10 June 2020

T 1749/14 - Notional business person

Key points

  • This case is about inventive step of a software-related invention. The question is whether a claim feature is technical or not under the Comvik approach. The Board applies the test of T 1463/11 (CardinalCommerce), namely whether the notional business person would come up with the feature (as part of his request to a software programmer). 
  • The Board finds that the notional business person would not come up with the feature at issue.
  • “The notional business person might come up with the abstract idea of avoiding the customer having to provide PIN and account information to the merchant. The invention however requires a new infrastructure, new devices and a new protocol involving technical considerations linked to [...]. ”
  • “This goes beyond what the notional business person knows and concerns technical implementation details (how to implement) which are more than a straight-forward 1:1 programming of an abstract business idea”.
  • Therefore, the feature is technical and is to be taken into account for formulating the objective technical problem.
  • “The invention is in the field of mobile point-of-sale (POS) terminals for carrying out transactions, e.g. involving a credit card. Conventionally, the merchant possesses such mobile POS terminals and the customer has to provide his identification credentials such as account number and PIN to this merchant's unit [...]. The invention tries to avoid the customer's sensitive information becoming known if the merchant's device is tampered with by allowing a transaction to be carried out without the customer having to present account information and the PIN to the merchant.” 
    • I suppose that this is a valid security concern, once you think about it, typing in your PIN code into a device held by someone else is perhaps less safe than typing it into your own mobile phone. I note however that claim 1 at issue is rather broad, much broader than the drawings and the abstract of the patent application. 


EPO T 1749/14 - link



EPO Headnote
  • The notional business person might come up with the abstract idea of avoiding the customer having to provide PIN and account information to the merchant.
  • The invention however requires a new infrastructure, new devices and a new protocol involving technical considerations linked to modified devices and their capabilities as well as security relevant modifications of the transfer of sensitive information using new possibilities achieved by the modifications to the previously known mobile POS infrastructure.
  • This goes beyond what the notional business person knows and concerns technical implementation details (how to implement) which are more than a straight-forward 1:1 programming of an abstract business idea. (See point 5 of the reasons).
  • This is in the sphere of the technical expert and subject to the assessment of inventive step (see T 1082/13).



III. Independent claim 1 of the main request reads as follows:
"1. A method comprising:
(a) storing customer account information in a customer mobile personal point-of-sale terminal (CMPPT), wherein the CMPPT includes a cellular telephone portion and a point-of-sale attachment portion; this CMPPT is personalized for the individual customer by storing (a) encryption key(s) that is(are) used for communication with the individual CMPPT of the individual customer, and using this personalized CMPPT in subsequent operations;
(b) after the storing of customer account information in the CMPPT according (a) [sic] receiving merchant account information into the CMPPT; and
(c) initiating a transaction by sending the customer account information and the merchant account information from the CMPPT to a financial transaction verification entity (FTVE)."
Reasons for the Decision


1. The invention is in the field of mobile point-of-sale (POS) terminals for carrying out transactions, e.g. involving a credit card. Conventionally, the merchant possesses such mobile POS terminals and the customer has to provide his identification credentials such as account number and PIN to this merchant's unit (see e.g. D1 [0024], [0025] or [0106], 0107]). The invention tries to avoid the customer's sensitive information becoming known if the merchant's device is tampered with by allowing a transaction to be carried out without the customer having to present account information and the PIN to the merchant.

[...]


This transaction with the mobile POS terminal of D1 therefore involves the security problem of the customer having to provide his PIN and account number to the merchant's device, which then encrypts this information and passes it on to the Financial Transaction Verification Entity (FTVE).

The present invention seeks to overcome this by directly communicating the customer's sensitive information to the FTVE (see [0033] of the description and Figure 3 for the overall transaction handling). This is achieved by dividing the POS terminal into a merchant part (merchant POS terminal 32 in Figure 3 of the application) and a customer part consisting of a docking station or sleeve (point-of-sale attachment portion according to the wording of the present application) and a cellular phone, the combination of both called customer mobile personal POS terminal (CMPPT 10 in Figure 3 of the application).





Encryption keys are only usable to communicate between one particular CMPPT and the FTVE (see [0040] of the description). Any necessary merchant account information needed to initiate the transaction can be communicated from the merchant to the FTVE without such information being entered into the CMPPT (see e.g. [0014] of the description). The CMPPT can therefore be used to carry out the authorisation for a transaction such that the merchant receives an approval code, but the customer's PIN or signature does not pass through the merchant's POS terminal (see e.g. [0042] of the description).

[...]


5. The examining division argued that no technical problem was solved by the differences over D1, which were only cognitive business aspects providing no technical contribution. The problem to be solved was therefore merely to implement the idea of defining the entry point of the transaction as the property of the customer which was an obvious automation not modifying the standard and expected intrinsic behaviour of the technical features of D1 (see page 3, last paragraph of the decision).

The notional business person, as introduced in T 1463/11 (Universal merchant platform / CardinalCommerce), knows all about the business related requirements specification and knows about the fact that such business related concepts can be implemented on a computer system (stand-alone or networked, including the Internet). What the notional business person does not know, however, is how exactly it can be implemented on a computer system. This is in the sphere of the technical expert and subject to the assessment of inventive step (see T 1082/13).

In the Board's view, in the present case the notional business person might come up with the abstract idea of avoiding the customer having to provide PIN and account information to the merchant. Even when considering this to be an abstract business concept for carrying out POS transactions, it cannot however be convincingly argued that it would be sufficient to implement this idea on a standard general purpose mobile POS terminal infrastructure as known from D1 with standard programming skills. It requires a new infrastructure, new devices and a new protocol involving technical considerations linked to modified devices and their capabilities as well as security relevant modifications of the transfer of sensitive information using new possibilities achieved by the modifications to the mobile POS infrastructure.

This goes beyond what the notional business person knows, but rather concerns technical implementation details (how to implement) which are more than a straight-forward 1:1 programming of an abstract business idea. Just as T 1463/11 (supra) considered the security relevance of centralising authentication services in view of avoiding maintenance of software plug-ins in merchant computers contributed to the technical character, the Board considers the security relevance of the modifications according to point 4 above contribute to the technical character of the present invention.

6. The Board therefore considers the objective technical problem underlying the differences outlined in point 4 above to be to improve the mobile POS terminal known from D1 in respect of the customers security against fraudulent use of their sensitive information.

7. Since the Board agrees with the appellant's arguments, the decision can be taken in writing.

8. In order to assess whether the technical contribution of the claimed subject-matter of independent claims 1 and 12 is inventive (Article 56 EPC) and allowable, as requested by the appellant, a look into the further prior art is required. The Board, however, cannot be sure whether the features alleged to be non-technical or not contributing to inventive step in the contested decision have been systematically searched, in particular in view of the fact that the European Search Opinion was based on the approach of the contested decision. Only the examining division can therefore judge whether the Supplementary European Search covered those features of the independent claims, which the Board considers to provide a technical contribution as outlined above, or whether a further search is necessary.

These are special reasons which justify the remittal to the examining division (Article 11 RPBA 2020). The Board therefore remits the case for further prosecution, whereby the assessment of inventive step will have to consider all the technical features and their respective technical effects (see point 4 above).

9. The independent claims are not directed to a system or to a complete transaction as described in Figure 3 of the application, but only to the customer mobile POS terminal part. It will therefore also have to be examined whether all essential features for carrying out the invention are claimed.
Order
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first instance for further prosecution.

No comments:

Post a Comment

Do not use hyperlinks in comment text or user name. Comments are welcome, even though they are strictly moderated (no politics). Moderation can take some time.