Abstract on Article 056 EPC for the decision T0201/21 of 08.04.2025

In T 201/21, the prior art disclosed a system for verifying authentication and ownership of a physical article. Each article included a label having a unique authentication code, pre-stored on a server database. The authentication code can be used to verify authenticity of an item by sending a query to a manufacturer's server. When a transaction takes place, the merchant registers ownership of the item by sending a registration request to the server including the article's unique code and a generated unique number. The registration only takes place if the code and number are not already associated with another sale. Claim 1 differed from the prior art essentially in that card numbers are pre-stored in the central database and provided to the merchant on a brand property card (BPC), in that the database is populated with point of sale data upon entry of the numbered cards at a point of sale, in that a BPC card is provided to the user and its number is combined by the merchant with the unique identifier code in a registration request, and in that the registration is only possible if both the BPC card number and unique identifier code match a number and a code stored on the server and not associated with a sold physical article. The appellant had argued that these features increased the security of the authentication method by providing a second authentication factor. In particular, it was argued that "... the combination of ... pairing [of the unique card and article numbers] in the database and the use of numbered cards that are not initially paired with particular physical items, results in ... strong authentication of physical articles". Moreover, they guarantee that the merchant has the authority to register the sold articles in the database. The board found these arguments unconvincing. It regarded the general idea of protecting a transaction, here a registration, with a password as non-technical and also well known. The board further considered that the idea of using a predefined set of one-time passwords for user or merchant authentication also lacked technicality. Even when considered technical, this feature could not support an inventive step, as it corresponded to the well-known transaction authentication number (TAN) authentication procedure commonly used in online transactions. Making use of a server to store and verify the passwords or TAN numbers and of cards for distributing these to the merchant and customers was a straightforward implementation of this known procedure on well-known means. The appellant had argued that the invention addressed the sales of luxury goods where customers appreciate tangible objects, such as certificates on elegant cards, and formulated the objective problem as "how to make the use of security tokens more attractive to a given population". The board did not consider this an objective technical problem, as its formulation depended on the user's subjective preferences or expectations. From a technical point of view, the cards of claim 1 were merely a support for providing the merchant with the unique numbers to be used for the registration procedure. This was considered to be an obvious implementation possibility. Accordingly, the board concluded that claim 1 of the sole request lacked an inventive step over the prior art.