T 0768/17 (Authenticating wireless payments/VODAFONE) 26-01-2023
Download and more information:
Direct debit procedure
I. This is an appeal against the decision of the examining division to refuse European patent application No. 13175965.6 for lack of inventive step (Article 56 EPC) in view of D1 (WO 2010/019670 A2).
II. The contested decision held that the features distinguishing the claimed invention from D1 constituted the obvious implementation of a non?technical requirement.
III. In the statement setting out the grounds of appeal, the appellant requested that the decision of the examining division be set aside and a patent be granted on the basis of the refused main, or one of the first to fourth auxiliary requests, all re-filed therewith. The appellant also requested that the appeal fee be reimbursed.
IV. In a communication pursuant to Rule 100(2) EPC, the Board set out its preliminary view that the subject?matter of all requests lacked inventive step over the disclosure of D1 and that the reimbursement of appeal fee was not justified.
V. With a reply dated 2 June 2021, the appellant filed a new fifth auxiliary request and submitted supporting arguments.
VI. The Board arranged for oral proceedings. In a communication accompanying the summons, the Board tended to consider that the subject-matter of all requests lacked inventive step over D1, all auxiliary requests contained added subject-matter (Article 123(2) EPC) and the fifth auxiliary request was not clear (Article 84 EPC).
VII. With a reply dated 28 November 2022 the appellant filed a new main and first to fifth auxiliary requests to replace the previous requests and provided arguments in favour of their allowability.
VIII. Oral proceedings were held by videoconference on 26 January 2023. During the oral proceedings the appellant filed a new main request. The Board did not admit this request into the proceedings under Article 13(2) RPBA 2020. The appellant withdrew the request for the reimbursement of the appeal fee.
IX. The appellant's final requests were that the decision under appeal be set aside and a patent be granted on the basis of one of the auxiliary requests 1 to 5 submitted by the appellant with their letter dated 28 November 2022.
X. Claim 1 of the fifth auxiliary request reads:
"A system comprising a mobile communication device (110) and a backend system (105), wherein the mobile communication device (110) comprises
a radio interface (112) for receiving at least a part of an identifier provided by means of a backend system (105);
a secure element (115) being adapted to store the transmitted identifier;
a processor for preparing a transaction to a reader device (120) by means of at least a part of the transmitted identifier and first information about the transaction;
a transaction interface (116) for transferring at least the part of the transmitted identifier and the first information about the transaction to a reader device (120) for starting the transaction; and
wherein the processor is adapted to prepare second information about the transaction and the radio interface (112) is adapted to transmit the second information about the transaction to the backend system (105) after starting the transaction;
and wherein the backend system (105) comprises a backend processor (102) for generating the identifier, the backend system further comprises a backend memory (101) for storing the identifier and a backend interface (103) for transmitting at least a part of the identifier to the mobile communication device (110);
the backend interface (103) being further adapted to receive via a first communication channel a request of confirmation comprising at least the part of the identifier transferred to the reader device (120) and first information about the transaction;
the backend interface (103) being further adapted to receive the second information about the transaction from the mobile communication device (110) via a different second wireless communication channel;
the backend processor (102) being adapted to compare the first and second information about the transaction;
the backend processor (102) being further adapted to authenticate the request and to prepare a confirmation to verify the identifier transferred to the reader device (120) if the comparison reveals that the first and the second information coincide within certain limits, and
the backend interface (103) being further adapted to transfer the confirmation for initiating a payment by means of a bank system (130), if the request is authenticated."
XI. Claim 1 of the fourth auxiliary request differs from claim 1 of the fifth auxiliary request, in that it does not contain the wording "if the request is authenticated" at the end. It also replaces the wording "second information" in the penultimate feature by "the second information".
XII. Claim 1 of the third auxiliary request reads:
"A mobile communication device (110) being adapted for direct debiting a user, the mobile communication device (110) comprising:
a radio interface (112) for receiving at least a part of an identifier provided by means of a backend system (105);
a secure element (115) being adapted to store the transmitted identifier; a processor for preparing a transaction to a reader device (120) by means of at least a part of the transmitted identifier and first information about the transaction;
a transaction interface (116) for transferring at least the part of the transmitted identifier and the first information about the transaction to a reader device (120) for starting the transaction;
and wherein the processor is adapted to prepare second information about the transaction and the radio interface (112) is adapted to transmit the second information about the transaction to the backend system (105) after starting the transaction."
XIII. Claim 1 of the first and second auxiliary request reads:
"A method of direct debiting a user by means of a mobile communication device (110) comprising a secure element (115), the method comprising the steps of:
- receiving at least a part of an identifier provided by means of a backend system (105) by means of the mobile communication device (110);
- storing the transmitted identifier in the secure element (115);
- initiating a data connection between the mobile communication device (110) and/or the secure element (115) and a reader device (120) for preparing a transaction;
- transferring at least a part of the transmitted identifier to the reader device (120);
- verifying the identifier to be transferred to the reader device (120) or transferred to the reader device (120) in order to release a payment by means of a bank system (130), wherein the step of verifying comprises the steps of:
- receiving via a first communication channel a request for confirming the transaction and/or the payment by means of the backend system (105) by providing at least the part of the identifier transferred to the reader device (120) and first information about the transaction;
- submitting second information about the transaction by means of a radio interface (112) of the mobile communication device (110) to the backend system (105) via a different second wireless communication channel;
- comparing the first and second information about the transaction by means of the backend system (105);
- authenticating the request by means of the backend system (105) if the comparison reveals that the first and the second information coincide within certain limits; and
- transferring the confirmation from the backend system (105) to the bank system (130) of the user."
XIV. Claim 1 of the main request filed during the oral proceedings replaces the wording "if the request is authenticated" at the end of claim 1 of the fifth auxiliary request by the following one:
"the backend interface (103) being further adapted to stop the transaction it the comparison reveals that the first and the second information does not coincide within certain limits
the backend interface (103) requesting an independent authentication of the user of the mobile communication device, the authentication process comprising individual information and being performed by means of the mobile communication device or by means of another communication device if the transaction is blocked, and the backend interface (103) being further adapted to release the transaction or future transactions after the independent authentication of the user."
XV. The appellant argued as follows:
The business person giving a non-technical requirement to the technically skilled person would not have considered comparing the first and second information in the claimed manner. This solution detected human mistakes, fraudulent data manipulation and transmission disturbances and, therefore, improved transaction security which was a (further) technical effect.
The technical problem was to enable data exchange between the relevant devices such that the manipulation of electronically processed transaction data could be detected.
Verifying transactions by comparing the first and second information was quite similar to using checksums which was technical. The condition that the first and second information coincided within certain limits, rather than being identical, reflected the fact that the technical system in the real world incurred some error which should be allowed for.
Using two separate communication channels to authenticate the transaction was not obvious in view of D1. Although the system of D1 included such channels, it used them in different embodiments. There was no hint to use the channels jointly for authenticating one transaction. Indeed, the second channel of D1 was not used for transaction authentication at all, but rather for the softcard provision.
The main request filed during the oral proceedings was admissible because the amendments overcame all raised objections and were straightforward and directly derivable from the application.
1. Admittance
1.1 Auxiliary requests 1 to 5
The Board admits the first to fifth auxiliary requests into the proceedings under Article 13(2) RPBA 2020. The reason is that these requests are a bona fide attempt to resolve issues under Articles 84 and 123(2) EPC raised by the Board for the first time. Also the amendments made are minor and do not present the Board with any new complex issues.
1.2 The Board does not admit the main request filed during the oral proceedings into the proceedings for the following reasons.
Firstly, claim 1 of this request contains extensive amendments based on the description and the Board cannot see an exceptional circumstance in the sense of Article 13(2) RPBA 2020 which would justify making such amendments at an advanced stage of the proceedings. This is all the more so considering that the objection of lack of inventive step, which the amendments seek to overcome, was raised in the contested decision and expanded in the Board's two communications. Accordingly, the appellant had ample opportunity to introduce these amendments earlier.
Secondly, contrary to the appellant's view (see section XV above), it is not prima facie clear and would have to be carefully examined whether the amendments indeed overcome the objection under Article 56 EPC and do not give rise to new issues. Conducting such examination at an advanced procedural state contradicts the need for procedural economy laid down in Article 13(1) RPBA 2020.
2. Since the new main request replacing the previous main request was not admitted, the Board has to only decide on the auxiliary requests filed with a letter dated 28 November 2022.
3. The invention
3.1 The invention concerns the authentication of a wireless payment transaction at a point of sale (POS) (see published application, paragraphs [6] and [7]).
3.2 Looking at Figure 3, the core idea is to receive independently information about a payment transaction from the POS's reader device (120 - "first information about the transaction" in the claims) and a customer's mobile communication device (110 - "second information about the transaction") and to accept the transaction only if those information items "coincide within certain limits", see [12] and [16]. This effectively means that the transaction is rejected if the mobile device and the POS terminal provide inconsistent information about it.
3.3 Payments are conducted using a payment identifier which the mobile communication device receives from a backend system (105). While not claimed, but disclosed in the application, the identifier may be for example an IBAN, see [5] and [38].
In order to carry out a payment at the POS, the mobile communication device wirelessly transfers the identifier, stored in a secure element (115), to the reader device ([6]) along with the first information about the transaction ([12] and [13]). The reader device forwards the received data to the backend system, which is entrusted with the transaction authentication, via a first communication channel. Additionally, the mobile device prepares the second information about the transaction and sends it to the backend system via a second wireless communication channel, see [12], [16], [25] and [28].
The backend system compares the first and second information and if they coincide within certain limits ([16]), it instructs a bank system to effect the payment ([40]).
4. Fifth auxiliary request, Article 56 EPC
4.1 The Board finds it efficient to analyse the most specific fifth auxiliary request first.
4.2 It is common ground that D1 is the closest prior art. Using the wording of claim 1, D1 discloses (claim wording in italics; references to D1 and the Board's comments in brackets):
A system comprising a mobile communication device (page 6, line 4: an NFC-enabled mobile device) and a backend system (page 5, lines 15 to 17: a merchant server),
wherein the mobile communication device (110) comprises
a radio interface (112) for receiving at least a part of an identifier provided by means of a backend system (page 8, lines 26 to 30 and page 10, lines 4 to 9: a softcard's personalisation data is sent wirelessly from the merchant server to the NFC-enabled mobile device);
a secure element (115) being adapted to store the transmitted identifier (page 10, lines 10 to 11);
a processor for preparing a transaction to a reader device (120) by means of at least a part of the transmitted identifier and first information about the transaction and a transaction interface (116) for transferring at least the part of the transmitted identifier and first information about the transaction to a reader device (120) for starting the transaction (page 10, lines 25 to 30: transmission of the softcard personalisation data and further information concerning card balance and payment amount to a wireless device reader (118) at the POS).
the backend system (105) comprises a backend processor (102) for generating the identifier, the backend system further comprises a backend memory (101) for storing the identifier (page 8, lines 19 to 25) and a backend interface (103) for transmitting at least a part of the identifier to the mobile communication device (page 8, lines 26 to 30 and page 10, lines 4 to 9).
Furthermore, D1 discloses a communication channel connecting the POS system to the merchant server (page 11, lines 12 to 17) which corresponds to the first communication channel in claim 1. The system of D1 uses this communication channel for validating an authorisation code provided to a non NFC-enabled mobile device. D1 discloses further an over-the-air communication channel connecting the merchant server to the mobile device (page 9, lines 9 to 11 and page 10, lines 4 to 7) which corresponds to the second wireless channel in claim 1.
4.3 The subject-matter of claim 1 differs from D1 in that (lettering added by the Board):
A) The backend interface (103) is further adapted to receive via a first communication channel a request of confirmation comprising at least the part of the identifier transferred to the reader device (120) and first information about the transaction;
B) The backend interface (103) is further adapted to receive the second information about the transaction from the mobile communication device (110) via a different second communication channel;
C) The backend processor (102) is adapted to compare the first and second information about the transaction;
D) The backend processor (102) is further adapted to authenticate the request and to prepare a confirmation to verify the identifier transferred to the reader device (120) if the comparison reveals that the first and second information coincide within certain limits;
E) The backend interface (103) is further adapted to transfer the confirmation for initiating a payment by means of a bank system, if the request is authenticated (130).
4.4 As set out above, the distinguishing features implement the idea that the transaction is accepted if the information about it provided by the customer and the POS coincide within certain limits. Like the contested decision and contrary to the appellant's view (see decision, pages 5 to 6 and section XV above), the Board judges that this is a business idea which does not involve any technical considerations. Entrusting the backend instance with authenticating transactions is a further business decision.
4.5 Accordingly, the Board judges that the distinguishing features implement a non-technical business method, wherein:
- The transaction is accepted if the first information about it received from the POS and second information about it created by the customer coincide within certain limits.
- The first and second information about the transaction are independently provided to the backend instance which performs the authentication and forwards accepted transactions to a bank for initiating a payment.
4.6 Contrary to the appellant's view, the Board cannot see that, at the level at which they are defined, the distinguishing features enable detecting transmission disturbances between the user mobile device and the reader device.
Firstly, the claim says that the first and second information are independently prepared and, in fact, covers the case that they are quite different. Secondly, the criterion that those information items coincide within certain limits covers any kind of subjective semantic similarity. Contrary to the appellant's argument, the Board cannot see how applying this broad semantic criterion credibly addresses the fact that a real-life data processing system might incur some error at a bit level.
Hence, the claim covers comparing different independently created information using a broad semantic criterion. The Board cannot see how this contributes to detecting transmission errors between the mobile device and the POS or elsewhere in the claimed system.
4.7 Furthermore, in view of the lack of detail concerning the content of the compared information and the vagueness of the comparison criterion, the Board doubts that the alleged effect of detecting a human mistake or fraudulent manipulation of transaction data is achieved over the whole scope of the claim. However, even assuming that in some cases a human mistake and manipulation could be detected, these effects would result from the aforementioned business idea and not from its technical implementation and, therefore, would not count towards an inventive step.
4.8 Furthermore, the Board disagrees that, from the technical perspective, the claimed solution is comparable to the use of checksums in order to establish integrity of electronically transmitted data. Firstly, checksum algorithms operate at a bit level and, unlike the claimed method, are not concerned with the information semantics. Secondly, a checksum is calculated on transmitted information, whereas the claimed method compares two different, independently created information items.
4.9 In line with the COMVIK principle (see T 641/00 - Two identities/COMVIK), once the aforementioned requirement specification has been provided to the skilled person within the framework of the technical problem, he would have found the claimed implementation obvious without the need for inventive skills.
4.10 Starting from D1, it would have been obvious to program the POS system to forward the information received from the mobile device to the merchant server over the communication channel connecting the merchant server and the POS.
Furthermore, it would have been obvious to adapt the NFC?enabled mobile device to create second information about the transaction. The requirement specification asking that the second information be transmitted independently of the first information translates in an obvious manner, at the technical level, to transmitting this information via a channel different from the one connecting the POS and the merchant server. Accordingly, it would have been obvious to use the wireless connection between the merchant server and the mobile device for this purpose.
Finally, it follows directly from the requirement specification that the merchant server needs to be adapted to determine whether the first and second information coincide to some extent and, if so, to provide the accepted transaction to a bank system for initiating a payment.
4.11 Contrary to the appellant's argument, the Board judges that the fact that in D1 the channel between the merchant server and the mobile device is not used for the same business purpose as in the claim and the fact that the channels of D1 are used in different embodiments would not have prevented the skilled person from adopting the above solution.
Also the appellant expressed the opinion that a skilled person would deem a second channel necessary if he was unsure of the discretion of the first channel and that a comparison would be obsolete, if both sets of information were transmitted via the same channel (see page 3, third paragraph of the letter dated 28 November 2022). The Board agrees with this point of view and concludes that the skilled person would have considered the use of a second communication channel without the need for inventive skills.
Furthermore, the use of the channels already disclosed in D1 has the evident advantage that no technical modification to the system of D1 is required.
4.12 Hence, claim 1 lacks an inventive step (Article 56 EPC).
5. First to fourth auxiliary requests
Since claim 1 of the first to fourth auxiliary requests are broader than claim 1 of the fifth auxiliary request, they lack an inventive step for the above reasons.
6. Accordingly, none of the requests fulfils the requirements of the EPC.
For these reasons it is decided that:
The appeal is dismissed.