9.2.12 Assessment of features relating to mathematical algorithms
In T 1326/06 the board held that methods of encrypting/decrypting or signing electronic communications had to be regarded as technical methods, even if they were essentially based on mathematical methods. It referred to T 953/04, where the board had stated that the use of cryptographic methods in the technical context of electronic data processing and communication certainly had technical character. The board in T 1326/06 also referred to T 27/97, where the board had stated that a method of encrypting or decrypting a message represented in the form of a digital word using RSA-type public-key algorithms was not excluded from patentability under Art. 52(2) and (3) EPC, even if based on an abstract algorithm or mathematical method.
In T 2101/12 the application related to a computer implemented invention concerning a method and system for providing an electronic signature and authentication. The board considered this to be a straightforward automation of a known process (e.g. a contract agreement executed before a notary) devoid of any inventive activity.
In T 1158/17, however, the board came to a different conclusion. The board here was not convinced by the contested decision's finding that the claimed components were not technical because they modelled the roles of humans interacting within the framework of the administrative postal scheme. The board considered that a similarity to a business or administrative solution was not a sufficient reason for denying a technical contribution of a claim feature applied in a technical context and involving technical considerations. Put another way, technical considerations in the technical context cannot be negated merely on the basis of a non-technical analogy. The board held the invention to be no mere automation of an administrative scheme.
In T 1461/12 the application related to a system and method for auditing software usage with the aid of the acquired licences using an unlock key. In the board's view, it was up to the rights owners whether they wanted to limit the number of "copies" made of a given piece of software and to grant one set of rights for the first number of copies and a different, limited set of rights subsequently for a second number of copies. Moreover, the board took the view that the rights owner would make that choice according to legal, economic and administrative considerations rather than technical ones. The board therefore considered that the content of the license did not contribute to the technical character of the invention.
The board in T 548/13 held that the only distinguishing feature, requiring the security features to show different views of the same image on the front and back of a value document, was non-technical. It conceded that it made the document more difficult to counterfeit, but two different motifs could just as easily be used.
In T 1749/14 the invention was in the field of mobile point-of-sale (POS) terminals for carrying out transactions, e.g. involving a credit card. The invention tried to avoid the customer's sensitive information becoming known if a merchant's device was tampered with by allowing a transaction to be carried out without the customer having to present account information and the PIN to the merchant. The board held that the invention required a new infrastructure, new devices and a new protocol involving technical considerations linked to modified devices and their capabilities as well as security relevant modifications of the transfer of sensitive information using new possibilities achieved by the modifications to the previously known mobile POS infrastructure. The board considered the security relevance of the modifications to contribute to the technical character of the present invention.
- T 0201/21
In T 201/21, the prior art disclosed a system for verifying authentication and ownership of a physical article. Each article included a label having a unique authentication code, pre-stored on a server database. The authentication code can be used to verify authenticity of an item by sending a query to a manufacturer's server. When a transaction takes place, the merchant registers ownership of the item by sending a registration request to the server including the article's unique code and a generated unique number. The registration only takes place if the code and number are not already associated with another sale.
Claim 1 differed from the prior art essentially in that card numbers are pre-stored in the central database and provided to the merchant on a brand property card (BPC), in that the database is populated with point of sale data upon entry of the numbered cards at a point of sale, in that a BPC card is provided to the user and its number is combined by the merchant with the unique identifier code in a registration request, and in that the registration is only possible if both the BPC card number and unique identifier code match a number and a code stored on the server and not associated with a sold physical article.
The appellant had argued that these features increased the security of the authentication method by providing a second authentication factor. In particular, it was argued that "... the combination of ... pairing [of the unique card and article numbers] in the database and the use of numbered cards that are not initially paired with particular physical items, results in ... strong authentication of physical articles". Moreover, they guarantee that the merchant has the authority to register the sold articles in the database.
The board found these arguments unconvincing. It regarded the general idea of protecting a transaction, here a registration, with a password as non-technical and also well known. The board further considered that the idea of using a predefined set of one-time passwords for user or merchant authentication also lacked technicality. Even when considered technical, this feature could not support an inventive step, as it corresponded to the well-known transaction authentication number (TAN) authentication procedure commonly used in online transactions. Making use of a server to store and verify the passwords or TAN numbers and of cards for distributing these to the merchant and customers was a straightforward implementation of this known procedure on well-known means.
The appellant had argued that the invention addressed the sales of luxury goods where customers appreciate tangible objects, such as certificates on elegant cards, and formulated the objective problem as "how to make the use of security tokens more attractive to a given population".
The board did not consider this an objective technical problem, as its formulation depended on the user's subjective preferences or expectations. From a technical point of view, the cards of claim 1 were merely a support for providing the merchant with the unique numbers to be used for the registration procedure. This was considered to be an obvious implementation possibility. Accordingly, the board concluded that claim 1 of the sole request lacked an inventive step over the prior art.