This decision concerns a mobile payment method using QR codes. In the appeal, handled by BARDEHLE PAGENBERG, the Board considered that the software implementation of an efficient and high-security transaction method was technical and inventive. This is one of the first decisions citing G 1/19, and the Board has noted that features may contribute to the technical effect of the invention, though some of them may be considered non-technical features. Here are the practical takeaways from the decision T 1746/16 of March 4, 2021, of Technical Board of Appeal 3.4.03:
Key takeaways
Features contribute to realising a transaction method that effectively unloads the network while maintaining a high security standard and high safety level for the transaction are technical.
Features may contribute to the technical effect of the invention, though some of them may be considered as non-technical features.
The invention
The European patent application concerns a payment method via mobile phone using QR code. It aims to provide an inexpensive method using mobile phones while avoiding transmitting sensitive data to the merchant and unloading the network.
The merchant's mobile phone generates a QR code having all data relevant for the payment transaction. Once the customer can scan the QR using their mobile phone, the payment data is then transmitted from the customer's mobile phone to the server via encrypted SMS, including the authorisation PIN.
This way, the customer's personal information does not need to be given to the merchant during the transaction, and the transaction is done using only a single SMS message sent via the mobile phone network. Since the same software is used on both mobile devices, the customer can also play the role of the merchant by using the same software application.
Fig. 3 of EP 2 549 421 A1
Here is how the invention was defined in claim 1:
Claim 1 (main request)
1. Method for transferring a money amount by using a two-dimensional image code (3′) between a paying party provided with a payment device (42) and a recipient party provided with a payment receiving device (41), wherein both the paying party and the recipient party
A. Register as a new user at a money transfer managing entity on a server (2), which provides for the management and verification of the paying party and the recipient party and is responsible of the authorization to the transfer of money amounts and their payment; and the method further comprising:
B. Request of the recipient party to the paying party of a money amount, executed between the payment receiving device (41) and the payment device (42);
C. order from the paying party to the money transfer managing entity to pay said money amount to the recipient party, after the insertion of an authorization PIN in the payment device (42) and information communication from the payment device to the server (2);
D. authorization of the payment from the transfer managing entity to the recipient party, with information communication from the server (2) to the payment receiving device (41);
E. payment of said money amount to the recipient party and sending of a confirmation information of effected money amount transfer to the payment device (42) and payment receiving device (41) concerning the effected payment of the money amount, or possible writing off or cancellation of an already effected payment operation;
the method being characterized in that said payment device (42) is a payment mobile phone and said payment receiving device (41) is a payment receiving mobile phone, and in that:
a mobile phone software module is installed on both the payment mobile phone and the payment receiving mobile phone,
– in step B, the recipient party generates through the mobile phone software module installed on the payment receiving mobile phone a two-dimensional image code (3′) containing the money amount, a USER-ID of the recipient party from a personal details archive (14) on the payment receiving mobile phone and further containing information characterizing the transaction retrieved from an operations archive (16) in the payment receiving mobile phone and visualizes the two-dimensional image code on the display of the payment receiving mobile phone;
– in step B, the payment mobile phone of the paying party captures the two-dimensional image code (3′) from the display of the recipient party mobile phone;
– in step C, the mobile phone software module on the payment mobile phone analyzes the two-dimensional image code and the payment mobile phone sends to the server (2) of the money transfer managing entity an encrypted authorization SMS message, the encrypted authorization SMS message including data contained in the two-dimensional image code (3′), comprising the indication of said money amount,
– in step D, the server (2) receives said encrypted authorization SMS message and authorizes or not the payment of the money amount,
– the payment receiving mobile phone of the recipient party restricting itself in step B to the generation and visualization of said two-dimensional image code (3′), without sending any relevant information to the server of the money transfer managing entity, wherein
the two-dimensional image code (3′) presented by the payment receiving mobile phone and captured by the payment mobile phone, provides as guarantee of the privacy only the user-ID of the recipient party, an operation number, the money amount, the phone number of the payment receiving mobile phone and wherein,
the payment mobile phone visualizes on the display the transaction money amount and requests the typing of the authorization PIN, extracts from a "personal details" archive the user-ID of the paying party, extracts from a "keys" archive the encryption key for the authorization PIN, encrypts the authorization PIN, composes an authorization SMS message and sends the authorization SMS message to the server (2)
1. Method for transferring a money amount by using a two-dimensional image code (3′) between a paying party provided with a payment device (42) and a recipient party provided with a payment receiving device (41), wherein both the paying party and the recipient party
A. Register as a new user at a money transfer managing entity on a server (2), which provides for the management and verification of the paying party and the recipient party and is responsible of the authorization to the transfer of money amounts and their payment; and the method further comprising:
B. Request of the recipient party to the paying party of a money amount, executed between the payment receiving device (41) and the payment device (42);
C. order from the paying party to the money transfer managing entity to pay said money amount to the recipient party, after the insertion of an authorization PIN in the payment device (42) and information communication from the payment device to the server (2);
D. authorization of the payment from the transfer managing entity to the recipient party, with information communication from the server (2) to the payment receiving device (41);
E. payment of said money amount to the recipient party and sending of a confirmation information of effected money amount transfer to the payment device (42) and payment receiving device (41) concerning the effected payment of the money amount, or possible writing off or cancellation of an already effected payment operation;
the method being characterized in that said payment device (42) is a payment mobile phone and said payment receiving device (41) is a payment receiving mobile phone, and in that:
a mobile phone software module is installed on both the payment mobile phone and the payment receiving mobile phone,
– in step B, the recipient party generates through the mobile phone software module installed on the payment receiving mobile phone a two-dimensional image code (3′) containing the money amount, a USER-ID of the recipient party from a personal details archive (14) on the payment receiving mobile phone and further containing information characterizing the transaction retrieved from an operations archive (16) in the payment receiving mobile phone and visualizes the two-dimensional image code on the display of the payment receiving mobile phone;
– in step B, the payment mobile phone of the paying party captures the two-dimensional image code (3′) from the display of the recipient party mobile phone;
– in step C, the mobile phone software module on the payment mobile phone analyzes the two-dimensional image code and the payment mobile phone sends to the server (2) of the money transfer managing entity an encrypted authorization SMS message, the encrypted authorization SMS message including data contained in the two-dimensional image code (3′), comprising the indication of said money amount,
– in step D, the server (2) receives said encrypted authorization SMS message and authorizes or not the payment of the money amount,
– the payment receiving mobile phone of the recipient party restricting itself in step B to the generation and visualization of said two-dimensional image code (3′), without sending any relevant information to the server of the money transfer managing entity, wherein
the two-dimensional image code (3′) presented by the payment receiving mobile phone and captured by the payment mobile phone, provides as guarantee of the privacy only the user-ID of the recipient party, an operation number, the money amount, the phone number of the payment receiving mobile phone and wherein,
the payment mobile phone visualizes on the display the transaction money amount and requests the typing of the authorization PIN, extracts from a "personal details" archive the user-ID of the paying party, extracts from a "keys" archive the encryption key for the authorization PIN, encrypts the authorization PIN, composes an authorization SMS message and sends the authorization SMS message to the server (2)
Is it patentable?
Both the Examining Division and the Board considered document D1 (US 2008/222048 A1) as the closest prior art, which discloses a payment method with the mobile phone as a payment device and a point-of-sale (POS) as a receiving device, with an aim to avoid the installation of specific software and sensitive codes on the mobile device.
The transaction method of D1 requires at least five different communications via the internet, including both the devices sending the payment information to the server, which generates a bar code, decodes and verifies it and finally authorises the payment.
The first instance Examining Division considered the distinguishing features were merely an aggregation or juxtaposition of features, and the claim was obvious as the features were a straightforward implementation of the non-technical requirements.
During the appeal, the Board agreed with the appellant and identified fifteen different distinguishing features. Their effects were summarised generally into a) replacing the POS with a mobile phone and b) using the same device to carry out both the function of buying and selling according to a precise sequence of claimed steps.
The Board decided that providing an inexpensive system by avoiding the POS and using QR code instead of bar code was obvious for a skilled person.
However, the Board agreed that the other features provided a combined effect of using the same device to carry out both the function of buying and selling, and it was not obvious starting from document D1:
2.7.4 However, using one and the same type of device (mobile phone) and corresponding software for carrying out both the function of buying and the function of selling depending on the need and according to a precise sequence of steps is not suggested in any of the documents cited above. Starting from D1 and complying with the concept that the server controls the transaction and matches both the merchant's and customer's action – while maintaining a high security level -, one and the same software on the mobile devices would be counter-productive. If the skilled person replaced the POS device of document D1 by a mobile phone, they would consider a specific corresponding software tailored to the need of the seller in order to guarantee the required safety level. D1 explicitly teaches to reduce any software to be installed (paragraphs [0008], [0009] and [0018]). In view of the teaching of D1 the skilled person would therefore reduce these modules to a minimum. This teaches away from a more complex universal solution.
Furthermore, to reduce the number of communications, it also required that a different communication route ("Route B") be taken in document D1, which goes against the teaching and objective of document D1 for the following reason:
2.7.8 The skilled person would always seek for a balance between security requirements and unloading the network. In view of the teaching of D1, where security has first priority, the skilled person would not abandon a separate PIN request. Given the teachings of D1 and D2 (see abstracts) the skilled person would not abandon the matching of merchant's and customer's data by the server, either. Therefore, a communication between the merchant's device and the server is always required in addition to the communication from the customer to the server. None of the documents cited above provides any teaching that the transaction is at the same time (1) reduced to one single communication, i. e. the authorisation SMS of the paying party, (2) performed without any message between merchant and server for matching the merchant's and client's request, and (3) performed without a separate authorisation PIN request.
2.7.9 The approach proposed by the invention has the advantage that only one request has to be transmitted via the mobile phone network without connection to the Internet or a similar network. This makes the method independent from any wired structure and insensitive to network interruptions during the transaction or between two transaction transmissions. These interruptions would lead to an insecure situation. The proposed solution is both save and unloads the network by providing only one single communication via the mobile phone network. It considerably reduces data traffic. During shopping events like "Black Friday" or the days prior to Christmas, where there can be thousands or millions of payments being made at the same time, the invention offers the benefit that for each of these transactions only one single data transmission to the server is needed, instead of five or more.
Therefore, the Board considered that the skilled person starting from document D1 would have led to a solution different from the subject-matter:
2.7.11 If – starting from document D1 – the skilled person considered to replace the POS device by a mobile phone, there would still be a communication between the merchant's device and the server (via the mobile phone network) for matching the data and in total at least one communication in addition to the communication between the customer and the server, thus leading to different subject-matter than defined in the claims.
Importantly, the Board noted that the distinguishing features, including details of software implementation of transaction method, provided technical contribution and were not disclosed in any of the cited documents:
2.7.13 The prior art cited above is completely silent about Features (H) to (M), i. e. the details of the software implementation of the transaction method, handling the data, decoding and encryption. These features contribute to realising a transaction method which effectively unloads the network while maintaining a high security standard and high safety level for the transaction. Therefore, these features contribute to the technical effect of the invention, though some of them may be considered as non-technical features (see G 1/19, point 85 and T 0697/17, point 5.2.5).
Therefore, the subject-matter was considered inventive, and the case remitted to the first instance with an order to grant the patent based on the claims of the main request.
You can read the whole decision here:T 1746/16 of March 4, 2021.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
