The European Patent Office refused to grant a patent on the concept of providing a trusted third party to secure online transactions. Here are the practical takeaways of the decision T 1761/14 of 27.11.2018 of Technical Board of Appeal 3.4.03:
This European patent application is directed at increasing security in online business transactions. One goal of the application is to provide assurance to a merchant that the person attempting to make a purchase with a payment instrument is in fact authorized. Also, the likelihood of a cardholder’s issuing bank authorizing a fraudulent online transaction should be removed.
To this end, the application provides a process by which owners of payment instruments may have control over the usage of their payment instruments by giving them the ability to selectively block and unblock their payment instruments. Thus, one goal of the application is to allow the legitimate holder of a payment instrument to explicitly control the precise conditions under which a payment authorization request may be granted or rejected.
Here is how the invention is defined in claim 1 (main request):
Claim 1 (main request)A method of protecting a payment instrument in non-face-to-face transactions,
(a) the payment instrument being issued by an issuing entity (20) and associated with an authorized instrument holder (1),
(b) the authorized instrument holder being subject to authentication by a trusted third party (15) with whom the payment instrument holder has previously registered by submitting personal information,
the method comprising:
(c) the authorized instrument holder (1) communicating with the issuing entity (20) to block, on a default basis, authorization of the payment instrument for non-face-to-face transactions unless authorized to unblock the payment instrument by the trusted third party (15);
(d) prior to a non-face-to-face transaction (S5), the authorized instrument holder (1) communicating (S2) with the trusted third party (15) to subject him or herself to authentication based on the personal information and to request that the payment instrument be unblocked for the non-face-to-face transaction (S5);
(e) the trusted third party (15) authenticating the authorized instrument holder (1), and if the authentication result is positive, communicating (S4) with the issuing entity (20) to request unblocking of the payment instrument for the non-face-to-face transaction (S5).
Is it technical?
First of all, the board noted that in this case claim 1 was formulated in such an abstract manner that it does not necessarily require any technical feature at all. Therefore, claim 1 could thus even be seen as being excluded from patentability. However, since the main purpose of the application was to increase security in online transactions, the board interpreted claim 1 as if it was performed using the (generally known) technical means mentioned in the rest of the application.
Compared to the closest prior art, claim 1 was found to differ in that a trusted third party (“ttp”) is provided which acts as an intermediary between the authorised instrument holder and the issuing entity. However, this did not justify an inventive step according to the board:
Providing a trusted third party (like a notary) in addition to the issuing entity/financial institution pertains to an administrative or business concept that does per se not contribute to the technical character of the invention.
It must be concluded that claim 1 of the main request differs from D5 by a modified business concept.
The Board can accept the argument of the appellant that the skilled person would, starting from D5, have no motivation to introduce a ttp (and thus distinction (ii)) into the system of D5 (see section XII. above) only insofar as motivation by technical reasons is concerned.
However, in the present case and applying the principles as set out in T641/00, the person skilled in the art of computer technology is provided with the modified business concept including the provision of a ttp as a constraint to be met.
That is, the motivation to introduce a ttp/distinction (i) into the system of D5 is provided by the modified business concept instead of technical reasons.
Furthermore, another difference to the closest prior art was that the transaction is a non-face-to-face transaction:
In this respect, the Board notes that the application explicitly mentions that the distinction between card present/face-to-face and card not present/non-face-to-face transactions was instituted by banks and not by engineers or computer scientists (page 4, line 30 to page 5, line 1).
Consequently, the skilled person would only be faced, as objective technical problem to be solved, with the task of implementing the different, but given business concept underlying claim 1 using the generally known technical means mentioned in D5.
Such an implementation naturally involves adapting the generally known technical means, including registrations in data bases and communications using the networks, disclosed in D5 to the different business concept.
However, the application does not mention (and the Board is not aware of) any particular technical difficulty the skilled person would encounter when trying to do so. Instead, these adaptations have to be considered to be straightforward tasks for the skilled person.
Therefore, the board concluded that claim 1 did not involve an inventive step.
You can read the whole decision here: T 1761/14 of 27.11.2018