European Case Law Identifier: | ECLI:EP:BA:2020:T114215.20200526 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Date of decision: | 26 May 2020 | ||||||||
Case number: | T 1142/15 | ||||||||
Application number: | 11250498.0 | ||||||||
IPC class: | G06Q20/00 | ||||||||
Language of proceedings: | EN | ||||||||
Distribution: | D | ||||||||
Download and more information: |
|
||||||||
Title of application: | Method and device for conducting trusted remote payment transactions | ||||||||
Applicant name: | Intel Corporation | ||||||||
Opponent name: | - | ||||||||
Board: | 3.4.03 | ||||||||
Headnote: | - | ||||||||
Relevant legal provisions: |
|
||||||||
Keywords: | Inventive step - (no) Late-filed auxiliary request - not admitted |
||||||||
Catchwords: |
- |
||||||||
Cited decisions: |
|
||||||||
Citing decisions: |
|
Summary of Facts and Submissions
I. The appeal concerns the decision of the Examining Division to refuse European patent application no. 11250498. According to the contested decision, claim 1 of the main request then on file did not fulfill the requirements of Articles 52(1) and 56 EPC and the auxiliary request then on file was not admitted into the procedure according to Rule 137(3) EPC.
II. Reference is made to the following documents
D7: US 2007/0116292 A
D11: Timo: "Thoughts on Nokia's NFC developments", 7 May 2008, Internet citation http://www.nearfiled.org/2008/05/thoughts-on-nokias-nfc-developments, XP055098485
D12: KR 10-2009-0121026
D11 was cited in the summons to oral proceedings before the Examining Division.
D12 was cited in proceedings before the USPTO concerning a family member (US 2017/255920 A1) of the present application. A copy of D12 including a translation of the description into English provided by "patents.google.com" was annexed to the Board's communication preparing the oral proceedings.
III. At the end of the oral proceedings held by telephone conference as accepted by the appellant, the appellant requested that the impugned decision be set aside and that a patent be granted on the basis of a main request or on the basis of auxiliary requests 2 or 8. The main request and auxiliary request 2 were filed with letter dated 17 April 2020 in reply to the Board's communication preparing the oral proceedings. Auxiliary request 8 was filed during the oral proceedings before the Board.
A request filed with the grounds of appeal for reimbursement of the appeal fee under Rule 103(1)a) EPC concerning the non-admission of the auxiliary request during the first instance proceedings was withdrawn during the oral proceedings before the Board.
IV. Claim 1 of the main request has the following wording (labeling (a), (b), ..., (g) added by the Board):
A method for securely conducting a trusted remote payment transaction comprising:
(a) establishing, by Near Field Communication circuitry (152) of a proxy mobile computing device (104), a trust relationship between the proxy mobile computing device (104) and a payor mobile computing device (102) over a Near Field Communication link,
(b) the payor mobile computing device (102) having stored therein payment information associated with a user of the payor mobile computing device (102) to conduct an electronic payment transaction using the payor mobile computing device (102);
(c) communicating, by the Near Field Communication circuitry (152) of the proxy mobile computing device (104), with a point-of-sale device (108) to initiate a payment transaction with the point-of-sale device (108);
(d) receiving, with the Near Field Communication circuitry (152) of the proxy mobile computing device (104), a payment request from the point-of-sale device (108);
(e) communicating, by the proxy mobile computing device (104) and in response to initiating the payment transaction, with the payor mobile computing device (102) over a network (106) to (i) transmit the payment request to the payor mobile computing device (102) and (ii) receive the payment information from the payor mobile computing device (102),
(f) wherein the network (106) is a cellular network, a telephone network, a local or wide area network, a publicly available global network, or any combination thereof; and
(g) communicating, by the Near Field Communication circuitry (152) of the proxy mobile computing device (104), with the point-of-sale device (108) to complete the payment transaction with the point-of-sale device (108) using the payment information received from the payor mobile computing device (102).
V. Claim 1 of auxiliary request 2 differs from claim 1 of the main request in that it comprises, after features (a) and (b), respectively, the additional features (a') and (b')/(b'') as follows (labeling (a'), (b'), and (b'') added by the Board):
(a') by verifying physical presence of the proxy mobile computing device (104) relative to the payor mobile computing dvice (102),
(b') wherein the establishing of the trust relationship further comprises
(b'') receiving, by the proxy mobile computing device (104), a shared passkey from the payor mobile computing device (102), wherein said shared passkey is generated by the payor mobile computing device (102) or a user of the payor mobile computing device (102) and must be entered on the proxy mobile computing device (104) before the payor mobile computing device (102) will send the payment information to the proxy mobile computing device (104);
VI. Claim 1 of auxiliary request 8 differs from claim 1 of auxiliary request 2 in that it comprises reference sign "(306)" after "receiving" in feature (b''), after feature (b'), features (h) and (j) and after feature (b''), features (k), (l) and (m) as follows (labeling (h), (j), ..., (m) added by the Board):
(h) establishing (302) the Near Field Communication between the mobile computing devices (102, 104);
(j) exchanging (304) unique identification numbers that uniquely identify the respective devices (102, 104);
(k) providing (308), by the proxy mobile computing device (104), to the payor mobile computing device (102), a list of software applications that may be executed on the proxy mobile computing device (104) and are authorized to communicate with the payor mobile computing device (102) to request the payment information;
(l) generating (310), by the payor mobile computing device (102), a private/public encryption key pair and sharing the public key with the proxy mobile computing device (104) to encrypt communications between the mobile computing devices (102, 104); and
(m) exchanging (312) additional payment parameters between the mobile computing devices (102, 104), said additional payment parameters comprising one or more of: a predetermined maximum currency limit, a time of purchase, a location of purchase, and types of items/service purchased;
VII. The relevant arguments of the appellant may be summarised as follows:
(a) Main request
D12 did not disclose any authentication of the terminals used. The subject-matter of claim 1 of the main request thus differed from D12 by the step of establishing a trust relationship using an NFC interface.
D12 related primarily to a use in which the payment information was transmitted from the payment terminal to the purchase terminal by means of the Near Field Communication (NFC) module 114' as described in relation to figure 5 on page 6 of the translation (fifth paragraph from the bottom). Although the same paragraph also referred to short message or OTA (over-the-air) transmission of the payment means information, D12 did not contain any details concerning such a transmission which was therefore mentioned for completeness' sake only.
The two terminals of D12 and, consequently, their users were thus close to each other during a payment transaction in the primary use. That was the reason that authentication of the two terminals was not an issue in D12 and why this document did not consider security aspects at all.
The objective technical problem to be solved could then be formulated as how to securely extend the usability of the payment method of D12 to situations in which the payment terminal and the purchase terminal and their respective users were far apart during the payment transaction, for instance, where the payment terminal was at home and the purchase terminal in a shop.
Starting from D12 and being faced with that problem, the skilled person would in a straightforward manner try to render the data exchanged at the time of the request and the transmission of the payment information more secure, for example by using the Diffie-Hellman-algorithm and encryption of the requested and transmitted data.
However, the skilled person would not consider pairing the terminals beforehand, i. e. before the request and the transmission of the payment information.
In any case, the NFC interface of the purchase terminal was already used for the communication with the NFC reader 410. The skilled person would therefore be deterred from using that interface also for pairing the purchase terminal with the payment terminal.
(b) Auxiliary request 2:
While the step of establishing a trust relationship between the two mobile computing devices employing NFC ensured that no unauthorised device could be used during the transfer of the payment information, the additional steps (b') and (b'') served the purpose of ensuring that the users of the authenticated device were the intended ones. This solved the problem of improving the security when devices were used by unauthorised persons. D12 was silent about that issue.
(c) Auxiliary request 8:
The additional features of claim 1 of auxiliary request 8 were based on figure 3 and the corresponding parts of the description. The claim set of auxiliary request 8 was convergent with respect to the previous requests and its additional features related to the same problem as these requests, namely, to improve the security of the method claimed by establishing a list of software application that may be executed on the proxy mobile computing device.
Further, the claims of auxiliary request 8 were adapted as a consequence of the discussions during oral proceedings before the Board. The appellant could not have foreseen that the Board would not agree with any of the arguments of the appellant in view of all the requests filed 17 April 2020.
Auxiliary request 8 should therefore be admitted into the proceedings.
Reasons for the Decision
1. The appeal is admissible.
2. The application
The present application concerns conducting remote payment transactions where payment information like a bank account or credit card number is transmitted from a payor / remote mobile computing device to a proxy / local mobile computing device upon request. The proxy mobile computing device then uses the transmitted payment information to complete a purchase at a point-of-sale device via NFC. This enables, for instance, parents to authorize use of their payment information by a child at a point-of-sale (POS) without being present themselves at the POS (see page 3, line 22 to page 4, line 18 of the description of the application).
3. Prior art D12
Document D12 also concerns conducting payment transactions in the course of which payment information, e. g. a credit card card number, is transmitted upon request. To implement this per se purely administrative idea, D12 discloses a system involving an NFC-enabled POS terminal 410 (reader), an NFC-enabled proxy mobile phone 100B (purchase terminal) and an NFC-enabled payor mobile phone 100A (payment terminal, see figure 5).
Further, the data exchange between these elements is very similar to the one disclosed in the present application (see the parts of the description corresponding to figures 5 and 7).
4. Mixture of technical and non-technical features
It was not disputed that the application discloses a mixture of technical and non-technical features.
In such a case, it is appropriate to determine the features that achieve a technical effect and thus contribute to the solution of a technical problem. Only these features are to be considered for assessing inventive step.
In that respect, using communication interfaces and networks like NFC or cellular networks to transmit and receive data has to be considered as having a technical effect.
On the other hand, the content of the data involved, for example their significance with respect to payment aspects, has no technical effect and thus does not contribute to the solution of a technical problem.
This concerns, for example, the general idea of passing on bank account or credit card information of a first person to a second person (either on request of the second person or not).
5. Main request, claim 1
5.1 Technical features of claim 1 of the main request
In view of the above, claim 1 of the main request comprises the technical features that
i) a proxy and a payor mobile computing device (MCD) are paired by means of NFC circuitry before payment transactions are conducted (see feature (a)),
ii) the proxy MCD and a point-of-sale device (POS) communicate with each other by NFC circuitry, including receiving data at the proxy MCD from the POS and sending data from the proxy MCD to the POS (see features (c), (d), and (g)),
iii) the proxy and the payor MCDs communicate with each other over a cellular network, a telephone network, a local or wide area network, a publicly available global network or any combination thereof, including receiving data at the payor MCD and sending data to the proxy MCD (see features (e) and (f)).
5.2 D12
D12 discloses that the purchase terminal 100B and the reader 410 communicate with each other by NFC circuitry including transmitting and receiving data (see for example figure 5, page 6 of the translation, eleventh paragraph: "The NFC module 114 performs the reader 410 and the short range wireless communication is connected to the store server 400, and transmits and receives control commands and data with each other" as well as page 7 of the translation, sixth paragraph). Thus, D12 discloses technical feature ii) as defined above.
This was not disputed by the appellant.
In addition, D12 discloses that the purchase terminal 100B and the payment terminal 100A communicate with each other over a cellular network/wide area network (short message / OTA, i. e. "over-the-air") including receiving data at the payment terminal 100A (see, for instance, the part relating to figure 7a on page 7 of the translated description: "In other words, the controller 180 of the purchasing terminal (100B) requests the payment means information to the payment terminal (100A)") and sending data to the purchase terminal 100B (see, e. g., page 7, of the translated description, fifth paragraph: "The payment terminals (100A) may be transmitted in the form and transmits the payment means information, or a short message and the OTA via the short distance communication such as Bluetooth and infrared communication"). Thus, D12 discloses technical feature iii) as defined above.
This was not disputed by the appellant, either.
5.3 Distinguishing technical feature
D12 does not explicitly disclose any form of authentication of the terminals 100A and 100B, as submitted by the appellant. In particular, although D12 discloses that both terminals may exchange data via the NFC module 114' (page 6 of the translated description, fifth paragraph from the bottom, as pointed out by the appellant), it does not disclose any pairing of the payment and the purchase terminals using the NFC interface.
Consequently, the subject-matter of claim 1 of the main request differs technically from the method of D12 in comprising feature i) as defined above.
5.4 Obviousness
In the method of D12, one person uses a different person's payment information (bank account or credit card) to make a purchase. Terminals (e. g. smart phones, see translated description, page 2, fourth paragraph from the bottom) are used for requesting and sending the payment information.
Requesting and sending the payment information may be done via NFC as pointed out by the appellant. However, as indicated above this may also be done by means of short messages or OTA, i. e. by means of long-range communication channels. The Board notes that D12 explicitly mentions that the goods can be purchased in remote locations (translated description, page 2, seventh paragraph from the bottom).
D12 thus explicitly refers to situations in which the users of the two terminals are remote from and not close to each other, contrary to the argument of the appellant relating to the alleged primary use of D12. Hence, the objective technical problem proposed by the appellant (extending the usability of the payment method to situations in which the payment terminal and the purchase terminal were far apart during the payment transaction) cannot be regarded as being plausible.
In such "remote" situations, it is inevitable that the identities of the terminals are known (e. g., by means of corresponding mobile phone numbers) before the payment information is requested and sent. This is required from a purely organisational point of view because otherwise the users would not be able to transmit the payment information to the intended and trusted recipient. In addition, from a technical point of view, if the identities of the terminals were not known to each other before the payment information is requested and sent, the purchase terminal would have no information from which (payment) terminal the payment information is to be requested, and the payment terminal would have no information to which (purchase) terminal the payment information is to be sent.
It follows therefrom that D12 implicitly discloses that data concerning the identities of the terminals involved is exchanged before payment transactions are conducted in one manner or another.
Therefore, the technical effect of the distinguishing technical feature is that the process of exchanging the data concerning the identities of the two terminals requires little user interaction.
A plausible objective technical problem to be solved may therefore be formulated as "how to exchange data between two terminals in an automated manner".
It would be obvious for the skilled person to use any of the interfaces that are already present in the terminals for that purpose.
Both terminals disclosed in D12 are NFC-enabled as mentioned above. Further, as pointed out by the appellant, D12 explicitly discloses that both terminals may exchange data via the NFC interface (page 6, fifth paragraph from the bottom of the translated description). In addition, the exchange of data between such terminals is one of the tasks for which NFC is commonly used (see for example D11, pages 2 and 3, and D7, abstract). The skilled person would thus consider using the NFC interface for exchanging data concerning the identities of the two terminals.
Moreover, as mentioned above, the identities of the terminals must be known before any payment transaction can be performed. Thus, the use of the NFC interface of the proxy terminal for exchanging data with the point-of-sale terminal in D12 has to occur at a different point in time than the payment transactions and would therefore not deter the skilled person from considering the use of that interface for pairing the two terminals as well, contrary to the opinion of the appellant.
It follows from the above that it would be an obvious alternative for the skilled person to use the NFC interface (modules 114') disclosed in D12 for exchanging data between the two terminals, including data concerning the identity of the terminals before conducting payment transactions.
Thereby, the skilled person would arrive in a straightforward manner at a method comprising all the technical features of claim 1 of the main request.
Consequently, the subject-matter of claim 1 of the main request is not inventive within the meaning of Article 56 EPC in view of D12 combined with the common general knowledge of the skilled person.
6. Auxiliary request 2, claim 1
Claim 1 of auxiliary request 2 comprises the additional features (a'), (b') and (b'').
Communication by an NFC interface inevitably requires that the communicating devices are close to each other (see, e. g., D12, translated description, page 6, paragraph 12: "Here, NFC is a communication technology ... at about 10 cm away ..."). Therefore, physical presence of two communicating devices relative to each other is inevitably verified whenever the communication takes place via an NFC interface. Since the skilled person would use NFC for pairing the purchase terminal and the payment terminal of D12 as set out above for claim 1 of the main request, they would thereby automatically arrive at feature (a') as well.
Features (b') and (b'') relate to the generation and use of a "passkey", i. e. of a password or PIN.
The Board concurs with the appellant in that the objective technical problem solved by features (b') and (b'') can be formulated as "how to improve the security in situations where devices are used by non-authorised persons".
However, passwords or PINs have been used for exactly that purpose in banking environments (e. g. telephone banking and Internet banking) for more than a decade before the priority date of the present application. Features (b') and (b'') must therefore be regarded as an obvious manner for the skilled person to solve the objective technical problem as defined above.
It follows from the above that the subject-matter of claim 1 of auxiliary request 2 is not inventive within the meaning of Article 56 EPC in view of D12 combined with the common general knowledge of the skilled person.
7. Auxiliary request 8
Auxiliary request 8 was filed during oral proceedings before the Board. Its admission is therefore subject to the discretion of the Board pursuant to Article 13(1) RPBA 2007.
Claim 1 of auxiliary request 8 comprises, with respect to claim 1 of auxiliary request 2, five additional features (h), (j), (k), (l) and (m) all based on figure 3 and the corresponding parts of the description of the original application. The Board accepts that most of the additional features relate to, albeit different, aspects of improving the security of the claimed method, as submitted by the appellant. The Board also accepts that no features have been removed from the independent claim and that in that sense, claim 1 of auxiliary request 8 represents a convergent development, as argued by the appellant.
However, a new independent claim with such a large number of additional features taken from the description and the figures represents a considerable degree of complexity. Its filing at such a late stage of the proceedings is thus not appropriate.
Further, the appellant had already filed, in reply to the Board's communication preparing the oral proceedings, a new main request and new auxiliary requests 1 to 3. In view of these requests, the Board exercised its discretion according to Article 13(1) RPBA 2007 to admit and consider these requests during oral proceedings.
The main request and auxiliary request 2 were found unallowable during oral proceedings as set out above. However, the reasons therefore correspond to objections already raised in the Board's communication preparing the oral proceedings (see point 8.3 of that communication for the present main request and page 12, last paragraph for auxiliary request 2). During oral proceedings, the appellant was thus not confronted with an unforeseeable situation that could justify the filing of a new auxiliary request, contrary to its submissions. Consequently, the appellant should have filed auxiliary request 8 at the latest with the letter dated 17 April 2020.
In view of the above, the Board decided to exercise its discretion under Article 13(1) RPBA 2007 not to admit auxiliary request 8 into the proceedings.
8. None of the admitted requests on file fulfills the requirements of the EPC. Thus, the appeal must fail.
Order
For these reasons it is decided that:
The appeal is dismissed.