D1 the person skilled in the art would arrive at the claimed terminal merely based on common general knowledge. Neither would the person skilled in the art arrive at the claimed terminal based on any of the other cited documents, none of which deals specifically with tampering detection in conjunction with card reader jamming.
Accordingly, the subject-matter of claim 1 involves an inventive step over document D1 (Article 56 EPC 1973).
3.2 Document D6
3.2.1 Document D6 discloses a self-service terminal, such as an automated teller machine, and in particular a terminal incorporating an arrangement for fraud prevention by means of detection of an unauthorised interference or tampering with data capture devices.
According to D6, potential targets for fraud include the magnetic card reader, and the data input or capture device used for entry of a PIN or other identifier. Methods, which have been used in attempts to execute such frauds, include fitting false interfaces to the fascia of an ATM in order to intercept the relevant data as it is being communicated to the ATM. For example, an additional magnetic card reader may be placed in the entry to the existing card reader, so that the information stored on a card may be read as the card is inserted into the ATM. The intercepted data may then be used to construct a fraudulent card (cf page 1, line 1 to page 2, line 7).
The solution in D6 is to provide a proximity sensor located adjacent the user interface of the self-service terminal for detecting foreign objects placed in contact with or in close proximity to the user interface.
Document D6, thus, discloses in the terms of claim 1, a self-service terminal, for example an automated teller machine, comprising a fraud detection system arranged to detect if a fraudster has tampered with a card reader in some way.
The subject-matter of claim 1 differs from D6 in the provision of:
- a plurality of detecting means each associated with a respective component of the self-service terminal,
- a plurality of respective component level software agents providing respective condition signals
- detecting means associated with the card reader mechanism to detect jamming and
- at least one higher level software agent arranged to use the condition signal from the first component level software agent of the card reader mechanism and at least one other of the plurality of component level software agents to detect potentially fraudulent activity based upon the content of the two condition signals.
The subject-matter of claim 1 is, thus, new over document D6 (Article 54(1) and (2) EPC 1973).
3.2.2 The objective technical problem to be solved relative to D6 may be formulated as to improve the detection of tamper attempts.
Starting from D6 the person skilled in the art would not arrive at the claimed terminal based on common general knowledge or any of the other cited documents, none of which concerns fraud detection in conjunction with card reader jamming.
Accordingly, the subject-matter of claim 1 involves an inventive step over document D6 (Article 56 EPC 1973).
3.3 Document D7
Document D7 concerns a hierarchical error diagnostic system having a plurality of diagnostic modules for diagnosing a component failure (cf column 1, lines 8 to 22). It is not related to terminals such as ATMs and does not concern fraud detection in conjunction with card reader jamming.
3.4 The remaining documents cited in the search report merely provide background art.
Documents D2 and D3 concern an ATM, but are not concerned with fraud detection in conjunction with card reader jamming.
Document D4 concerns video equipment for the diagnosis of the correct operation of points of sale, such as automatic dispensers of goods or services, and is not concerned with fraud detection and card reader jamming either.
Document D5 concerns an ATM and addresses card reader jamming, but is concerned with collecting information from or imparting information for facilitating efficient maintenance of the service terminals, and not with fraud detection.
3.5 Accordingly, having regard to the cited prior art, the subject-matter of claim 1 involves an inventive step (Article 56 EPC 1973).
3.6 Independent claim 10 is directed to a corresponding method of detecting if a fraudster has tampered with a card reader at a self-service terminal. The subject-matter of claim 10 involves an inventive step (Article 56 EPC 1973) for in substance the same reasons given above.
3.7 Claims 2 to 9 and claims 11 to 13 are dependent on claims 1 and 10, respectively, providing further limitations. The subject-matter of these claims, therefore, also involves an inventive step.
4. The patent application as amended also meets the remaining requirements of the EPC, so that a patent can be granted on the basis of these documents.
5. Referral of questions to the Enlarged Board of Appeal
Since the board rules in favour of the appellant on the matter, the appellant's request for referral is no longer justified (see T 461/88, reasons 10 (OJ EPO 1993, 295; T 301/87, reasons 6.6 (OJ EPO 1990, 335), both cited in Case Law of the Boards of Appeal of the EPO, 6th edition, Chapter VII.E.14.2).
ORDER
For these reasons it is decided that:
1. The appellant's request for referral to the Enlarged Board of Appeal of the questions filed with the statement setting out the grounds of appeal is rejected.
2. The decision under appeal is set aside.
3. The case is remitted to the department of first instance with the order to grant a patent with the following documents:
Claims: Claims 1 to 13 filed with the letter dated 3 February 2012;
Description: Page 1 filed with the letter dated 3 February 2012;
Pages 2 and 3 filed with the letter dated 22 November 2011;
Pages 4 to 13 as originally filed;
Drawings: Sheets 1/3 to 3/3 as originally filed.