In this decision, relevant for providers of digital payment solutions, the European Patent Office refused to grant a patent relating to prevent a payment in case of an incorrect amount entered by a customer. Here are the practical takeaways of the decision T 0994/18 of July 20, 2021 of Technical Board of Appeal 3.5.01:
The Board in charge summarized the invention of the application underlying the present decision as follows:
2. It relates to a secure mobile payment method () in which essentially a merchant’s POS (“recipient terminal”) sends an invoice, including a “first” payment amount, to a customer’s mobile phone (“payer terminal”), which returns a “second” payment amount and an encrypted payment request. The second payment amount is either the first payment amount or an amount entered by the customer. The POS cannot decipher the payment request, but can only forward it to a payment server if the second payment amount is equal to the first payment amount.
Fig. 1 of WO 2011/065974 A1
Here is how the invention is defined in claim 1:
Claim 1 (main request)
A method for processing payment data, comprising:
generating a first payment amount;
transmitting (301) recipient information to a payer terminal (102), wherein the recipient information comprises a recipient account number, the generated first payment amount, and a payment serial number that uniquely identifies a current payment;
receiving (302) a second payment amount and encrypted payment request data returned from the payer terminal (102), wherein a definition of an encryption function is pre-stored in a file accessible by the payer terminal (102) and a payment server (106), wherein the payer terminal (102) encrypts payment request data using a public key of the payment server (106) to obtain the encrypted payment request data, wherein the definition of the encryption function is unknown to a recipient terminal (104), wherein the encrypted payment request data comprises an encrypted third payment amount, an encrypted payer information, and an encrypted recipient information, wherein the second payment amount relates to an unencrypted version of the third payment amount, wherein the payer information includes a payment account number and a payer password, and wherein the encrypted payment request data is encrypted by an encryption technique that is prearranged between the payer terminal (102) and the payment server (106);
comparing the generated first payment amount with the second payment amount in the event that the second payment amount is not sent by the recipient terminal and is input by the payer terminal; and
in the event that the generated first payment amount matches the second payment amount:
forwarding the encrypted payment request data and a first payment amount to the payment server (106), wherein the payment server, via the definition of the encryption function, is to decrypt the encrypted payment request data to obtain received payer information, compare the received payer information with pre-stored payer information, and in the event that the received payer information matches the pre-stored payer information, send encrypted payment result data;
receiving (303) the encrypted payment result data from the payment server (106), the encrypted payment result data indicating whether a payment is successfully made by the payment server (106), wherein the encrypted payment result data includes a payment time and is encrypted using the encryption technique by the payment server (106); and
returning (304) the encrypted payment result data to the payer terminal (102).
Is it technical?
At the end of the first instance examination phase, the application underlying the present decision was rejected since it was considered not inventive over a distributed networked information system exchanging both encrypted and unencrypted data. In more detail, the examining division considered the gist of the application relates to a payment process and thus to a business method that is excluded from patent protection.
To convince the Board in charge to set the first instance decision aside, the applicant argued that the claimed subject-matter provides for a payment method that requires less data transmission and improved security. However, the Board did not follow these arguments:
4.2 Even taking the appellant’s latest arguments into consideration, the Board judges that the decision to include or exclude the payment amount in the information which the merchant provides to the customer is not based on technical considerations. In particular, this is not related in any way to the effects mentioned by the appellant, i.e. reduced data transmission, cryptography or improved security.
Firstly, preventing payment in case of an incorrect amount entered by the customer is a business need – not transmitting payment data to the server follows directly from this need.
Secondly, irrespective of whether or not the customer enters a payment amount he communicates with the merchant and, thus, in this sense is verified.
Furthermore, the applicant argued in its brief of June 18, 2021 filed shortly before the oral hearing (which took place in absence of the applicant) that the payment amount as claimed is used as a verification of the user itself as this information is essentially used as a one-time-pad. However, the Board disagreed since it was of the opinion that the payment amount, from a technical perspective, cannot be used as a one-time pad:
The Board also notes that the payment amount cannot be equated to a one-time-pad. The latter has a specific technical meaning, namely that of a random secret key for encrypting a plain text, which is not what the payment amount is used for.
As a result, the Board in charge ruled that the subject-matter as claimed refers to a business method implemented in a known system architecture. Since features relating to a business method as such cannot contribute to inventive step, the appeal was dismissed.
You can read the whole decision here: T 0994/18 of July 20, 2021