T 2358/17 11-03-2021
Download and more information:
Apparatus and methods for payment transactions using near field communication
Novelty - main request, first auxiliary request (no)
Inventive step - third auxiliary request (no)
Second auxiliary request - late filed - not admitted
I. The appeal is against the decision of the examining division refusing the European patent application No. 12 188 576.8 on the ground that the subject-matter of claim 1 of the Main Request and of the First to Fourth Auxiliary Requests before it was not new (Article 54(1) EPC).
II. The appellant (applicant) requested initially that the decision under appeal be set aside and that a patent be granted on the basis of the Main Request or one of the First to Fourth Auxiliary Requests, all filed with the statement of the grounds of appeal and corresponding to the respective requests underlying the impugned decision.
In addition, the appellant requested as a further auxiliary request, a remittal ("remanding") of the case to the examining division for further prosecution on the basis of any of the substantive requests on file.
III. After the board issued summons to oral proceedings and its preliminary opinion on the case, the appellant filed with a letter dated 22 January 2021 a Main Request and First to Third Auxiliary Requests to replace the requests on file.
The Main Request and the Third Auxiliary Request correspond to the respective requests filed with the statement of the grounds of appeal. The First Auxiliary Request corresponds to the Fourth Auxiliary Request filed with the statement of the grounds of appeal. The Second Auxiliary Request is a new amended request based on the Third Auxiliary Request.
IV. At the end of the oral proceedings before the board, which were held via videoconference at the request of the appellant, the appellant's requests were that the impugned decision be set aside and a patent be granted on the basis of the Main Request or one of the First to Third Auxiliary Requests, as filed with the letter of 22 January 2021.
The appellant also maintained its auxiliary request, that the case be remitted to the examining division for further prosecution on the basis of any of the requests on file.
V. Reference is made to the following document, cited in the impugned decision:
D4: US 2010/0023449 A1.
In addition, reference is made to the following document (filed as D6 by the appellant with letter of 27 March 2017):
D6: "Short Form Specification; Near Film Communication PN531 - myC based Transmission module".
VI. Claim 1 of the Main Request has the following wording:
A device (1101) for use with a reader device (1102), comprising:
an NFC tag (1100) having:
a first storage device (1130) for storing financial product data, the first storage device configured to prevent access by the reader device (1102), wherein the first storage device is not accessible by the reader device;
a second storage device (1120) that is configured for access by the reader device; and
a controller (1150) coupled to the first storage device and the second storage device, the controller configured to,
transmit financial product data from the first storage device to the second storage device (1330, 1430); and
transmit the financial product data from the second storage device to the reader device (1360, 1460).
VII. Claim 1 of the First Auxiliary Request is worded as follows (additional features over claim 1 of the Main Request underlined by the board):
A device (1101) for use with a reader device (1102), comprising:
an NFC tag (1100) having:
a first storage device (1130) for storing financial product data, the first storage device configured to prevent access by the reader device (1102), wherein the first storage device is not activatable and not accessible by the reader device;
a second storage device (1120) that is configured for activation and access by the reader device;
a controller (1150) coupled to the first storage device and the second storage device, the controller configured to:
transmit financial product data from the first storage device to the second storage device (1330, 1430);
transmit the financial product data from the second storage device to the reader device (1360, 1460), and
remove the financial product data from the second storage device after transmission to the reader device.
VIII. Claim 1 of the Second Auxiliary Request has the same wording as claim 1 of the Main Request with the additional specification that the first storage device and the second storage device each consists of a volatile memory (underlined by the board).
IX. Claim 1 of the Third Auxiliary Request has the same wording as claim 1 of the Main Request with the additional specification that the first storage device and the second storage device each comprises a volatile memory (underline by the board).
X. The appellant essentially argued that the device of D4 did not comprise a first storage device, which was not accessible by the reader device while comprising a second storage device which was configured for access by the reader device. The appellant's arguments are dealt with in detail in the reasons.
1. The appeal is admissible.
2. The claimed invention
2.1 The claimed invention relates to a device and a method for carrying out transactions using near field communication (NFC). Near field communication is a technology used for contactless, short-range (a few centimetres) communication based on radio frequency identification standards, using magnetic field induction to enable communication between electronic devices (e. g. mobile wireless communication devices) (see paragraphs [0002] and [0003] of the published application).
2.2 In the context of a transaction like a payment, the user has a mobile wireless device with NFC capabilities. A corresponding reader device is used to communicate with the user's device. The user's device stores personal data of the user (e. g. bank or credit card information). In the context of the transaction, the user's device connects to the reader of a merchant using NFC technology and data are exchanged.
According to the NFC protocol, when a near field connection between two devices is established, data stored in one device are automatically transferred to the other. This opens the possibility for unauthorised transfer of data, when for example a potential fraudster approaches another device to the user's device. Once a NFC connection between the two devices is established, the user's device will transfer automatically data to the device of the fraudster, without even the user noticing (see paragraphs [0004] and [0005] of the published application).
2.3 The claimed invention solves this problem by providing two different data storage units (memories) in the user's device. The user's personal data are stored in a first storage that is not accessible by the NFC reader device. When a transaction is carried out, the necessary data are transferred from the first storage to a second storage, which is accessible by the NFC reader, only after the user has authorised this transfer.
In this way the user's device (and the user) can control which data are transferred to another device and when such a transfer may take place.
3. Main Request
3.1 The examining division considered that document D4 disclosed all the features of claim 1 of the Main Request (see point 1 of the decision under appeal).
3.2 D4 describes a mobile device containing a NFC component that is used to carry out payments. D4 identifies and addresses the same problem as the claimed invention,
i. e. the uncontrolled (automatic) transfer of data under the NFC protocol (see paragraphs [0002] and [0004]).
The mobile device (202) of D4 (see Figure 2) comprises a NFC component (206) that is adapted for communication with a NFC sensor (application) (204), which corresponds to the reader device of the claims. The mobile device comprises a mobile wallet (216) including a corresponding application and a database (see Figure 3), which are separate from the NFC component. The user's financial and other personal data are stored in the mobile wallet and no personal data are stored in the NFC component (see paragraphs [0017], [0021] and [0028]).
When a user wishes to carry out a payment transaction using the NFC component, the mobile device approaches the corresponding NFC sensor (reader) device. In one embodiment, the NFC component is not activated until the users presses a switch (paragraph [0022]). In another embodiment, the NFC component is activated via induction by the sensor (reader) device, in the same way as in the claimed invention (paragraphs [0036] and [0047]).
In order to carry out the transaction, the user activates the mobile wallet (application) and authorises the transfer of personal data from the wallet to the NFC component. The data are then transferred automatically from the NFC component of the mobile device to the sensor (reader) device (paragraphs [0025] and [0033] to [0040]). The NFC component (206) comprises a memory in which the data are transferred from the mobile wallet in order to be transmitted to the sensor (reader) device (paragraph [0034]).
3.3 The appellant argued that D4 did not disclose the combination of the following two features of the device of claim 1:
- a first storage device (1130) for storing financial product data, the first storage device configured to prevent access by the reader device (1102) wherein the first storage device is not accessible by the reader device; and
- a second storage device (1120) that is configured for access by the reader device
3.3.1 According to the appellant D4 did not disclose the combination of the first storage device being inaccessible by the reader device while the second storage device was accessible by it (see also statement of grounds of appeal, pages 3 and 4).
3.3.2 In its preliminary opinion the board had commented that, in the context of the present application, "accessible by the reader device" merely meant that data are transferred from the storage device to the reader device and there was no indication of any other type of access to the storage device(s) by the reader device (see also point 4.4 of the board's communication of 22 September 2020).
The appellant pointed out that, in the claimed device, once the second storage device was activated by the reader device, the data were automatically transferred to the reader device. In this way, the reader device had the control of when data stored in the second storage device were transferred to it. Hence, the "access" according to the present application was not a mere transfer of data from the storage device to the reader device, but it had the additional characteristic that it was the reader device that triggered this data transfer. In contrast to that, the data transfer from the first storage device to the second storage device was carried out without any "involvement" of the reader device, hence, the reader device had no access to the first storage device.
3.3.3 Regarding D4, the appellant commented that in the device of D4 it was the user, who triggered the transfer of data to the sensor (reader) device. The sensor (reader) device did not have any control on when the data were to be transferred to it and, hence, it could not be said that the sensor (reader) device had access to the second storage device in the same way as in the claimed device. According to the appellant, in D4 both the data transfer from the first storage device (mobile wallet) to the second storage device (NFC component) and from the second storage device to the reader (sensor) device were triggered by the user. Hence, there was no distinction in the way the reader (sensor) device interacted with the first and second storage devices. Irrespective of the interpretation of the term "access", in D4 the interactions between the reader device and the first and storage devices in the context of data transfer were the same, so either both the storage devices were configured for access by the reader device or neither of them was. In any case, the distinction of the reader device accessing only the second storage device but not the first was not disclosed in D4.
3.4 The board does not share the appellant's interpretation of D4 and considers that the data transfer to the sensor(reader) device is carried out in the same way, both in the claimed device and the device of D4.
3.4.1 As claim 1 defines, the device comprises a controller, which is configured to transfer (financial product) data from the first storage device to the second storage device (first step of the data transfer) and from the second storage device to the reader device (second step).
As it is explained in the application, there are no data stored initially in the second storage device. Only after the authorisation by the user will data be transferred from the first storage device to the second storage device (see for example paragraph [0066] of the published application). When the second storage device is activated by the NFC reader device, data are transferred automatically from the second storage device to the reader device (paragraphs [0067] and [0068]). The user, thus, triggers/controls the first step of the data transfer, while the second step is carried out automatically, under the NFC protocol.
3.4.2 Regarding D4, the board notes that it remained uncontested that the memory of the NFC component 206 corresponds to the second storage device of claim 1. As D4 explains (see paragraphs [0032] to [0034] and Figure 3), data (information) are retrieved from the mobile wallet database 312 (which corresponds to the first storage device of claim 1) and transferred to the NFC application 304 for transmission to the NFC sensor application 316 (corresponding to the reader device of claim 1) only after a corresponding authorisation of the user. This corresponds to the first step of the data transfer which is triggered/controlled by the user, without any "involvement" of the reader (sensor) device (see paragraphs [0040] and [0041]).
3.4.3 The data are stored in the memory of the NFC component 206 (which corresponds to the second storage device of claim 1) before they are transferred to the NFC sensor (reader) device. This transfer is carried out automatically, without any user intervention, under the NFC protocol, when the NFC component of the device is activated by the reader (sensor) device (paragraph [0041]). This would correspond to the appellant's definition of the reader device "accessing" the second storage device. This data transfer corresponds to the second step, which is carried out without any user involvement and under the control of the reader device.
3.4.4 In the device of D4, therefore, the first step of the data transfer is triggered/authorised by the user, while the second step is carried out automatically under the NFC protocol.
Hence, contrary to the appellant's interpretation (see point 3.3.3 above), the interaction between the sensor (reader) device and the corresponding first storage device is different from the interaction between the sensor device and the second storage device in D4, just like in the claimed device.
3.5 D4 thus discloses the two features identified by the appellant (see point 3.3 above). Since D4 discloses all the features of claim 1, the board concludes that the subject-matter of claim 1 of the Main Request is not new within the meaning of Article 54(1) EPC.
4. Auxiliary Requests
4.1 First Auxiliary Request
4.1.1 Compared to claim 1 of the Main Request, claim 1 of the First Auxiliary Request comprises the additional features:
- that the first storage device is not "activatable" by the reader device, while the second storage device is configured for activation by the reader device; and
- that the controller is configured to remove the financial product data from the second storage device after transmission to the reader device.
4.1.2 Regarding the first storage device, the board notes that the reader device of D4 (NFC sensor (application) 204/316) cannot activate the first storage device (mobile wallet database 312) because the mobile wallet database and the mobile wallet application 214/306 are both located outside the NFC component 206 (see for example Figures 2 and 3). Regarding the second storage device, D4 states explicitly that the NFC component is powered by "an induction loop powered by the NFC sensor application 204" (paragraph [0036]). The board understands this to mean that the second storage device (i. e. the memory of the NFC component) is activated by the reader device. Hence, the first of the two additional features is also disclosed in D4.
4.1.3 The appellant argued, essentially repeating its arguments regarding the Main Request, that the reader device in D4 did not access the (corresponding) second storage device in the same way as in the claimed device. As explained previously (see point 3.4), the board did not find these arguments persuasive.
4.1.4 Regarding the removal of the data from the second storage device after the payment transaction is terminated, it remained uncontested that this was also the case in D4 (see e. g. paragraphs [0041] or [0042]).
4.1.5 D4 discloses, thus, all the features of claim 1 of the First Auxiliary Request, which also lacks novelty.
4.2 Second Auxiliary Request - Admission
4.2.1 The Second Auxiliary Request was filed after the board had issued summons to oral proceedings.
Pursuant to Article 13(2) RPBA 2020 (which applies according to Articles 24(1) and 25(3) RPBA 2020), any amendments to a party's appeal case made after notification of a summons to oral proceedings shall, in principle not be taken into account unless there are exceptional circumstances, which have been justified with cogent reasons by the party concerned.
4.2.2 The appellant explained that the Second Auxiliary Request was a more limited version of the current Third Auxiliary Request, which was part of the Requests underlying the impugned decision. The amendments did not introduce any subject-matter which the examining division had not dealt with and the difference between "comprising" and "consisting" had already been commented on by the examining division in the decision under appeal (see point 5 of the grounds). Moreover, the board had also commented on the same issue in its preliminary opinion (see point 6.2 of the board's communication of 22 September 2020). The board was, thus, in a position to deal with this request and it should be admitted in the proceedings.
4.2.3 The board agrees with the appellant that the difference between the expressions "consisting of a volatile memory" and "comprising a volatile memory" was pointed out in the impugned decision. The board considers this, however, to be an indication that amendments in relation to this difference should have been filed earlier, at the latest with the statement of the grounds of appeal. In its preliminary opinion, the board merely re-iterated the examining division's comment on this issue. Hence, the filing of the Second Auxiliary Request cannot be seen as a reaction to an objection raised for the first time by the board.
This is also an indication that no exceptional circumstances exist for this amended request to be filed at this point in the appeal procedure. The appellant did not mention any such circumstances, either.
4.2.4 Moreover, neither the examining division nor the board had been faced with an embodiment of the claimed device with such a limitation concerning the storage devices before the Second Auxiliary Request was filed. In the decision under appeal the examining division merely pointed out that "comprising a volatile memory" was not the same as "consisting of a volatile memory", but it decided on the claims before it, in which the term "comprising" was used. In a similar way, the board in its preliminary opinion pointed out the difference but limited itself in providing an assessment of the claims on file and not of hypothetical claims comprising the more limiting expression of "consisting of a volatile memory". Hence, it is not completely true that the amendments do not introduce subject-matter which had not been dealt with previously.
4.2.5 For these reasons, the board decides not to admit the Second Auxiliary Request into the proceedings.
4.3 Third Auxiliary Request
4.3.1 Claim 1 of the 3rd Auxiliary Request defines additionally (with respect to claim 1 of the Main Request) that the first and second storage devices comprise each a volatile memory.
4.3.2 It is common ground that the second storage device in D4 (the memory of the NFC component 206) includes a volatile memory. D4 states that the NFC component (206) can be the PN531 transmission module by NXP Semiconductors (paragraph [0018]). D6 is a specification of this transmission module, and as it can be in Figure 1, the PN531 comprises a RAM, which is a volatile memory. The appellant did not contest this (see statement of the grounds of appeal, last paragraph on page 6). Regarding the appellant's comments about the way data are transferred from the second storage device to the reader device in D4 and whether this corresponds to the second storage device being "configured for access" by the reader device, reference is made to point 3.4 above.
4.3.3 Hence, the only difference between claim 1 of the Third Auxiliary Request and D4 is that the first storage device comprises a volatile memory. D4 does not disclose any type of memory for the first storage device, i. e. the mobile wallet database.
The technical problem the skilled person is faced with is, thus, which type of memory/memories to include in the first storage device.
4.3.4 It is commonly known that volatile and non-volatile memories represent two general types of electronic memory devices. The skilled person knows their respective advantages and disadvantages only based on their common general knowledge.
The application merely states that "Exemplary embodiments of the first storage device include non-volatile memory, volatile memory, and disks" (column 15, lines 17 to 19 of the published application). The board notes that disks would formally fall under the non-volatile memories, since the stored data are not erased when they are switched off. In any case, the application provides no further indication about any reasons that would incite the skilled person to select one embodiment (type) over the others.
In fact, the application mentions explicitly in one embodiment that the first storage device comprises a non-volatile memory on which the user personal data are stored (paragraph [0065]), while there is no embodiment mentioning explicitly a volatile memory in the first storage device.
4.3.5 The board, hence, considers the selection of the appropriate type of memory for use in the fist storage device to be a question of design and that, in the context of the present application, no particular technical problem is solved by it. The skilled person would chose a volatile (or non-volatile) memory based only on common general knowledge and depending on the particular needs and circumstances. Hence, the board sees no inventive merit in this feature.
4.3.6 During the oral proceedings, the appellant argued that by using volatile memory in the first storage device, the data stored in it would be erased when the claimed device would be powered off. Making reference to paragraph [0005] of the application, the appellant argued that the skilled person would recognise that preventing eavesdropping of personal data was a problem the claimed invention was aiming to solve. The first storage device was configured to store important personal user data, especially data related to financial information (paragraph [0058]. The skilled person would thus understand that, by providing a volatile memory in the first storage device, such sensitive user data would be erased when the device was switched off, increasing thus data security. Even if those data had to be reloaded every time when the device was switched on, the skilled person would chose security over convenience.
Hence, there was a technical problem solved by the selection of a volatile memory for the first storage device, namely how to increase the security of the user personal data.
4.3.7 The board is not convinced by the appellant's formulation of the technical problem.
At first, the referred paragraph [0005] states explicitly that the problem of eavesdropping of data is related to near field communication and the problem the claimed invention aims to solve is to prevent "eavesdropping of data from the NFC chip" (last sentence of the paragraph). Since the first storage device is not "accessible" by the reader device using NFC, this problem does not apply to this storage device.
Secondly, the board notes that the application as a whole relates to the control of the transfer of data from the first storage device to the second storage device and from the second storage device to the reader device and how to prevent unauthorised data transfers from the second storage device via NFC. There is no indication about any considerations regarding the security of the data stored in the first storage device.
The board finds thus that the appellant's formulation of the technical problem is not supported by the content of the application and does not accept this argument.
4.3.8 The board's conclusion is, therefore, that the subject-matter of claim 1 of the Third Auxiliary Request does not involve an inventive step within the meaning of Article 56 EPC.
5. Remittal
5.1 The appellant requested remittal ("remanding") of the application to the examining division for further prosecution (see statement of the grounds of appeal, page 2, fifth paragraph) but did not put forward any reasons as to why the board should remit the case.
Neither after the board issued its preliminary opinion nor during the oral proceedings did the appellant present any arguments on this matter.
5.2 As already mentioned in its preliminary opinion (point 8 of the communication of 22 September 2020), the board sees no (special) reasons, and in particular no fundamental deficiencies in the first instance proceedings, that would justify a remittal of the case to the examining division (Article 11 RPBA 2020).
5.3 Hence, the board, refuses the appellant's request for a remittal of the case to the examining division.
6. Summarising, since none of the requests on file is allowable, the appeal must be dismissed.
For these reasons it is decided that:
The appeal is dismissed.