T 2052/12 () of 9.1.2018

Summary of Facts and Submissions

I. The appeal concerns the decision of the examining division refusing the European patent application No. 03 715 275 for lack of inventive step (Article 56 EPC 1973) in relation to the former main request and the former first to third auxiliary requests. The former fourth auxiliary request was not admitted into the proceedings under Rule 137(3) EPC.

II. Reference is made to the following documents:

D1: |Ezawa K et. al., Evaluation of electronic cash threat scenarios using micro dynamic simula­tion, Proceedings of the 1998 Winter Simula­tion Conference, Washington D.C., U.S.A., pages 1641-1648,|

D2: |WO 97/30421 A. |

III. At oral proceedings before the board, the appellant requested that the decision under appeal be aside and that a patent be granted on the basis of the main request filed during the oral proceedings before the board or one of auxiliary requests 1 or 2 filed with the statement of the grounds of appeal as auxiliary requests 4 and 5, respectively.

IV. The wording of independent claims 1 and 4 of the main request is as follows:

"1. A payment method (BV) executed by a communication facility (1, 2, N) and at least one data carrier (11, 12, K) for debiting a payment value unit (BW) from the data carrier (11, 12, K), in order to pay for a performed service, wherein the following steps are

executed:

debit from a memory value unit (SW) stored in the data carrier (11, 12, K), of a debit value unit (AW) sufficient for payment for the maximum service to be performed, wherein a repayment limit (RL) stored in the data carrier (11, 12, K) is set, by the data carrier, to the amount of the debited debit value unit (AW);

calculation of a credit value unit (AWE) to be credited back, wherein the payment value unit (BW) to be paid for the actually performed service is subtracted from the debited debit value unit (AW);

check, by the data carrier (11, 12, K), whether the credit value unit (AWE) to be credited does not exceed the stored repayment limit (RL), wherein only when it is detected that the credit value unit (AWE) to be credited does not exceed the stored repayment limit

(RL), the credit value unit (AWE) is credited by adding the credit value unit (AWE) to the memory value unit (SW) stored in the data carrier (11, 12, K), wherein after the crediting of the credit value unit (AWE) to the data carrier (11, 12, K) the repayment limit (RL) stored in the data carrier (11, 12, K) is reduced by at least the credited credit value unit (AWE), and wherein before the crediting of the credit value unit (AWE) to the data carrier (11, 12, K), key information (SI1, SI2) output by the communication facility (1, 2, N) and identifying the communication facility's credit

authorization is checked by the data carrier (11, 12, K), and wherein the communication facility (1, 2, 8, N) is authorized to credit the credit value unit (AWE) up to at most the value of a maximum credit limit (ML) if the communication facility (8) has a first credit

authorization, and wherein the communication facility (1, 2, N) is authorized to credit the credit value unit (AWE) up to at most the value of the repayment limit (RL) stored in the data carrier (11, 12, K) if the communication facility (1, 2, N) has a second credit

authorization."

"4. A data carrier (11, 12, K) for payment of a performed service by debiting of a payment value unit (BV) from a memory value unit (SW) stored in the data carrier with:

storage means (15) for storing the memory value unit (SW) and a repayment limit (RL);

communication means (13) for communicating with a communication facility (1, 2, 8, N) for crediting a credit value unit (AWE) to be added to the stored memory value unit (SW) and for debiting a debit value unit (AW) to be subtracted from the stored memory

value unit (SW);

limit setting means (14) for setting the repayment limit (RL) to the amount of the last debited debit value unit (AW);

limit checking means (14) to check whether the credit value unit (AWE) to be credited does not exceed the stored repayment limit (RL), wherein only when it is detected that the credit value unit (AWE) to be credited does not exceed the stored repayment limit

(RL), the credit value unit (AWE) is credited by adding the credit value unit (AWE) to the memory value unit (SW) stored in the data carrier (11, 12, K), wherein the limit setting means (14) are developed to reduce the repayment limit (RL) stored in the data carrier (11, 12, K) at least by the credited credit value unit (AWE), after the crediting of the credit value unit (AWE) to the data carrier (11 , 12, K), and wherein key information checking means (16) are provided, which are developed to check key information (SI1, SI2)

identifying a credit authorization of the communication facility (1, 2, 8, N) and received from the communica­tion facility (1, 2, 8, N) via the communication means (13), wherein the communication facility (8) is authorized to credit the credit value unit (AWE) up to at most the value of a maximum credit limit (ML) if the communication facility (8) has a first credit authorization, and wherein the communication facility (1, 2, N) is authorized to credit the credit value unit (AWE) up to at most the value of the repayment limit (RL) stored in the data carrier (11, 12, K) if the communication facility (1, 2, N) has a second credit authorization."

V. The appellant argued essentially as follows in relation to inventive step:

Document D2 had a similar purpose as the invention, namely improving security regarding a payment method, and was considered to represent the closest state of the art. Document D2 did not disclose a repayment limit stored in the data carrier which was set by the data carrier to the amount of the debited debit value unit and was reduced by at least the credited credit value unit after the crediting of the credit value unit to the data carrier. Moreover, document D2 did not dis­close the features relating to the key information iden­tifying the communication facility's credit autho­ri­za­tion.

The known method had the disadvantage that unauthorized persons might acquire key information contained in the parking meters by stealing them and might thereby be enabled to credit sums of money as desired to any corresponding smart card. The objective technical problem was thus to improve the security in such a way that fraud was effectively prevented.

None of the cited prior art documents made any refer­ence to a repayment limit or to using two different pieces of key information. Also from its general knowledge the skilled person was not prompted to provide the missing features.

Reasons for the Decision

1. Inventive step

1.1 Closest state of the art

In the decision under appeal the examining division started from document D1 as the closest state of the art (see point 1.1 of the Reasons). That document relates in general terms to the simulation of an elec­tronic cash scheme involving smart cards, in particular to the evaluation of the threats caused by the intro­duction of counterfeit values into the scheme. However, the board agrees with the appellant in that the method disclosed in document D2 is closer to the claimed pay­ment method. In particular, document D2 discloses sub­ject-matter that is conceived for the same purpose as the claimed invention, namely for providing a pay­ment method executed by a communication facility and a data carrier for debiting a payment value unit from the data carrier in order to pay for a performed service. More­over, that document discloses the debiting of a certain debit value unit and the reimbursement of part of the debit value in order to pay for the actually performed service, as detailed below. Document D2 is therefore regarded as the closest state of the art.

1.2 Distinguishing features

1.2.1 Document D2 relates to a parking meter system in which a smart card is used for payment and to a corresponding method of operation. In particular, that document discloses (see page 3, line 25 - page 5, line 4; Figures 1 and 2) a parking meter with a slot 102 for accepting a payment card 101 proffered for payment. The payment card may be a smart card containing electronic circuitry to handle transactions and pre-programmed with a given monetary value. When the processor of the parking meter detects that a card has been inserted (step 200), it next checks to see if its serial number is in memory, i. e. if it has been previously used for pay­ment (step 205). If not, the processor prompts the user to select the time desired (step 250), then checks to see that a valid value is entered (step 255). A valid response causes the processor to calculate the value of the desired time (step 260) and to check the proffered card for available credit (step 265). An invalid value entered or lack of enough credit on the card will both prompt an error message (step 267). When proper credit is available, the value of the time requested is deduc­ted from the card (step 270), the timing circuits are activated for the requested time (step 275), and acknowledgement is made of the trans­action (step 280). If, when the card is inserted, it is detected that the serial number is in memory, the pro­cessor of the par­king meter will proceed to calculate the value of any time remaining for the associated space (step 215). The value of the remaining time is compared to a thresh­old value (step 220). If it is not greater than the thresh­old, an error message is dis­played (step 222), such as "No Refund Available"; otherwise the computed value is refunded to the card (step 225) and an acknowledgement is displayed (step 230). If time is purchased, for example, in increments of 15 minutes, no refund would be available for remaining time of 14 minutes or less.

1.2.2 Using the wording of claim 1, document D2 discloses therefore a payment method executed by a communication facility (parking meter) and at least one data carrier (payment card 101) for debiting a payment value unit from the data carrier (payment card 101), in order to pay for a performed service (making available parking time), wherein the following steps are executed:

debit from a memory value unit (memory value pre-programmed on the payment card 101 corresponding to the given monetary value) stored in the data carrier (payment card 101), of a debit value unit (memory value corresponding to the desired parking time, see step 270) sufficient for payment for the maximum service to be performed (making available the desired parking time),

calculation of a credit value unit (memory value corresponding to the remaining time) to be credited back, wherein the payment value unit to be paid for the actually performed service is subtracted from the debited debit value unit (remaining time is the difference between the desired parking time and the parking time which was actually made available).

The subject-matter of claim 1 of the main request differs from the method of document D2 in that the following steps are executed:

- a repayment limit stored in the data carrier is set, by the data carrier, to the amount of the debited debit value unit;

- check, by the data carrier, whether the credit value unit to be credited does not exceed the stored repayment limit, wherein only when it is detected that the credit value unit to be credited does not exceed the stored repayment limit, the credit value unit is credited by adding the credit value unit to the memory value unit stored in the data carrier,

- wherein after the crediting of the credit value unit to the data carrier the repayment limit stored in the data carrier is reduced by at least the credited credit value unit, and

- wherein before the crediting of the credit value unit to the data carrier, key information output by the communication facility and identifying the communication facility's credit authorization is checked by the data carrier, and wherein the communication facility is authorized to credit the credit value unit up to at most the value of a maximum credit limit if the communication facility has a first credit authorization, and wherein the communication facility is authorized to credit the credit value unit up to at most the value of the repayment limit stored in the data carrier if the communication facility has a second credit

authorization.

1.3 Objective technical problem

1.3.1 The examining division held in the appealed decision that the details of the previously claimed processing relating to the fact that the data carrier would check that a refund value would not exceed a stored limit and that the stored limit would be decreased were a set of administrative or accounting rules. Such rules were devoid of any technical considerations and would be provided to the skilled person as part of the framework of the technical problem to be solved (see point 1.2 of the Reasons).

1.3.2 The board agrees with the examining division in that a reimbursement value and a repayment limit are financial concepts and can thus be considered as part of a scheme of doing business. As such these are therefore non-technical features.

On the other hand, the contribution of the claimed method over the closest state of the art document D2 involves tech­nical features carried out by the data carrier, in particular the storing, setting and reducing of the repayment limit, the checking of the reimbursement value and its contin­gent addition to the memory value, and the checking of key information identifying the communica­tion facil­ity's credit authorization.

Under such circumstances it has to be considered whether these technical features bring about any tech­nical advan­tages or effects beyond the mere implementa­tion of the claimed method in such a way as to achieve the aims corresponding to the non-technical features (see Case Law of the Boards of Appeal of the EPO, 8th edition 2016, sections I.D.9.1.3 and 9.1.4).

In this respect it is noted that in the description of the present application (see page 2, line 22 - page 3, line 2) the following is mentioned in relation to the payment method known from document D2:

Communication facilities, which originally were provided only for debiting sums of money such as the parking fee and through the known payment method are now provided both for debiting and also for crediting of sums of money, hence also now contain the key information that authorizes the communication facility to credit sums of money or credit value units.

This has led to the disadvantage that parking meters installed for instance in parking garages have been stolen by unauthorized persons, who thus came into possession of the secret key information. These persons were thereby enabled to credit sums of money or memory value units as wished to any smart cards as wished, which is very disadvan­tageous.

It is an object of the invention to create a payment method [...] in which the previously stated disadvantages are avoided.

Hence, the object of the invention, as it emerges from the description of the applica­tion, is to prevent un­authorized persons, even when they are in possession of the relevant secret key information, to credit any de­sired sum of money to any pertinent data carrier. In­deed, the security risk due to theft of certain secret key information is effectively lowered by setting a re­payment limit stored in the data carrier to the debited amount and crediting the credit value to the data car­rier only when that value does not exceed the stored re­payment limit, and by re­ducing after such crediting the stored repayment limit by at least the credited value. In this manner any crediting to the data carrier - even when it is attempted to repeatedly credit small amounts - is limited by the debited amount. Therefore, ­the technical effect of improving the claimed payment method by lowering the security risk due to theft of certain secret key information is considered to be credibly achieved by the distin­guishing features over the closest state of the art document D2.

The objective technical problem to be solved by the invention is therefore to achieve this technical effect.

1.4 Obviousness

1.4.1 In the decision under appeal it was held that the implementation of the administrative or accounting rules was a matter of routine skills for a skilled person, in particular in view of document D1, which disclosed the implementation of business rules on a smart card to increase the security (see points 1.3 and 1.4 of the Reasons).

1.4.2 As pointed out above, document D1 relates to the simu­la­tion and evaluation of threats caused by counter­feit values in an elec­tronic cash scheme involving smart cards. The specific passage pointed out by the examining division (D1, page 1645, section 4) relates to the risk management performed on the chip of a smart card. In particular, it is mentioned that in order to detect fraudulent transactions the chip monitors the "velocity" (i. e. the amount and volume) of the trans­actions and the "statistical signature" of the trans­actions against past behavioral patterns. There may be an on-chip incident response capability in an autono­mous mode, i. e. without outside intervention. In the subsequent section (D1, pages 1645-1646, section 5) it is mentioned that the on-chip monitoring uses a cumu­lative debt turnover limit and a cumulative credit turnover limit, which define upper limits of the amounts that may be spent and received by the smart card. The smart card may be locked when it is attempted to be used beyond the defined limits.

Document D1 is thus not concerned with the security risk due to theft of certain secret key information, in particular the security key allowing the crediting of a data carrier. The skilled person would therefore not consider the teaching of D1 for solving the posed objective technical problem.

Moreover, document D2 does not disclose the claimed distinguishing features, in particular the specific setting and the reduction of the repayment limit of a smart card, the checking of the reimbursement value and its contin­gent addition to the memory value of the smart card, and the checking of key information iden­tifying a communica­tion facil­ity's credit authori­za­tion. A hypothetical combination of the teachings of documents D1 and D2 would therefore not even result in the claimed subject-matter.

In the board's judgment the mere application of its common general knowledge would not lead the skilled person to the claimed solution of the objective technical problem, either.

Therefore, the subject-matter of claim 1 of the main request involves an inventive step. Independent device claim 4 corresponds essentially to method claim 1. Claims 2 to 3 and 5 to 9 are dependent on claims 1 and 4, respectively.

Accordingly, the subject-matter of claims 1 to 9 of the main request involves an inventive step (Article 52(1) EPC and Article 56 EPC 1973).

2. Conclusions

The only substantive ground of the decision under appeal was lack of inventive step. This objection has been overcome by way of amendment as indicated above. The board has no further objections against the appli­ca­tion documents of the main request and the corre­spond­ing in­vention, which are thus considered to meet the require­ments of the EPC. The patent is therefore to be granted as amended according to the main request (Article 97(1) EPC and Article 111(1) EPC 1973). Consideration of the auxiliary requests is therefore not necessary.

Order

For these reasons it is decided that:

1. The decision under appeal is set aside.

2. The case is remitted to the department of first instance with the order to grant a patent in the following version:

- Claims 1-9 of the main request filed during oral proceedings of 9 January 2018,

- Description:

- pages 1, 5-12 of the description as published,

- pages 2 and 2a of the description filed with letter dated 24 February 2011,

- pages 3, 4 and 13 of the description filed during oral proceedings of 9 January 2018,

- Drawings sheets 1/3-3/3 as published.