T 2305/17 15-04-2021
Download and more information:
PIN VERIFICATION
Licentia Group Limited
Mypinpad Limited
I. The appeal is against the decision of the examining division refusing the European patent application No. 13 744 777.7 (published as WO 2014/013252 A2) on the ground that claim 1 of the Main Request before it comprised unsearched subject-matter which did not combine with the original claims to form a single general inventive concept. In addition, the examining division, exercising its discretion under Rule 137(3) EPC, did not admit the First to Fourth Auxiliary Requests into the procedure.
II. During the international phase of the application, an objection for lack of unity of invention was raised by the EPO as International Search Authority (ISA). Three separate inventions were identified, only the first invention (relating to original claims 1 to 12, 14 to 25, 31, 32, 34 to 43 and 45 to 49) was searched, and the applicant (now appellant) was invited to pay additional search fees for those of the other two inventions it wanted to be searched. The applicant did not pay any additional search fees and the remaining two inventions (the one defined in original claims 13, 26 to 30 and 44, and the other in claim 33) were not searched (see International Preliminary Report on Patentability).
Upon entry into the European regional phase, the examining division confirmed the lack of unity as raised during the international phase and invited the appellant to pay additional search fees if it wanted any of the two unsearched inventions to be searched. The applicant did not pay any additional search fees or contest the findings related to non-unity but filed amended claims.
In the decision under appeal, the examining division confirmed the findings related to non-unity (see points 17 to 19 of the impugned decision), and held that claim 1 of the Main Request before it comprised subject-matter related to the second invention, which had not been searched and did not combine with the searched subject-matter to form a single inventive concept.
III. During the oral proceedings before the board, which were held via videoconference at the request of the appellant, the appellant requested that the appealed decision be set aside and that a patent be granted based on the amended Main Request and description as filed during these oral proceedings as well as on the drawings as published.
IV. The Main Request consists of the following application documents:
- Claims 1 to 15 as filed on 15 April 2021 during oral proceedings before the board (clean version);
- Description, pages 1 to 38, as filed on 15 April 2021 during oral proceedings before the board (clean version);
- Drawings sheets 1/12 to 12/12 as published.
V. Reference is made to the following prior art documents, cited during the first instance examination procedure:
D1: EP 1 615 181 A1
D2: US 2002/0188872 A1.
VI. Claim 1 of the Main Request is worded as follows:
A computer-implemented verification method comprising the step of:
enabling a user to input an identifier into an electronic device (1) having:
(i) a screen; and
(ii) an operable, virtual keypad (2) within a keypad zone of the screen;
by operating at least one key of the operable, virtual keypad via an image (3) of at least part of a keypad which is displayed at least partially within the keypad zone;
wherein the image represents of depicts a scrambled keypad having at least one key which is positionally re-ordered or reconfigured relative to the layout of the keys in the operable, virtual keypad, characterised in that the configuration or order of the keys in the operable, virtual keypad is altered after at least part of the user's identifier has been inputted [sic].
VII. The appellant argued essentially that in none of the prior art documents a change of the order (or configuration) of the keys in the virtual, operable keypad was disclosed or suggested. The method of claim 1 was, therefore, new and inventive.
1. The appeal is admissible.
2. The claimed invention
The claimed invention relates to a method for allowing a user to enter their identifier (e. g. a PIN) at a terminal (e. g. an ATM) under secure conditions.
2.1 A user, who wants to use a terminal in order to carry out a transaction, has to provide a personal identifier as a means of authentication. Usually the terminal has a touch screen, where a "virtual keypad" is displayed and the user inputs their identifier by "pressing" the corresponding keys (e. g. numbers). A potential fraudster can observe the user's actions and capture their movements over the keypad (either by physically looking at the user or by using suitable key-logging software) and so can obtain the user's identifier. At the same time, a fraudster can intercept the transmission of the identifier from the terminal to a remote server and so obtain the user's identifier.
2.2 The application proposes a solution to these problems by using images of scrambled keypads that are laid over the image of the initial virtual, operable keypad.
A scrambled keypad is a keypad in which the order (position/configuration) of the keys has been changed with respect to their normal positions in a standard keypad. Such images are generated at a remote server and sent to the terminal where they are laid over the image of the standard keypad. The user inputs their identifier using the keys in this image of the scrambled keypad. The keys selected by the user correspond to those keys of the virtual, operable keypad, which "lie" under the corresponding keys in the overlaid image of the scrambled keypad. Hence, when a user for example "presses" the number "4" on the image of the scrambled keypad, and "4" lies over the number "7" of the virtual, operable keypad, the terminal will send to the server the number "7". The server, using the generated image of the scrambled keypad, maps the "7" received from the terminal back to the "4" intended by the user and so it can regenerate the user's input. In this way, not only someone capturing the user's gestures will not recognise the identifier (since the keys are in different positions) but, even if the identifier transmitted from the terminal to the server is intercepted, it will not correspond to the real identifier of the user.
2.3 Moreover, the claimed method foresees that the order (configuration) of the keys in the operable, virtual keypad (i. e. the one "underlying" the displayed image of the scambled keypad) is changed after the user has input at least part of their identifier. This provides for additional security when the identifier contains more than once the same digit, since the same key in the image of the scrambled keypad will not "lie over" the same key of the virtual, operable keypad during the user's input (see page 36, line 1 to page 37, line 9 of the application as published).
3. Admission of the present Main Request
3.1 The present Main Request was filed on 15 April 2021 during the oral proceedings before the board. It is essentially based on the previous main request, filed on 15 March 2021, which in turn was essentially based on the previous 1**(st) Auxiliary Request filed with the statement of the grounds of appeal.
3.2 Compared to claim 1 of the previous 1**(st) Auxiliary Request filed with the statement of the grounds of appeal, the sole independent claim (claim 1) of the present Main Request was amended to clarify that it is the order or configuration of the keys in the virtual, operable keypad (and not the keypad of the superimposed image) that is altered after at least part of the user's identifier is input. No subject-matter was removed or added to the claim.
The board does not regard this amendment as an amendment of the appellant's case within the meaning of Article 13 Rules of Procedure of the Boards or Appeal (RPBA 2020) and does not see any reason to question its admissibility.
3.3 Regarding the dependent claims, the same clarification as in claim 1 was added in dependent claims 5 and 9.
In addition, several of the alternatives in the dependent claims were deleted or reordered as a response to an objection of lack of clarity which was raised for the first time by the board in its communication of 17 September 2020 (see point 7). The board accepts these amendments, as well.
3.4 The Main request was therefore admitted into the proceedings.
4. Unity of invention
The subject-matter of claim 1 of the Main Request is essentially based on a combination of original claims 1 and 18. It relates therefore to the first invention, which was searched by the ISA.
The board is thus satisfied that claim 1 does not contain unsearched subject-matter (Rule 164(2) EPC). The corresponding ground of refusal in the impugned decision does not apply to the present Main Request.
5. Inventive Step (Article 56 EPC)
5.1 Closest prior art
It is common ground that D1 represents the closest prior art. D1 discloses a method and a system of secure data communication between a client terminal, like an ATM, and a remote server. A user, who needs to access the remote server, needs to provide their personal identifier first, e. g. a PIN.
At the screen of such a terminal, a virtual, operable keypad is normally displayed. In the terminal of D1, the order (configuration) of the keys in the virtual, operable keypad is randomly changed with respect to the standard keypad configuration. The user enters their identifier by pressing the corresponding keys. The terminal recognises the position of each key "pressed" by the user and interprets this position using a standard keypad configuration as a reference (see, for example, paragraph [0029]). In the same way as in the claimed invention, the user presses the keys of the virtual keypad presented on the terminal display which correspond to their identifier, but the terminal interprets these keys with reference to a standard keypad configuration. The result is that the terminal sends a different key combination than the entered identifier to the remote server. The server, which "knows" which keypad image is displayed at the terminal screen (i. e. the random key configuration), uses this key configuration to recover the user's identifier from the received key combination (see paragraphs [0030] to [0034]).
Although in D1 there is no explicit description of an image of a scrambled keypad being laid over a displayed virtual, operable keypad, the board considers that the operation in D1 is the same as in the claimed invention. The positions of the keys in the displayed keypad are interpreted with reference to another keypad configuration, which is stored in the terminal's memory, and the result is the same, i. e. a different combination of keys than those entered by the user is transmitted to the remote server. The board considers, thus, that D1 discloses the subject-matter of the preamble of claim 1.
5.2 Difference and technical problem
5.2.1 The method in claim 1 differs from D1 in that the order (configuration) of the keys in the virtual key pad is changed after at least part of the user's identifier has been entered. In the terminal of D1 there is no indication of any change of the key order during the user's input of their identifier.
5.2.2 In the claimed method, after the user has input part of their identifier, the order of the keys in the virtual, operable keypad is changed, i. e. the order of the keys in the keypad that is "under" the displayed image of the keypad. Hence, while the user continues to see the same keypad image, the order of the keys in the underlying keypad is changed. For example, when the user presses "3" in the displayed image of the keypad, the terminal sends e. g. "5" to the server, if the position of "3" in the keypad image corresponded to the position of "5" in the underlying virtual, operable keypad. After the order of the keys in the virtual, operable keypad is changed, when the user presses again "3" in the displayed image of the keypad, the terminal will send a different number, e. g. a "7", if in the new key configuration of the virtual, operable keypad, the position of "3" in the displayed image now corresponds to "7" in the virtual, operable keypad.
5.2.3 This feature adds an extra level of security, especially when the user's identifier contains the same digit more than once. For example, with a PIN number of "1111", the terminal will not transmit a key combination consisting of four times the same digit but of different digits, since the key of the virtual, operable keypad underlying the "1" of the displayed keypad image will not be the same throughout the input of the user's identifier (see also page 36, line 1 to page 37, line 9 of the application).
At the same time, the user continues to see the same keypad image displayed (which already has a different key order/configuration than the standard keypad) so that they do not need to look for the desired keys every time, something that allows a faster and more convenient entering of the identifiers with less chances of error.
5.2.4 The objective technical problem can thus be formulated as "how to increase security in the data entry without compromising usability".
5.3 Solution and obviousness
5.3.1 The identified technical problem is solved by the characterising features of claim 1, as explained in points 5.2.2 and 5.2.3 above.
5.3.2 In D1, there is no indication of a change of the key order (configuration) of the virtual keypad during the user's entry of the identifier. The skilled person would not find any indication in D1 of how to proceed and modify the described method and system and arrive at the claimed invention in an obvious manner.
5.3.3 In the state of the art, it is known to alter the configuration of the displayed keypad after the user has entered at least part of their identifier. Document D2 describes a system and a method using this solution. At a user terminal with a graphical user interface (GUI) a virtual, operable keypad is displayed for a user to enter their identifier (e. g. PIN). After the user inputs one character/digit of their identifier, the order of the keys in the displayed keypad is altered (see paragraphs [0026] to [0033] and Figure 3).
5.3.4 The method of document D2 is different from the one of document D1 and the claimed invention since there is no keypad image overlaid over the image of a virtual, operable keypad. The method in D2 aims to protect the user's input of their identifier from being recognised by someone monitoring the terminal, who could capture the user's hand movements, but it does not protect against fraudulent interception of the transmission from the terminal to the remote server, since the transmitted identifier corresponds to the identifier entered by the user.
5.3.5 In the board's opinion, the skilled person would not consider D2 when trying to solve the identified technical problem.
5.3.6 Even if they did, the skilled person would, at most, get from D2 the idea to alter the key order (configuration) in the image of the keypad displayed to the user, but not the underlying virtual, operable keypad. Hence, even if they applied such a feature to the terminal of D1, they would not arrive at the claimed invention.
5.4 The board's conclusion is, therefore, that the subject-matter of claim 1 involves an inventive step within the meaning of Article 56 EPC.
Claims 2 to 15 depend directly or indirectly on claim 1 and are therefore also inventive.
6. Consequently, the board is satisfied that the application and the invention to which it relates meet the requirements of the EPC and a European patent is to be granted according to Article 97(1) EPC.
For these reasons it is decided that:
1. The appealed decision is set aside.
2. The case is remitted to the department of first instance with an order to grant a patent on the basis of the following documents:
- Claims 1 to 15 as filed on 15 April 2021 during oral proceedings before the board (clean version);
- Description, pages 1 to 38, as filed on 15 April 2021 during oral proceedings before the board (clean version);
- Drawings sheets 1/12 to 12/12 as published.