On 3 April 2020, the Technical Board of Appeal of the European Patent Office issued a decision for Appeal T1749/14 against refusal of European patent application 09810380.7 entitled “Mobile Personal Point-of-Sale Terminal”. The full decision can be read here. The Board of Appeal’s decision is in line with the principles established in the Cardinal Commerce decision (T1463/11). The Examining Division refused the application on the grounds of a lack of inventive step as relating to a non-technical business method and also in view of D1 (“the prior art”).
Importantly, this case concerns technical character, as viewed by the EPO, and re-iterates the distinction between the business person and the skilled person. The Board of Appeal disagreed with the Examination at first instance, in respect of which aspects of the claims provide a technical contribution and therefore may contribute to an inventive step. The Board of Appeal concluded that if a notional business person devises a business concept, and if the implementation of this concept involves the development of new technical devices and protocols which go beyond a general purpose computer and straightforward programming aspects of the business concept, then these aspects provide a technical contribution and may be considered for the assessment of inventive step. Hence, the Board of Appeal decided that this case should be remitted to the Examining Division and directed them to carry out a further prior art search of the aspects identified as providing a technical contribution.
The invention concerns a customer wishing to make a secure payment to a merchant, for example by using a credit card. Existing methods often involve a “chip-and-PIN”, where the customer will be presented with a merchant owned chip-and-PIN reader (a so called point-of-sale (POS) terminal). The customer inserts their credit card and enters their PIN in order to authorise the payment. Other existing methods include a merchant using a generic mobile telephone with a POS attachment. A customer inserts their credit card into the attachment, which encrypts the information before sending it to the mobile telephone, which in turn sends the information wirelessly to a financial transaction verification entity (FTVE) (for example, a bank).
One problem with such existing methods is that a customer has to provide their sensitive information to the merchant, making it available to either the merchant or a third party attempting to steal it. The present invention addresses this potential problem by enabling financial transactions without a customer having to present their account information and PIN to a merchant.
The invention essentially comprises a sleeve portion that slides over a mobile telephone, the combination of which is referred to as a customer mobile personal point-of-sale terminal (CMPPT). The customer must first register their personal mobile telephone with the sleeve portion using an encryption key. The customer’s specific mobile telephone may then be used for all future transactions with the sleeve, whilst transactions will not work with other mobile telephones. The sleeve portion uses the mobile telephone to communicate encrypted information to and from a FTVE. A key part of the invention is that the CMPPT is customer owned, rather than provided by a merchant. Hence, in contrast to existing payment methods where a customer’s information is entered into a merchant-owned POS terminal, a merchant’s information (for example, a merchant’s bank account details) is instead entered into the customer’s CMPPT. Both the customer’s information and merchant’s information are encrypted before being directly sent to a FTVE. Subsequently, the FTVE verifies and authorises the transaction with the merchant by communicating with a merchant-owned POS terminal. In this way, crucially, the transaction is enabled without the customer having to make their sensitive personal information available to the merchant.
Facts of the case
The prior art discloses a merchant-owned mobile telephone and docking module combination. The Examining Division argued that no technical problem was solved by the differences between the claims and the prior art, which were considered only business or administrative aspects. Ownership of the sleeve and the mobile phone by the customer was deemed to be only an administrative or business consideration and not technical knowledge. Therefore, it could not provide an inventive step.
The appellant (Maxim Integrated Products, Inc.) argued that in the prior art, only the terminal itself was responsible for the secure handling and encryption of the information. According to the present invention, the sleeve portion and mobile telephone are combined to form a CMPPT. Furthermore, both the sleeve portion and the mobile telephone are modified and personalised by storing one or more encryption keys for verifying a user’s mobile telephone. Hence, argued the appellant, the invention involves new physical entities and protocols which work together to improve the security of data transactions without increasing the costs of such devices.
Decision of the Technical Board of Appeal
Notably, the Board of Appeal disagreed with the Examining Division’s analysis that the modifications made by the inventors were non-technical. The Board of Appeal stated that the following structural and functional modifications must be made to the mobile POS terminal of the prior art to arrive at the claimed subject-matter:
“- dividing the mobile POS terminal into a merchant part and a customer part, the customer part consisting of a cellular phone portion and a docking portion (POS attachment portion),
– personalising the customer part by storing dedicated encryption keys used for communication,
– storing customer account information in the customer part of the POS terminal and
– changing the transaction protocol by directly sending customer account information from the cellular phone portion of the customer part to the financial transaction verification center”.
The Board of Appeal used the concept of the notional business person, as introduced in T1463/11 (Cardinal Commerce), to assess the technical contribution of the invention over the prior art. According to the Board, the business person “might come up with the abstract idea of avoiding the customer having to provide PIN and account information to the merchant. Even when considering this to be an abstract business concept for carrying out POS transactions, it cannot however be convincingly argued that it would be sufficient to implement this idea on a standard general purpose mobile POS terminal infrastructure as known from the prior art with standard programming skills. It requires a new infrastructure, new devices and a new protocol involving technical considerations linked to modified devices and their capabilities as well as security relevant modifications of the transfer of sensitive information using new possibilities achieved by the modifications to the mobile POS infrastructure”.
Therefore, the invention concerns technical implementation details and provides a technical contribution beyond that of simply implementing a business concept. Critically, the mobile telephone portion is non-generic as it exchanges encryption keys with the sleeve portion so that only that particular mobile telephone will work with the sleeve to enable transactions. This differs from the prior art, where encryption keys are not used and any mobile telephone would work to authorise a transaction. The Board of Appeal favoured the appellant’s arguments that this difference caused a technical effect of improved security. Additionally, the customer account information is stored in the sleeve portion, and then sent directly to the FTVE. This results in customer account information bypassing the merchant altogether.
In light of this, the Board remitted the application to the Examining Division to search for further prior art regarding the aspects identified as providing a technical contribution. Thus, this decision reaffirms that technical implementations of business methods may be allowable at the EPO, especially where non-standard hardware or protocols are used.