T 0201/21 (Product authentication/TESI) 08-04-2025
Download and more information:
SYSTEM FOR GUARANTEEING AUTHENTICITY OF BRANDED GOODS
The general idea of protecting a transaction, here a registration, with a password is non-technical and also well known. The idea of using a predefined set of one-time passwords for user authentication also lacks technicality. Even when considered technical, it could not support an inventive step, as it corresponds to the well-known transaction authentication number (TAN) authentication procedure commonly used in online transactions. Using a server to store and verify the TAN numbers and distributing these on cards is a straightforward implementation of this known procedure.
(See point 8 of the reasons)
I. This is an appeal against the examining division's decision to refuse European patent application No. 15813909.7 according to the state of the file.
II. The application was refused on the grounds that claim 1 contained added subject-matter (Article 123(2) EPC) and lacked inventive step (Article 56 EPC) in view of document D1 (WO 2013/165028).
III. In the notice of appeal, the appellant requested "cancellation of this [i.e. the appealed] decision". In the statement of grounds they argued for the patentability of the refused set of claims. The Board understood this as a request for the decision to be set aside and a patent be granted on the basis of the refused set of claims.
IV. In the communication pursuant to Rule 100(2) EPC, the Board tended to agree that the feature of sending an electronic ownership registration request (feature (e) of claim 1), which had been objected to by the examining division under Article 123(2) EPC, was derivable from the originally filed application. However, there appeared to be no basis for the further feature of sending said request "for pairing the card number with the article's unique identifier code in the database".
The Board furthermore informed the appellant that it tended to agree with the examining division that claim 1 lacked an inventive step in view of D1, and that it was minded to dismiss the appeal.
V. In a letter of reply, the appellant filed a new request replacing the sole request on file, and provided arguments in favour of its patentability.
VI. Claim 1 of the sole request reads:
A method of registering in a database ownership of physical articles, comprising:
(a) attaching a label to each article or to the packaging of the article, the label having a unique identifier code (UWID);
(b) producing numbered cards (BPC), each having a unique number, and distributing numbered cards to points of sale;
(c) entering in a database associated with an administration computer (i) the unique identifier codes of the labels, (ii) the unique numbers of the numbered cards, the unique numbers of the numbered cards being initially entered in the database without being associated with particular physical articles, and (iii), upon entry of the numbered cards at a point of sale, populating the database with the point of sale data;
(d) maintaining in the database the status of: (i) the unique identifier codes (UWID) of the labels, and (ii) the unique numbers of the numbered cards (BPC), the status including an indicator of whether the unique identifier code of the label and the unique number of the numbered card are associated with a sold physical article;
(e) at a point of sale, a merchant providing the consumer with a numbered card (BPC) and combining the card number with the sold article's unique identifier code (UWID) in an electronic registration request sent to the administration computer through a merchant terminal;
(f) receiving the registration request at the administration computer and performing registration in the database of ownership of the sold article with the numbered card only if the unique identifier code and the card number of the registration request respectively match a unique identifier code and a card number that are in the database, and none is associated with a sold article, wherein the registration includes changing a status to the indicator that the unique identifier code of the label and the unique number of the numbered card are now both associated with a sold physical article; and
(g) subsequently proving the authenticity and ownership of the article by a user sending a query to the database using the article's unique identifier code.
VII. The appellant's arguments can be summarised as follows:
The claimed features increase the security of the authentication method by providing a two-factor authentication procedure which also guarantees that the merchant has the authority to register the sold articles. Moreover, providing the customer with certificates printed on elegant cards makes the use of security tokens more attractive to the customers of luxury goods, who appreciate tangible objects.
1. The invention concerns authenticating physical articles such as luxury goods (description, page 1, lines 9 to 26).
Each article is provided with a label carrying a unique identification code (UWID - Figure 1 and feature (a) of claim 1). Moreover, the merchant is provided with a plurality of cards (Brand Property Cards - BPCs - Figure 2 and feature (b)) having a unique number (page 6, line 26 to page 7, line 5, page 9, lines 4 to 17). The UWIDs and the card numbers are stored in a database (feature(c)). While a product is being sold, the merchant sends an electronic registration request including the product's UWID and the unique number of one of the BPC cards to an administration computer (page 10, lines 13 to 27, Figure 87 and feature (d)). If both the UWID and the BPC code are present in the database and are not yet associated with a sold article, the computer carries out registration by changing a status indicator for the UWID and the BPC code (page 40, lines 20 and 21 and feature (e)).
Inventive step
2. The Board agrees with the contested decision that D1 is a suitable starting point to assess inventive step.
D1 discloses a system for verifying authentication and ownership of a physical article (paragraph [017]). Each article includes a label having a unique authentication code, pre-stored on a server database (paragraph [019]). The authentication code can be used to verify authenticity of an item by sending a query to a manufacturer's server (paragraph [020], last sentence).
When a transaction takes place, the merchant registers ownership of the item by sending a registration request to the server including the article's unique code and a generated unique number (Figure 3, 310, 311, [061]). The registration only takes place if the code and number are not already associated with another sale (paragraphs [042], [061], [062], [064]).
3. Claim 1 differs from D1 essentially in that card numbers are pre-stored in the central database and provided to the merchant on a brand property card (BPC), in that the database is populated with point of sale data upon entry of the numbered cards at a point of sale, in that a BPC card is provided to the user and its number is combined by the merchant with the unique identifier code in a registration request, and in that the registration is only possible if both the BPC card number and unique identifier code match a number and a code stored on the server and not associated with a sold physical article.
4. The appellant argued that these features increased the security of the authentication method by providing a second authentication factor. In particular, it was argued that "... the combination of ... pairing [of the unique card and article numbers] in the database and the use of numbered cards that are not initially paired with particular physical items, results in ... strong authentication of physical articles". Moreover, they guarantee that the merchant has the authority to register the sold articles in the database.
5. The Board finds these arguments unconvincing. Even though the number and the code are combined at the point of sale in a registration request, the registration step carried out by the administration computer only implies changing the statuses of the (pre-stored) BPC number and UWID code to indicate that they are associated with a sold article. This does not imply a pairing or association, on the administration computer, of the BPC number and UWID code, or the use of this information for verifying product authenticity. The authentication may simply consist of checking whether the item's unique identifier is stored in the database and associated with a sold article, which is a one-factor authentication. The appellant appears to acknowledge this as being a conventional step (see grounds of appeal, page 6, first full paragraph).
6. The Board also observes that the features of populating the database with the point of sale data upon entry of the numbered cards at the point of sale and of providing a BPC card to the user cannot contribute to the merchant verification or to the product authentication, as the claim does not provide any indication as to how (and whether) this information is used. On the contrary, the only information provided by the user for proving authenticity and ownership of an article in the database is the articles's unique identifier code (see step (g)).
7. In view of the above, the Board concludes that the "second factor authentication advantage" cannot relate to the subsequent authentication process, and that the difference over D1 essentially boils down to improving the security of the registration process by means of a number of one-time, pre-defined passwords provided on cards.
8. The Board regards the general idea of protecting a transaction, here a registration, with a password as non-technical and also well known. The Board further considers that the idea of using a predefined set of one-time passwords for user or merchant authentication also lacks technicality. Even when considered technical, this feature could not support an inventive step, as it corresponds to the well-known transaction authentication number (TAN) authentication procedure commonly used in online transactions. Making use of a server to store and verify the passwords or TAN numbers and of cards for distributing these to the merchant and customers is a straightforward implementation of this known procedure on well-known means.
9. The appellant argued that the invention addressed the sales of luxury goods where customers appreciate tangible objects, such as certificates on elegant cards, and formulated the objective problem as "how to make the use of security tokens more attractive to a given population".
10. The Board does not consider this an objective technical problem, as its formulation depends on the user's subjective preferences or expectations. From a technical point of view, the cards of claim 1 are merely a support for providing the merchant with the unique numbers to be used for the registration procedure. As observed above, this is an obvious implementation possibility.
11. Accordingly, the Board concludes that claim 1 of the sole request lacks an inventive step over D1 (Article 56 EPC).
12. As the appellant did not file a request for oral proceedings, the decision can be taken in written proceedings.
For these reasons it is decided that:
The appeal is dismissed.