BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | ||
England and Wales High Court (Patents Court) Decisions |
||
You are here: BAILII >> Databases >> England and Wales High Court (Patents Court) Decisions >> Sycurio Ltd v PCI-Pal PLC & Anor [2023] EWHC 2361 (Pat) (25 September 2023) URL: http://www.bailii.org/ew/cases/EWHC/Patents/2023/2361.html Cite as: [2023] EWHC 2361 (Pat) |
[New search] [Printable PDF version] [Help]
Neutral Citation Number: [2023] EWHC 2361 (Pat)
Case No: HP-2021-000030
IN THE HIGH COURT OF JUSTICE
BUSINESS AND PROPERTY COURTS OF ENGLAND AND WALES
INTELLECTUAL PROPERTY LIST (Ch)
PATENTS COURT
Rolls Building
Fetter Lane
London, EC4A 1NL
25 September 2023
Before :
MRS JUSTICE BACON
- - - - - - - - - - - - - - - - - - - - -
Between :
|
SYCURIO LIMITED (formerly Semafone Limited) |
Claimant |
|
- and - |
|
|
(1) PCI-PAL PLC (2) PCI-PAL (UK) LIMITED |
Defendants |
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Michael Silverleaf KC and Kyra Nezami (instructed by Michelmores LLP) for the Claimant
Guy Tritton, Edward Cronan and Laura Adde (instructed by Shepherd & Wedderburn LLP) for the Defendants
Hearing dates: 12–16, 21–23 June 2023
- - - - - - - - - - - - - - - - - - - - -
Approved Judgment
PROVISIONAL NON-CONFIDENTIAL VERSION
Note: Excisions in this Judgment marked “["]” relate to commercially confidential information.
This judgment was handed down remotely at 4.45pm on 25 September 2023 by circulation to the parties or their representatives by email and by release to the National Archives.
The parties’ positions as to the skilled team
The subject matter of the Patent
Techniques available for addressing fraud and the PCI DSS requirements
Prior art relied on in this case
Section 60(1)(b) infringement on a normal construction
MRS JUSTICE BACON:
1. This case concerns Patent GB 2473376 (the Patent), entitled “Signal detection and blocking for voice processing equipment”, which concerns the processing of telephone calls within a call centre. The claim of the Patent in issue is claim 9, which claims a method of reducing fraud by call centre agents, by blocking DTMF tones entered by a caller from being transmitted to the agent when the caller is using the keypad to provide sensitive information required for a transaction, such as their payment card details. The priority date of the Patent is 9 May 2008.
2. The claimant (Sycurio) is the proprietor of the Patent. It contends that the defendants (collectively PCI-Pal) have infringed and continue to infringe the Patent, either literally or under the doctrine of equivalents, by their cloud-based secure card payment system known as Agent Assist Gen 2 (Agent Assist). Agent Assist is available in a variety of variants, and Sycurio contends that each variant infringes.
3. PCI-Pal challenge the validity of the Patent on various grounds, deny infringement, and (by way of counterclaim) seek declarations of non-infringement in relation to nine proposed enhancements of the Agent Assist system.
4. Mr Silverleaf KC and Ms Nezami appeared for Sycurio; PCI-Pal were represented by Mr Tritton, Mr Cronan and Ms Adde. Mr Silverleaf, Ms Nezami, Mr Tritton and Mr Cronan all made submissions at the hearing, and both sides provided detailed written opening and closing submissions. There were no witnesses of fact; there were, however, two experts for each party, who provided written expert reports and were cross-examined at the trial.
6. The issues in dispute slightly narrowed during the course of the trial, the remaining issues being as follows:
i) The subject matter of the Patent and accordingly the nature of the skilled team.
ii) The scope of the common general knowledge (CGK), which was largely dependent on the identification of the skilled team.
iii) The construction of various points in claim 9.
iv) Identification of the inventive concept of claim 9.
v) Obviousness of claim 9 over US patent 2004/0193897 A1, published on 30 September 2004, referred to as Van Volkenburgh.
vi) Obviousness of claim 9 over US patent 2006/0050658 A1, published on 9 March 2006, referred to as Shaffer.
vii) Obviousness of claim 9 over a prior art press release by the company LiveOps, published in “destination CRM” magazine in January 2007, referred to as LiveOps.
viii) Whether claim 9 relates to excluded subject matter under s. 1(2)(c) of the Patents Act 1977, on the basis that it only discloses a scheme or method for doing business or a computer programme.
ix) Whether claim 9 contains matter extending beyond that disclosed in the original application for the Patent as filed.
x) Whether any of the Agent Assist variants infringe claim 9 under s. 60(1)(b) and/or s. 60(2) of the Patents Act 1977, on a normal construction or the doctrine of equivalents (and including the question of a Gillette/Formstein defence based on obviousness over US patent 2005/0246242 A1, published on 3 November 2005, referred to as Proctor).
xi) Whether any of the Agent Assist enhancements infringe claim 9, and if not whether PCI-Pal should be granted a declaration of non-infringement.
7. As I will explain, I do not need to decide some of those issues in light of the way in which I have decided other issues in the case.
8. Before commenting on the evidence of the expert witnesses for Sycurio and PCI-Pal, respectively, it is necessary to make some preliminary observations about the duties and responsibilities of expert witnesses in patent cases, and the corresponding obligations of the solicitors who assist those witnesses in preparing their evidence.
9. There is no dispute that an expert witness in a patent case is subject to the rules of CPR Pt 35. These include under r. 35.3(1) the duty of experts “to help the court on matters within their expertise”, and under r. 35.10(1) the requirement for an expert’s report to comply with Practice Direction 35.
10. Practice Direction 35 includes the following requirements:
“2.1 Expert evidence should be the independent product of the expert uninfluenced by the pressures of litigation.
2.2 Experts should assist the court by providing objective, unbiased opinions on matters within their expertise, and should not assume the role of an advocate.”
11. The starting point in both CPR Pt 35 and the accompanying Practice Direction is therefore that the expert witness must give evidence on matters which fall “within their expertise”. That may of course require the expert to do some further research to enhance their existing knowledge in the field, so as to be able to assist the court with the specific issues in the case. An expert may also wish to do background reading in relation to a related field in which they do not profess specific expertise, so as to be able to understand the context of the questions which they are asked which do fall within their field of expertise, and thereby to give useful answers to those questions.
12. What the expert should not, however, do is to give evidence on the basis that they have sought to read in and educate themselves in the relevant field for the purposes of the case in question. A person does not become an expert by virtue of having acquired knowledge in the course of the case itself. Nor should an expert give evidence on a subject which falls outside their expertise, but which they consider they understand “well enough” to express a view on the matter. An expert is not instructed for court proceedings on the basis that they believe that they have “sufficient” grasp of the matter to express a view, or are able to teach themselves what they need to know in the course of preparing their evidence. They are instructed on the basis that they are a genuine expert in the relevant field, whose opinions may be relied upon and given weight by the court.
13. As to the process by which an expert report is prepared in a patent case, both parties agreed that the position was correctly set out by Arnold J in Medimmune v Novartis [2011] EWHC 1669 (Pat), §§99–114. In particular, both parties endorsed the propositions that the specialist nature of such cases and the likely fields of expertise of the expert witnesses instructed in such cases mean that expert witnesses in patent actions require a “high level of instruction by the lawyers”, and that in practice expert reports in patent cases are often drafted by the lawyers on the basis of what the expert has told them, with the expert then amending the draft report as appropriate (§110).
14. That process must not, however, obscure the duties of the expert as set out in CPR Pt 35 and Practice Direction 35. In particular it must not lead to an outcome where the expert strays into giving evidence on matters falling outside their expertise, on the basis that they have been asked questions by their solicitors which they have endeavoured to answer. That is an outcome which both the expert and their instructing legal team must be vigilant to avoid. The instructing solicitors should not simply assume that the expert will understand the requirements of CPR Pt 35 and the Practice Direction. It is their responsibility to ensure that the expert has the necessary expertise and is aware of the duties imposed on an expert witness.
15. With those preliminary comments in mind, I will comment on the parties’ expert witnesses. The evidence of those witnesses was divided up differently, reflecting a fundamental disagreement between the parties (which I will need to address below) as to the subject of the Patent and the characteristics of the skilled team to which it is primarily addressed.
16. Sycurio divided its evidence between Mrs Concepta Penn and Professor Kin Leung. Both of them were cross-examined.
17. Prof Leung specialises in telephony and networking. Since 2009 he has held the position of Head of the Communications and Signal Processing Group within the Electrical and Electronic Engineering department at Imperial College, London. His principal role was to explain to the court how traditional circuit switched and more modern packet switched internet-based telephony systems work, in order for the court to understand (in particular) the technology underlying PCI-Pal’s Agent Assist system. His expertise was unquestionable, and most of his evidence was uncontroversial.
18. Mrs Penn is a consultant specialising in payment card processing, including call centre payments, at an operational level. She has in-depth knowledge of the various international card scheme rules, and UK and EU card payment standards. In that field, her expertise was not in doubt. She does not claim to have any expertise in the technical solutions used to implement the card processing systems which she has worked on and designed, and she explained that for those purposes she would work together with engineers who would implement the system she had specified. Her evidence addressed the issues in the action as a whole, including the scope of the CGK, novelty and obviousness over the prior art, and infringement. She was therefore Sycurio’s main witness in the action, and she was cross-examined over almost two days. At the outset of her cross-examination, Mr Silverleaf noted that Mrs Penn was dyslexic and might on occasion need additional time to read documents.
19. During her cross-examination, it became apparent that Mrs Penn was struggling to understand and answer the questions put to her on the technical documents, in particular the Van Volkenburgh, Schaffer and Proctor patents and PCI-Pal’s Product and Process Description (PPD), despite having addressed all of these in considerable detail in her expert reports. Her answers became increasingly confused, and on several occasions she was unable to explain points that she had specifically commented on in her written evidence. Following discussion with Mr Silverleaf immediately after Mrs Penn’s oral evidence had concluded, and further discussion during the next day of the hearing, Mr Silverleaf recalled Mrs Penn (at my invitation) to explain her difficulties during her cross-examination and also the way in which her written evidence had been prepared.
20. When recalled, Mrs Penn gave evidence in chief (in response to questions from Ms Nezami) and was then cross-examined again by Mr Tritton. It is to Mrs Penn’s credit that she was willing to be recalled after what had clearly been a very difficult initial cross-examination, and the explanations which she went on to give were in my judgment entirely candid.
21. Mrs Penn started off by explaining that she had struggled in particular on the second day of the trial due to lack of sleep and a medical issue for which she was taking prescription medication. She had been dehydrated and had become increasingly unable to concentrate on the questions she was being asked. She said that her dyslexia meant that she had been unable to find relevant references in the documents she was being asked about, which had added to her stress.
22. I accept that these issues may well have impacted on the quality of Mrs Penn’s evidence (particularly on the second day of her cross-examination). The real problem, however, was that she was giving evidence about matters which fell well outside the scope of her expertise. That had been apparent from the first day of her cross-examination and continued throughout her oral evidence. It was confirmed by Mrs Penn’s description of the way in which her evidence had been prepared, in response to Mr Tritton’s further cross-examination. She explained that she had not written the first draft of her expert reports herself, but had sent copious notes to her instructing solicitors, who had then spent many months putting her reports together, with further input from her on specific points. She frankly admitted that she had struggled to understand PCI-Pal’s PPD and had spent many days and a “huge amount of research” to be able to do so. The Shaffer patent had been, she said, “an absolute nightmare” to try and understand, but she said that she had eventually got through it. She had done research on various other technical points to reach what she considered to be an adequate level of understanding to enable her to comment on them in her evidence. She maintained that the final written reports were entirely her own evidence, and that she had read them carefully and agreed with the points made. She said, however, that because her own language was so non-technical, the solicitors had sometimes reformulated what she said to put it into the right form of words.
23. Having considered Mrs Penn’s further evidence, Mr Tritton eschewed any submission that it had been prepared in an improper manner, as such. But Mrs Penn’s explanations highlighted the difficulties she faced in trying to address the issues in the case. She had sought - no doubt with the best intentions - to understand and educate herself on the telephony technology referred to in the prior art and the PPD. It was, however, not within her field of expertise and she should not have been giving evidence on those points. That should have been readily apparent to her instructing solicitors.
24. The result is that I am unable to accept Mrs Penn’s evidence on any matter that falls outside her core area of expertise. As to the matters which did fall within her expertise, namely payment card processing systems and the relevant industry requirements and standards applicable to those, her evidence was not controversial. The disputed matters in the case, in so far as they concerned the expert evidence, were matters on which Mrs Penn had opined, but for which I cannot give her evidence any weight.
25. That is no doubt why, in his closing submissions, Mr Silverleaf placed almost no reliance on Mrs Penn’s evidence. He contended that he did not need to do so, because he could make his points as legal submissions on the basis of the undisputed material and PCI-Pal’s own evidence. That was an unfortunate position to end up in, given the extensive scope of Mrs Penn’s written evidence. For the reasons set out below I consider that Mr Silverleaf’s submissions on the technical points could not be maintained without evidential support, which he ultimately did not have.
26. PCI-Pal divided their evidence between Mr Craig Robinson and Mr Colin Whittaker. Both of them were cross-examined.
27. Mr Robinson is a consultant in call centre and telephony technology. His areas of expertise include telecommunications, networks, contact centres and customer experience. He has extensive experience supporting clients with the design, specification and implementation of call centres. He was PCI-Pal’s main witness in the action, and his evidence addressed most of the issues in the case, including the scope of the CGK, novelty and obviousness over the prior art, and infringement. He acknowledged that there was some overlap between his experience and that of Mr Whittaker. He therefore specifically did not comment on the issues addressed by Mr Whittaker regarding the handling of payment information and the understanding of the prior art from the perspective of a payments advisor.
28. As with Mrs Penn, Mr Robinson was cross-examined for almost two days. He was a very impressive and knowledgeable witness. His responses to questions, including highly technical questions, were consistently careful and comprehensive, and provided considerable assistance to the court. He explained the steps that he had taken to avoid hindsight when considering obviousness over the prior art.
29. Mr Whittaker is a consultant specialising in cyber security and risk. He worked for many years as the information technology security officer at the Association for Payment Clearing Services (APACS), which was established by the UK banks to manage payment clearing and overseas money transmission in the UK. In particular, he was responsible for the APACS e-commerce programme and developed the industry standard for two-factor authentication technology. Mr Whittaker’s evidence focused on payment processing and the handling of payment information - essentially the area of Mrs Penn’s evidence in which it was undisputed that she also had relevant expertise. It was common ground that Mr Whittaker was an excellent witness, who gave clear and straightforward answers to the questions asked in cross-examination. Mr Silverleaf positively asserted that his evidence should be accepted, and he relied on that evidence in his closing submissions.
30. The concept of the person skilled in the art or skilled team (for convenience I will adopt the latter expression) is well-established and there was no doubt about the principles to be applied. I can therefore summarise them shortly:
i) The skilled team is a hypothetical construct, used to identify the notional research team to whom the patent is addressed, and whose combined experience and way of thinking is used by the court to determine the teaching of the patent, the sufficiency of the patent, the teaching of the prior art, and what it would be obvious to do in light of the prior art.
ii) A patent specification is addressed to those persons likely to have a real and practical interest in the subject matter of the invention. The skilled team must therefore consist of persons with practical knowledge and experience of the kind of work in which the invention is intended to be used: see Kitchin LJ in Medimmune v Novartis [2012] EWCA Civ 1234, §72.
iii) The attributes and experience of the skilled team are to be identified by asking the objective question “what problem does the invention aim to solve?”: Birss J in Illumina Cambridge v Latvia MGI Tech [2021] EWHC 57 (Pat) §§68–9.
iv) It is also relevant to ask whether there are real research teams operating in the field: Mellor J in Alcon v AMO [2022] EEWHC 955 (Pat), §214.
v) Every member of the skilled team is deemed to be unimaginative with no inventive capacity: Henry Carr J in Garmin (Europe) v Koninklijke Philips [2019] EWHC 107 (Pat), §85(iv).
vi) Once the skilled team is identified, the patent and the prior art are considered on the basis of the “knowledge and assumptions” which are attributed to that skilled team: Lord Hoffmann in Kirin-Amgen v Hoechst Marion Roussel [2004] UKHL 46, §32.
31. While there are some cases where the skilled team relevant for the purposes of construction and sufficiency of a patent may differ from the team relevant for the purposes of assessing obviousness, it was common ground in the present case that the skilled team is one and the same for all of the disputed issues in the case.
32. There was a fundamental dispute between the parties as to the identity of the skilled team. They agreed that the overall team required to implement a telephone payment card facility for a call centre would need both someone with expertise in payment systems and card security, and someone with technical expertise in the design and implementation of telephony systems for call centres, including those where sensitive data are to be given by a caller. PCI-Pal said that the Patent is addressed to a skilled team that would include both areas of expertise - i.e. someone with expertise equivalent to that of both Mr Robinson (telephony technology) and Mr Whittaker (payment processing and the handling of payment information).
33. Sycurio, however, said that the Patent is directed at a payment systems problem, not a telephony problem. Accordingly, it said that the “controlling mind” of the skilled team should be the person with expertise in payment systems and their requirements (such as Mrs Penn or Mr Whittaker). That person would call on the technical skills of telephony engineers (such as Prof Leung or Mr Robinson) as necessary; but the assessment of whether the invention is obvious should on Sycurio’s case refer primarily to the thinking and approach of the payment system expert rather than that of the telephony system technical expert.
34. To address these contentions it is necessary to start by considering the subject matter of the Patent. I will analyse the detail of the specification in the Patent further below.
35. The title of the Patent is “Signal detection and blocking for voice processing equipment”. The Patent specification states at the outset (p. 1) that:
“The present invention relates to a telephone call processing system and method, and in particular to an apparatus to enable a caller to perform a transaction, facilitated by a call centre, with a third party without having to disclose sensitive information to the call centre.
Also described is a system for the secure communication of information and a method of operating the same. The system and method described finds particular use in the communication of information, such as personal and/or financial information, between a user and a call centre or the like.”
36. The specification then describes the background to the invention, referring to the problem of breaches of security by call centre staff, the increasing use of dual-tone multi frequency (DTMF) signalling for the entry of sensitive customer information over the telephone as an alternative to the customer providing that information verbally, the problem that DTMF tones can be recorded by call centre agents and then decoded, as well as the fact that DTMF data will be stored in call recording files when calls are recorded by the call centre, making those data vulnerable to theft (pp. 1–2). The specification goes on to comment (p. 2) that:
“Accordingly, there is a need for an improved system and method for allowing secure communication across a telephone system, in particular to allow for personal and/or financial data and information to be provided in a secure manner.”
37. The Patent is therefore concerned with a solution for the problem of agent fraud at call centres, having regard to the vulnerabilities of the existing technical solutions such as the use of DTMF signalling. On its face, the problem which the Patent aims to solve is a technical one, directed at a telephony solution for the problem of agent fraud in call centre remote transaction systems. It is not solely a payment systems issue to be addressed primarily by a payment systems expert without relevant technical expertise.
38. That conclusion is supported by Mr Robinson’s evidence as to the existence of real teams in the field. As he said, there are many such teams in the field regularly at work in setting up call centres. Those teams require telephony expertise, security expertise and (when taking payments is required) payments expertise. The solutions in the field therefore require a combined input from across a cross-section of skills. In his view, the Patent is directed at a team with precisely such a cross-section of skills, since it is concerned with the problem of mitigating potential for agent fraud in a specific technical way. He also pointed out that the Patent assumes significant technical knowledge on the part of the skilled team, requiring them to be familiar with the hardware described in the diagrams in the specification, in order to be able to interpret and implement the teaching of the Patent.
39. Mrs Penn did not agree. She considered that the Patent is addressed to someone with expertise similar to her own, who is working on payment card security and compliance with industry standards such as, in particular, the Payment Card Industry Data Security Standard (PCI DSS). Telephony engineers would not in her view have a practical interest in the system described in the Patent.
40. I unhesitatingly reject Mrs Penn’s evidence on this point. The Patent is not limited to discussion of payment card security issues, at what Mrs Penn sometimes referred to as an “operational” level, i.e. looking at the functional effects of the systems rather than the technical means of implementation of the systems. Rather, the Patent concerns a specific technical solution for the identified security issues, and accordingly contains numerous technical diagrams and a significant amount of technical description in the specification. It is plainly addressed to a person or a team with technical telephony expertise, and (as Mr Robinson rightly said) assumes significant technical knowledge on their part, which Mrs Penn did not claim to have.
41. The identification of the subject matter of the Patent therefore answers the question as to the skilled team for the purposes of this case. The skilled team is as identified by PCI-Pal: a team with a cross-section of expertise that includes both telephony expertise and payment systems expertise. I do not consider that the experts in either one of those fields should be regarded as the “controlling mind” of the team. While Mr Robinson noted that the skilled team implementing a telephony solution in a call centre will typically be led by a project manager, he said that the structure of such a team is likely to be relatively flat. Likewise, in implementing the teaching of the Patent in this case I consider that the skilled team would work together and would draw equally on the experience of all members of the team.
43. Prior to the priority date for the Patent, call centres used private telephone systems called private branch exchanges (PBXs), which comprised telephone lines (trunks) connected to the public switched telephone network (PSTN), and extensions to each telephone handset used by a call centre agent. During the 1980s, analogue PBX systems were replaced by digital PBXs, and by the priority date digital PBXs accounted for 90% of the market. The remaining systems used Voice over Internet Protocol (VoIP) technology, which businesses were starting to use by the priority date.
44. Both analogue and digital PBX systems used the traditional circuit switched network. By contrast, the more recent VoIP technology used (and continues to use) packet switched networks. The differences between these are discussed further below.
45. DTMF technology is legacy technology which was widely used in the UK by the late 1970s. A DTMF tone is an audible sound created when two pure frequencies (one high, and one low) are combined. Each button on a telephone keypad generates a different DTMF tone when pressed, and DTMF tones can therefore be used to input information via telephone instead of providing information verbally.
46. At the priority date DTMF tones were commonly used by call centres to provide information (including payment information) to Interactive Voice Response (IVR) systems. An IVR system is an automated system with which a caller can interact on a telephone call through either voice or with DTMF tones, a typical use being in an automated welcome menu (e.g. press “1” for “sales”, “2” for “accounts”, etc). IVR systems can play announcements and prompt callers to enter each piece of information, and can read information back to customers (such as a customer’s credit card number) and ask them to confirm it. At the end of an interaction with an IVR, the system may transfer the caller to an appropriate member of staff (automatically or by asking the caller to press a button) or end the call.
47. At the priority date, it was common for call centre technology (including DTMF functionality and IVR systems) to be based on telephony cards which were inserted into computers, and which could manage multiple calls at a time. Because the telephony card fitted into a standard computer expansion slot, the manufacturer only needed to develop the hardware and software for the specific functions of the card; everything else could be written by the user on the computer as standard software code or configuration. Typical functionality on telephony cards included a “silent monitor” function whereby a supervisor or trainer could listen in on an agent’s call for training or quality-control purposes, and a “whisper mode” whereby the supervisor could listen in to the call and speak to the agent, unheard by the caller.
48. Telephony card functionality also included DTMF blocking functionality (sometimes referred to in the materials before me as DTMF “clamping”), enabling DTMF tones to be blocked from one person on the call, such that the DTMF tones would not be heard by that person but the rest of the conversation would be heard. This functionality could be configured using the telephony card software. For example, when an agent pressed a DTMF button to transfer a customer to another agent, DTMF blocking could be used to prevent the customer from hearing the DTMF tone. DTMF blocking could be done in any direction (e.g. agent to caller or caller to agent), although there was no CGK application at the priority date which required DTMF blocking in the caller to agent direction.
49. DTMF signalling is still used in modern telephony networks, because it is backwards-compatible with older systems. The data are, however, typically transmitted in a different way as described below at §68.
50. Card payments are divided into two general categories: card present, or face-to-face payments, and card not present, or remote payments. The present case is concerned with remote payments, and specifically card payments processed over the telephone in a call centre environment.
51. There are four key parties to a credit or debit card payment transaction: (i) the cardholder, namely the customer who is paying by card; (ii) the merchant, namely the vendor that sells to the customer, and which accepts credit or debit card payments for the goods or services; (iii) the card acquirer, who acquires transactions from merchants and processes them; and (iv) the card issuer, which is the financial institution that has issued the credit or debit card to the cardholder on behalf of a particular card payment network (such as Visa or Mastercard).
52. The interaction between these four parties described above is shown in the following diagram (using an example in which the cardholder details are entered into an online form, rather than provided over the telephone).
53. Three steps are required to complete a card transaction:
i) Validation involves checking that the card details provided by the customer are valid, e.g. checking that the correct number of digits have been entered. This is done by the merchant (or “seller” in the diagram).
ii) Authorisation is the process by which the card issuer decides whether to authorise the payment transaction. The authorisation request (“payment request” in the diagram) originates from the seller, and is sent to the card acquirer and then on to the card issuer. The card issuer validates the card details and conducts fraud checking and credit checking to make the authorisation decision.
iii) Completion/settlement of the transaction follows an approved authorisation by the card issuer. It is only at this point that money changes hands. Settlement is handled by the card payment scheme which calculates the financial obligations between all participants in the system. After receiving an authorisation response, a transaction is completed by providing the customer with a receipt, and entering the details of the transaction on the settlement file. Those transaction details included the last four digits of the long card number (referred to as the Primary Account Number, or PAN), the transaction ID, and card expiry date, but not the card verification code. The remaining transaction data are then deleted from the system.
54. Originally, remote transactions were conducted with a customer reading their card details over the telephone to a merchant staff member or call centre agent. By the priority date, card details could also be entered by a customer using their telephone keypad to generate DTMF tones as described above. Both approaches had significant security problems, and at the priority date payment card fraud for remote transactions was a well-known problem in the payment card industry. One of the major vulnerabilities was the possibility of call centre agents gathering personal and customer data from their conversation with the customer, either by writing customers’ card details down where these were provided verbally, or by recording DTMF tones and decoding them later.
55. The PCI DSS standard is an international set of minimum data security standards to be followed by merchants and acquirers who handle payment card data, its purpose being to limit the compromise of payment systems, to ensure cardholder data are handled securely, and to protect those data from theft and fraudulent misuse. It was developed cooperatively by the international card schemes, including Visa and Mastercard.
56. PCI DSS v1.1 was the applicable version of the standard at the priority date. It included the following requirements:
i) Requirement 3.2: “Do not store sensitive authentication data subsequent to authorisation (even if encrypted)”.
ii) Requirement 3.3: “Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)”.
iii) Requirement 3.4: “Render PAN, at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches: [various encryption techniques]”.
iv) Requirement 4.1: “Use strong cryptography and security protocols such as secure sockets layer (SSL) / transport layer security (TLS) and Internet protocol security (IPSEC) to safeguard sensitive cardholder data during transmission over open, public networks”.
57. Most of the requirements relate to securing data within the call centre, while the others are concerned with protecting the perimeter of that environment. The standard approach taken for PCI DSS compliance prior to 2008 was to protect the cardholder data environment. The preface to PCI DSS v1.1 described the scope of the PCI DSS security requirements by reference to the cardholder data environment as follows:
“These security requirements apply to all ‘system components’. System components are defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment.”
58. At the priority date, the most common method of payment processing over the telephone was via a conversation with the agent in which the caller simply read out their payment card details. The second most common approach, also in widespread use, was via an IVR with a payment line.
59. The widespread use of call recording in call centres presented a particular challenge for both of these approaches. The UK Financial Services Authority (FSA), the predecessor to the Financial Conduct Authority, had since the early 2000s required the whole telephone conversation relating to certain financial transactions to be recorded. This conflicted with (among other things) PCI DSS requirement 3.2. The FSA therefore agreed that card payment data could be excluded from the call recordings.
60. Two techniques were available (and CGK) for mitigating fraud within a call centre and complying with the PCI DSS requirements (in particular requirement 3.2) whilst meeting the general FSA requirement for the recording of calls.
61. The primary solution available at the priority date was “pause and resume”. Where call recording was being used in a call centre, the call recording would be paused manually by an agent or by an automated process prior to the caller reading out their card details. The call recording would then be resumed after the card details had been provided, thereby avoiding the capture of card details on the call recording files.
62. The second commonly used solution was what the parties referred to as “mid-call transfer”, where the call was transferred from the call centre agent to an IVR, such that the agent was no longer on the call. The IVR system would then prompt the caller to enter their payment card details using DTMF. Once the transaction was completed, the call could be passed back to the agent. This solution resulted in normal voice communication between the caller and the agent being interrupted. Some implementations could, however, provide feedback to the agent showing progress on the IVR system. One perceived disadvantage of mid-call transfer was that cardholders sometimes struggled to enter data and gave up.
63. Both analogue and digital telephone calls in a circuit switched network require a physical connection (i.e. a circuit) to be established from one caller to another. The PSTN contains many switches (telephone exchanges) connected by communication links (trunks) to the public network, such that when a call is made, the system finds a route from the caller through multiple switches and trunks to establish a circuit with the callee.
64. In the 1970s data networks were established which communicated data via the Internet Protocol (IP), i.e. the early internet system. In order to achieve high reliability and communication speeds, data were not sent via a single circuit, but were split into individual packets, with each packet sent across the network in the most efficient way. Different packets could therefore be sent by different routes. These IP based networks are called packet switched networks. By the early 2000s, telecommunications providers began to move to a packet switched approach. Businesses also started changing their circuit switched PBXs to packet switched PBXs, and moving their voice calls onto the IP network. When voice data are sent via a packet switched network, this is referred to as Voice over Internet Protocol (VoIP). The existence of VoIP technology was CGK at the priority date.
65. Data communication on the internet (including VoIP calling) is controlled by a number of different protocols operating at different “layers” of the network stack. These layers consist of an application layer, where network applications reside; a transport layer, which transports application-layer data between two end points of an application; the network layer, which is responsible for moving network-layer packets from one end device to another, and which runs using the Internet Protocol (IP); a link layer which supports transmission and reception of data packets across links connecting routers or end-devices, using for example WiFi; and a physical layer which moves individual bits across the transmission medium of the link, using for example copper wire, coaxial cables, fibre optics, or 4G and WiFi radio channels.
66. The protocol used for a particular type of communication depends on the type of data being sent. One relevant protocol is the Session Initial Protocol (SIP), first defined in 2002. SIP is an application-layer protocol which is used to set up, end or otherwise manage a VoIP call between two or more parties.
69. I have summarised above the subject matter of the Patent. As set out above, the essential problem addressed by the Patent is that of agent fraud at call centres, having regard to the potential for DTMF tones to be recorded by call centre agents and/or stored in the call centre’s call recording files. The invention described is a system and method for allowing a user to conduct a transaction with a call centre involving the secure transmission of sensitive data, such as personal information and financial information, without interrupting the verbal communication between the user and the call centre agent. The advantage described is that a voice conversation can continue with the call centre agent, while the sensitive information is transmitted in a way that does not expose it to the risk of compromise at the call centre (pp. 3 and 11).
71. The specification explains that the system uses a call processor, which may be of any suitable form to process call signal data, in particular transactional information, such that it is in a form that is not ordinarily readable by the call centre agent (or, in general, anyone accessing a recording of the call) but may still be processed in order to complete the transaction (p. 13). The specification states that the call processor “may” use a telephony card (p. 5).
72. Figure 3(b) illustrates a modularised call processing system using a telephony card and telephony processing module located within a single unit.
73. Figure 2 shows a simple form of the way in which the call processor can work. As described in the specification, the call processor is the intermediary between the caller and agent, and acts to modify the characteristics of the call or signal from the caller to the agent, such that sensitive data are barred from reaching the agent and routed instead to the external entity, while allowing the agent to facilitate the interaction with the external entity. The specification states that the call processor can be made compatible with any traditional telephony network, including SIP and VoIP telephone systems (p. 18).
80. In both of the two alternative arrangements described above, the transactional information is processed in a way that renders it unreadable by the call centre agent or anyone accessing a recording of the call (p. 13). The difference between the two versions turns on whether the transactional information is routed directly to an external entity for processing without being processed by the call centre (as in Figure 12), or is initially processed by the call centre albeit without being readable by the call centre agent, before then being relayed to the external entity (as in Figure 14(a)).
81. Mr Silverleaf suggested that the two forms of implementation described at pp. 13–15 of the specification should be understood as distinguishing between systems that are inside and outside the call centre. That is not correct. The Patent specification does elsewhere make a quite separate distinction between call processors which are located within the call centre (such as in Figure 2, shown above) and arrangements where the call processor is located at a site external to the call centre. As the specification notes, the call processor can be placed at any point along the telephony network between the caller and the agent (p. 18).
82. But the description of the two alternative arrangements at pp. 13–15 of the specification does not require the call processing system to be inside or outside the call centre in either version. Rather, as set out above, the discussion concerns whether the sensitive information is sent to the external entity without going to the agent or the agent’s system, or whether it is sent to the agent’s system for processing albeit without being divulged to the agent. It is notable that the examples used to illustrate this distinction (Figures 12, 14(a)–(c) and 15) are all examples where the call processor is located outside the “boundary” of the call centre.
“A system has therefore been described in which a call processor can be used either as a hosted (voice) payment gateway (or as a customer premises or customer-provided equipment (CPE) at a call centre) which allows the collection of payment card data via the telephone keypad using the DTMF protocol (or potentially by voice recognition).
The call processor has the potential to eliminate (or reduce) the collection of card details by live agents by masking the data they receive. This means both the agent and the call recording do not ‘hear’ the DTMF data, such that pausing the call recording equipment or encrypting the data becomes unnecessary thereby removing a significant point of compromise for stolen card details.
In one implementation, the caller maintains a voice connection with the customer throughout the interaction; there is no transferring of the call to an interactive voice response (IVR) system or other impersonal automated system. The call processor effectively ‘splits’ the call into voice and DTMF channels automatically such that the caller experiences little or no difference in call, other than a beneficial reduction in handling time. A safe (or secure) mode in the call processor is automatically activated when a secure transaction is required. In the safe mode the call processor effectively removes the DTMF channel from the Call Centre Agent’s experience. The configuration of the call processor allows it to be integrated directly with existing call centre (transaction handling) applications to collect and transmit secure data.
Accordingly, aside from the communication of card details, the call between customer and merchant is entirely as normal and indeed the agent and the customer remain in voice contact throughout the call. This means that customer satisfaction levels are maintained and any input errors can be quickly identified and remedied.”
84. Claim 9 is as follows, with the breakdown of integers as adopted by both parties for the purposes of these proceedings:
“[9(a)] A method of processing telephone calls comprising voice signals and data signals comprising:
[9(b)] receiving voice signals and data signals at a first telephone interface and
[9(c)] transmitting the voice signals and selectively transmitting the data signals received at the first telephone interface via a second telephone interface wherein
[9(d)] if said received data signals include transaction information signals representing information relating to a transaction said transaction information signals are blocked from transmission via said second interface;
[9(e)] generating a request based on said transaction information signals;
[9(f)] transmitting said request via a data interface to an external entity;
[9(g)] receiving a message from the entity via the data interface to identify success or failure of the request; and
[9(h)] processing the transaction information signals in dependence on the success or failure of the request.”
85. Claim 9 is thus a method claim. The Patent has a related apparatus claim, in the form of claim 1. Claim 1 describes a call processor which (in essence) performs the functions described in integers 9(b) to 9(h) of the claim 9.
86. The four last integers, 9(e) to 9(h), have been referred to by the parties as the “Request Features”. They define what is done with the transaction information signals after they are blocked from transmission via the second telephone interface. It is common ground that these processing steps would be familiar to the skilled team on the basis of the CGK, although there were some issues as to the construction of these integers.
87. There was no dispute as to the relevant principles of construction of the claims. In short summary, the claim must be interpreted purposively, with the purpose to be ascertained from the description and drawings. The construction of the claims should not, however, take into account equivalents, which fall to be considered separately: Saab Seaeye v Atlas Elektronic [2017] EWCA Civ 2175, §§18–19; Fiberweb Geosynthetics v Geofabrics [2021] EWCA Civ 854, §17.
88. While the embodiments described may be used to interpret the claims, they are merely examples of the claimed invention, and it is not normally legitimate to read into the claim limitations corresponding to details of specific embodiments if the patentee has not done so: Nokia v IPCom [2009] EWHC 3482 (Pat), §41.
89. Various questions of construction arise in relation to claim 9, which are addressed below.
90. The meaning of the phrase “telephone interface” was the subject of substantial submissions on both sides. It was common ground that the phrase has no specific technical meaning. That no doubt contributed to the fact that both parties struggled to articulate what they thought that this phrase meant in the context of claim 9.
91. Sycurio’s starting point was that a telephone interface is simply “an interface through which telephone signals pass”. That is, however, circular and adds nothing to the understanding of the phrase. More specifically, Sycurio said that telephone interfaces described either physical or logical boundaries in the transmission chain between the endpoints of a telephone call, such that there is an interface “at any point at which two pieces of equipment or networks pass information between them”. An example of a physical interface would be the port on a telephony card. An example of a logical interface would be “a software transformation of information from one form to another”. Sycurio relied in that regard on the evidence of Prof Leung, who said that he would interpret “telephone interface” as a form of network interface.
92. PCI-Pal’s position was that the telephone interfaces in claim 9 cannot be understood as referring to purely logical boundaries anywhere between the endpoints of the call, but must be understood as being the inbound and outbound interfaces on a call processor. Initially, PCI-Pal said that this had to be a “localised” call processor in the form of a physical telephony card. Mr Tritton in his closing submissions accepted (eventually) that a “telephone interface” in claim 9 does not necessarily require a physical port on a physical telephony card, but might take the form of a software interface in a packet switched network. What he said there had to be, however, was something that could be described as a call processor - wherever that was located, which could be anywhere - such that the interfaces represent the connections between the call processor and the caller and agent respectively.
93. Once it is accepted as common ground that a telephone interface does not require a physical port, but may be a software connection, the difference between the parties comes down to the question of whether the interfaces described are the interfaces of a call processor, or whether they are simply any sort of physical or logical boundary somewhere in the call transmission network.
94. Mr Silverleaf said that while a call processor is the subject of claim 1 of the Patent, claim 9 does not refer to a call processor. It followed, he said, that claim 9 does not refer to a call processor with inputs and outputs, but covers all systems in which the method described in the claim is carried out.
95. The premise of that submission is correct: claim 9 does not in terms refer to a call processor, unlike claim 1 of the Patent. It does not, however, follow that the method described in claim 9 does not require a call processor. Quite the opposite: the method described in claim 9 is a method of “processing telephone calls” in a particular way, specifically by splitting voice and (certain) data signals so as to block (certain) data signals from transmission to one of the endpoints of the call, while continuing to transmit the voice signals. Whether the processing takes place using software, or a combination of software and hardware (such as a telephony card configurable using the supplied and/or other software), there must be some functionality which carries out that processing.
96. Sycurio’s submissions ultimately acknowledged this point. Its opening submissions described the telephone interfaces as “the point in the logical channel through which the call is transmitted at which the operations required by the claim are performed”. In a similar vein, Sycurio’s closing submissions referred to “identifiable interfaces at which the functional requirements of the method are met. … They may be implemented in either hardware or software”. On Sycurio’s own case, therefore, the telephone interfaces are interfaces to the system (whether hardware and/or software) which carries out the functionality of the claim. Mr Silverleaf therefore realistically accepted in his closing submissions that claim 9 required a “call processing system”. There is no substantive or functional difference between that and the term “call processor” used by PCI-Pal.
97. The Patent specification itself, moreover, uses the terminology of “call processor”. Every time in the Patent specification that reference is made to a telephone interface, it is a reference to the interfaces of what is described as a call processor. The telephone interfaces referred to in claim 9 are therefore the interfaces of that call processor, however it is implemented. They cannot sensibly mean anything else. Sycurio’s suggestion that the interfaces might represent any “logical boundary” anywhere between the endpoints of the call is not only inconsistent with the way that the telephone interfaces are described throughout the specification, and the way that Sycurio itself elsewhere defines the concept of telephone interfaces, but would render the references to “interfaces” utterly meaningless in the context of claim 9.
98. I therefore accept, essentially, PCI-Pal’s interpretation of “telephone interface”.
99. As with the phrase “telephone interface” it is common ground that the “voice signals” in claim 9 do not refer to signal types in a technical sense. On that basis, Sycurio’s case was that claim 9 refers to “maintaining a voice connection so that effective voice communication is maintained”.
100. As became apparent from Sycurio’s submissions on infringement, Sycurio’s emphasis on maintaining “effective” voice communication was designed to allow it to argue (for the purposes of its infringement case) that the Patent does not require the voice connection to be maintained throughout the call. The word “effective” is, however, a gloss on the wording of claim 9. The claim itself requires voice signals to be transmitted to the second telephone interface, whereas data signals are only selectively transmitted. There is no suggestion that only “effective” voice communication is required.
101. Indeed, Sycurio’s written closing submissions said that a critical feature of the claim is that “voice communication between the caller and agent is maintained whilst the transaction information being entered is blocked from transmission to the agent”. On that basis, Sycurio argued that claim 9 is not obvious over Shaffer because Shaffer “does not suggest the blocking of DTMF signalling whilst transmitting voice”. Ultimately, therefore, there was not much between the parties on this point: the requirement is for the voice signals to continue to be transmitted during the call via the second telephone interface, while the data signals are being selectively blocked.
102. There is, however, no requirement for any particular telephony technology to be used. Claim 9 explicitly encompasses the use of VoIP technology, and it was CGK at the priority date that a VoIP call typically transfers voice data using RTP, which tolerates some reduction in quality through incidental loss of some packets (see §67 above). It was not, therefore, PCI-Pal’s case that the technology used is required to transmit 100% of the audio frequencies without any possibility of packet loss. What is required is that the voice signals are transmitted throughout the call and are not blocked or selectively transmitted.
103. A further issue relevant to infringement is the means by which certain types of data signals are blocked from transmission via the second interface. PCI-Pal contended that claim 9 requires a “frequency-based” approach to blocking, whereby the DTMF tones are filtered out of the telephone call but other audio frequencies in the voice signal are unaffected.
104. Claim 9 itself does not contain any requirement for those signals to be blocked by “frequency” as opposed to some other means, nor does the specification refer to blocking by frequency, as such. It follows from my conclusions above, however, that claim 9 does require the transaction information signals to be blocked in a way that does not affect the transmission of voice signals. That requires a targeted approach to blocking the transaction information signals as opposed to, for example, the blocking of both voice and data signals simultaneously.
105. Sycurio’s position was that “transaction information signals” must be understood to be payment information, consistent with its case that the Patent is concerned with secure processing of remote payments. I have already rejected the suggestion that the subject matter of the Patent is focused on remote payment processing. There is no doubt that the sensitive information envisaged by the Patent as requiring protection do include payment data. The specification notes that the transaction described is, preferably, a financial transaction (p. 9), and some of the examples in the specification specifically address situations in which payment information are being transmitted (such as the hosted payment gateway illustrated in Figure 12, shown above). But the Patent is not confined to financial transactions or payment processing. Rather, the specification refers to a system and method for allowing “personal and/or financial data and information to be provided in a secure manner” (p. 2), and states that the information required to make a transaction over the telephone may include address data, date of birth and national insurance number (p. 11, referred to at §70 above).
106. Claim 9 likewise does not confine itself to payment information. It differs in this regard from the dependent claim 10 of the Patent. Claim 10 does specifically claim the method of claim 9 “wherein said transaction information signals represent purchaser information (e.g. credit card details, bank account details or the like)”. Claim 9 is, however, not so limited, and no such limitation is required by the context of the Patent specification.
107. The external entity of claim 9 is the third party to which the sensitive transaction information is sent, using the method described in claim 9. The specification gives the examples of a bank, credit card company or retailer. Sycurio attempted to limit this to a bank or card acquirer; there is, however, no reason to read such a limitation into the claim. As already discussed, claim 9 is not confined to payment transactions.
108. The main dispute between the parties as to the interpretation of this integer, however, concerned the question of whether (as Sycurio contended, based on the evidence of Mrs Penn) claim 9 requires the transaction information to be “isolated” in the call processor and sent directly to the external entity, without being transmitted through the equipment, software or other components of the call centre telephony system. Mr Silverleaf contended that the isolation of the sensitive transaction information is the inevitable result of the combination of integers 9(c), (d) and (f), in that what is being described is the blocking of the sensitive data signals from passing through the second telephone interface, and sending those signals via a data interface to the external entity.
109. There is no doubt that integers 9(c)–(f) describe the blocking of the sensitive data signals from the second telephone interface, and the transmission to an external entity of a request based on those data signals. That does not, however, mean that the claim is limited to a method which sends the relevant data signals directly to the external entity without passing through any of the other components of the call centre telephony system. Nothing in claim 9 indicates that the method described is so limited. Integer 9(f), in particular, says nothing about the format in which the data is sent or whether it has undergone any processing to get it into an appropriate format for onwards transmission.
110. Nor is there any basis for reading into claim 9 such a limitation. Mr Silverleaf referred to Figures 11 and 12 of the Patent specification, which are examples of embodiments where the sensitive data are not sent into the call centre. As explained at §§75–77 above, that is one possible arrangement described in the specification, but it is not described as being the only one. On the contrary, as Mr Robinson pointed out in his evidence, Figures 14(a)–(c) and 15 all provide examples of embodiments of the Patent where the sensitive data are processed within the call centre (albeit that they are not accessible to the agent) before being sent to the external entity. These examples are described in the specification as illustrating the second alternative arrangement described at §§78–79 above, the benefit of those examples being that they show ways in which the call processor can be integrated into existing call centre systems for handling transactions. The “overview” part of the specification also notes that the call processor may be configured so as to be integrated directly with the existing call centre transaction handling applications (§83 above).
111. Mr Silverleaf’s response was to contend that although the embodiments illustrated by Figures 14(a)–(c) and 15 are included in the Patent specification, the claims of the Patent abandoned those options because the claims only covered embodiments where the call processing system was outside the boundary of the call centre environment.
112. There are two problems with that submission. The first is that there is nothing in the Patent to suggest that the claims only cover the situation where the call processor or call processing system lies outside the boundary of the call centre environment, to the exclusion of the arrangements illustrated by (for example) Figures 2 and 5, shown at §§73 and 74 above.
113. Secondly, as I have explained above, Mr Silverleaf’s contention rested on a misunderstanding of what is described in Figures 14(a)–(c) and 15. Those figures all show arrangements where the call processor is indeed located outside the boundaries of the call centre environment. But they are expressly described as illustrating ways in which the call processor (wherever it is located) can be integrated into existing call centre transaction handling systems. Figure 14(a), for example, shows the sensitive data being sent to an application server within the call centre, bypassing the agent, before being relayed by the application server to the external entity. This is quite clearly an arrangement contemplated as being within the claims of the Patent: it is expressly described in the “overview” section of the specification, and nothing in the claims of the Patent excludes this arrangement.
114. I therefore reject Sycurio’s contention that claim 9 incorporates an isolation feature such that the sensitive transaction data are sent directly to the external entity via the data interface, without being processed by systems within the call centre.
115. PCI-Pal’s opening skeleton argument objected that integers 9(g) and (h) were vague, giving rise to issues of sufficiency. Those objections were not pursued in closing submissions, which on this point were made by Mr Cronan. Mr Cronan’s submissions on sufficiency were, instead, focused on the concepts of “telephone interface” and “external entity”. In light of my conclusions above, I do not consider that those expressions are uncertain. They do not, however, have the meanings ascribed by Sycurio.
116. The inventive concept of a patent is “on the face of it what is specified by the claims”, freed from prolixity or unnecessary verbiage: Pumfrey J in Research in Motion v Inpro [2006] RPC 20, §132, and Jacob LJ in Pozzoli v BDMO [2007] EWCA Civ 588, §18. It must apply to all embodiments falling within the relevant claim, and cannot be defined in terms that apply only to a sub-group of embodiments with certain technical advantages: Arnold J in Datacard v Eagle Technologies [2011] EWHC 244 (Pat), [2011] RPC 17, §96.
117. The inventive concept pleaded by Sycurio (as amended) is as follows:
“The inventive concept of the aforesaid claims of the Patent is the processing of a telephone call comprising voice signals and data signals between a caller and an endpoint within the call centre so as to allow the voice communication from the caller to the call endpoint to continue throughout the call whilst blocking the data signals from transmission within the call centre if the data signals include sensitive transaction information signals so that the sensitive information is isolated within a secure environment and to transmit the data signals to an external entity for authorisation of the transaction.”
118. One problem with this summary is that it incorporates the isolation feature which I have already found is not part of claim 9. It follows from my conclusions as to the construction of claim 9 that the claim does not specify that data signals containing sensitive transaction information are “blocked from transmission within the call centre”, or “isolated within a secure environment”. They are merely blocked from transmission to the call centre agent. As discussed above, claim 9 encompasses embodiments such as in Figures 14(a)–(c) and 15 where the relevant data signals are sent for processing within the call centre.
119. It is of course right to say that some of the embodiments of the claimed invention envisage the isolation of the sensitive information within a secure environment, such as the example of a hosted payment gateway (§§76–77 above). But it would not be correct to define the inventive step solely by reference to that sub-group of embodiments, excluding other embodiments where, as discussed above, the sensitive information is processed within the call centre before being relayed to the external entity.
120. Sycurio’s reference to “allowing” voice communication from the caller to the call centre to continue reflects its interpretation of integer 9(c) as requiring no more than “effective” voice communication, which I have rejected. Claim 9, properly understood, requires the transmission of voice signals throughout the call, without being blocked. I have also found that claim 9 requires the voice signals to be received and transmitted by the call processor, which also receives but only selectively transmits the data signals.
121. As to what then happens to the data signals, it would not be accurate to say that the invention requires the transmission to an external entity of the data signals that are blocked from transmission to the call centre agent. Those data signals may, under some embodiments of the claim, be processed before transmission. Integer 9(e) simply specifies that a request is generated “based on” the transaction information signals, and that the request (not the data signals themselves) is then transmitted to an external entity.
122. As a final point, Sycurio’s reference to “authorisation” of the transaction suggests a payment transaction. As discussed above, the claim is not so limited.
123. The inventive concept of claim 9 is therefore more accurately described as being:
“The processing of a telephone call comprising voice signals and data signals between a caller and a call centre agent, such that the call processor transmits the voice signals from the caller to the agent throughout the call, but selectively blocks the data signals from transmission to the agent if those data signals include sensitive transaction information. The sensitive transaction data are then transmitted to an external entity for further processing.”
124. PCI-Pal’s case is that the Patent is invalid for obviousness, because it lacks inventive step over the prior art. PCI-Pal also advance objections of insufficiency, excluded subject matter and added matter. I have already addressed above the question of insufficiency and do not need to consider it further here. Nor do I need to address the issues of excluded subject matter and added matter, given my conclusions on obviousness set out below.
125. It was common ground that the question of obviousness set out in s. 3 Patents Act 1977 falls to be answered by following the approach set out by Jacob LJ in Pozzoli, §23, namely:
“(1a) Identify the notional ‘person skilled in the art’;
(1b) Identify the relevant common general knowledge of that person;
(2) Identify the inventive concept of the claim in question or if that cannot readily be done, construe it;
(3) Identify what, if any, differences exist between the matter cited as forming part of the ‘state of the art’ and the inventive concept of the claim or the claim as construed;
(4) Viewed without any knowledge of the alleged invention as claimed, do those differences constitute steps which would have been obvious to the person skilled in the art or do they require any degree of invention?”
126. Steps (1a), (1b) and (2) have already been addressed above. The focus of this section will therefore be on (3) and (4).
127. In relation to (4), it is not necessary to identify whether the difference between the prior art and the inventive concept of the claim is the only obvious step that would have been taken by the skilled person or team, since there may be a number of obvious implementations of the prior art. An obvious step arising from the prior art is therefore not rendered any less obvious simply because there are also other obvious steps which might have been taken: Laddie J in Brugger v Medic-Aid [1996] RPC 635, p. 661.
128. The court will commonly have reference to the evidence of properly qualified experts as to what would and would not be obvious. The expert’s conclusion in isolation (i.e. obvious or not) is, however, of little value: what matters is the reasons for that opinion: Jacob LJ in Technip France SA’s Patent [2004] EWCA Civ 381, [2004] RPC 46, §15.
129. It is also important to avoid hindsight on the part of the expert when considering whether a particular step would have been obvious. Hindsight may manifest itself in various ways, including where the expert focuses on parts of a prior document which would not have assumed significance to the reader unaware of the invention, but which may (with the invention in mind) be said to resemble the invention; or where steps in an obviousness argument are accepted too readily, with knowledge of the destination in mind; or where it is said that difficulties in implementing the prior art would have been overcome in particular ways, known because of the invention: Floyd J in Mishan v Hozelock [2020] EWCA 871, §98.
130. Hindsight “cherry-picking” from the prior art is therefore impermissible. But the skilled person is assumed to be able to assimilate the contents of long and complex documents that are cited as prior art: Henry Carr J in TQ Delta v Zyxel [2019] EWHC 562 (Ch), §224.
131. Three pieces of prior art are relied on by PCI-Pal in this case in support of its argument that the Patent is invalid on the grounds of obviousness: the Van Volkenburgh patent, the Shaffer patent, and the LiveOps press release. A further piece of prior art, the Proctor patent, is relied on for infringement but is not said to show obviousness.
132. PCI-Pal’s evidence on Van Volkenburgh, Shaffer and LiveOps was given by a mixture of Mr Robinson and Mr Whittaker. Sycurio’s evidence was given by Mrs Penn. Van Volkenburgh and Shaffer are, however, highly technical documents, and as explained above Mrs Penn was not qualified to give evidence on these. Mr Silverleaf therefore (as already noted) largely abandoned reliance on Mrs Penn’s evidence in his closing submissions, and made his submissions instead by reference to criticisms of the position taken by Mr Robinson, framed as legal submissions. The difficulty with that approach was that however he sought to present the points, Mr Silverleaf’s objections to Mr Robinson’s evidence ultimately rested on submissions as to the approach that he said would have been adopted by the skilled team. But without Mrs Penn, he had no evidential foundation for those submissions.
133. PCI-Pal, for their part, while saying that Mrs Penn’s evidence on any technical matters could not be relied upon, nevertheless sought to rely on her evidence (such as her answers to questions put in cross-examination) when it suited their case. That is an attempt to have it both ways. Given my conclusions above, I do not consider it appropriate to place any weight on Mrs Penn’s evidence on matters falling outside her core expertise of payment card processing at an operational (non-technical) level. I will, however, refer to Mrs Penn’s evidence where necessary to explain the basis of the dispute between the parties.
134. Van Volkenburgh is a US patent application published in 2004, entitled “Device and method for concealing customer information for a customer service representative”. The abstract describes:
“A method of concealing customer-provided information from an operator during a telephone conversation between the operator and a customer includes receiving [DTMF]-encoded customer information via a telephone connection to a customer telephone and generating a request asking the customer to confirm the information. The method also includes converting the [DTMF]-encoded customer information into an ASCII data stream and sending the ASCII data stream to a computing device, whereby the operator is unable to discern the customer information.”
135. Mr Robinson said that the document would be of immediate interest to the skilled team; that is undoubtedly correct, and was not disputed by Sycurio.
136. [0004] states that the invention provides a device and method that allows a customer to provide sensitive information during a telephone conversation with a live operator in a way that conceals the sensitive information from the operator. [0003] explains that the author has in mind payment information, such as a credit card or debit card number, or account number.
137. The method described at [0005] is to add a data masking device to the telephone connection between the caller and agent, with an input for receiving the customer information and two outputs: one to send signals to a computing device, which may include ASCII characters or encrypted signals, and a second output to transmit masked signals indicating to an operator that the customer is entering information. The masked signals may also include masking characters directed to a display device. The customer information may be provided in the form of DTMF signals, which the masking device may convert to an ASCII data stream in order to send to a computing device: [0006]–[0007].
138. As for the communication between the caller and the agent, [0019] notes that the device “passes vocal frequencies through to the operator’s communication device … enabling the customer to talk to the operator in the traditional way”. A similar comment appears at [0026], noting that the device “receives and captures encoded information from a customer who is engaged in a conversation with a live operator”. If the caller enters DTMF tones, those may also be transmitted to the operator. Alternatively, if further audible masking is required, the device may instead send masking tones to the operator: [0020].
139. [0013]–[0014] illustrate the operation of the invention:
“As an example, a customer of a utility company contacts the utility company to pay his utility bill. The utility company may employ a system whereby the customer may pay by check, debit card, credit card, or the like by providing account information to an operator. … At the appropriate point in the conversation with the customer, the operator asks the customer for payment account information. In response, instead of providing the information verbally, the customer provides the information by ‘keying’ the information using, for example, a telephone keypad, cell phone keypad, keyboard, reader, or the like, thus encoding it into tones or other electronic signals.
The tones generated by the customer are received by a data masking device designed according to the teachings of the present invention. The data masking device converts the signals into computer-readable signals and sends the computer-readable signals to a computer. In some embodiments the computer-readable signals may be encrypted. Thus, instead of verbally providing the sensitive information to the operator who then enters it into the computer, the customer is essentially entering the information directly into the computer, thus avoiding disclosure of the information to the operator.”
140. In the course of Mr Silverleaf’s written and oral closing submissions, three main objections to obviousness in the light of Van Volkenburgh were advanced. The first was that it did not disclose the isolation feature. That point falls away in light of my conclusions above.
141. Secondly, Mr Silverleaf said that it would not be obvious to implement Van Volkenburgh with a device that allowed voice communication to continue while data were being entered. The more obvious way of implementing the invention would in his submission have been to block both the voice and data signals while the sensitive data were being entered.
142. I do not accept that submission. As Mr Robinson noted, [0004], [0013], [0014], [0019] and [0026] of Van Volkenburgh all indicate that the invention envisages a live call continuing between the caller and agent while the sensitive information is provided. That point emerges most obviously from [0026] which states that the device receives and captures the encoded information from a customer “who is engaged in a conversation with a live operator”. Nothing at all in Van Volkenburgh states or even suggests that the masking device blocks the voice call while the caller’s sensitive information is being keyed in. Accordingly, while Mr Robinson readily accepted that the skilled team with knowledge of Van Volkenburgh could have implemented a solution which blocked both voice and data from the agent, if they had done so it would have been a step away from Van Volkenburgh, since that is not what Van Volkenburgh itself discloses.
143. There is therefore in this regard, contrary to Mr Silverleaf’s submissions, no difference between the disclosure of Van Volkenburgh and the inventive concept of claim 9.
144. Mr Silverleaf’s third objection was that Van Volkenburgh did not disclose turning on and off the blocking of data. PCI-Pal agreed that in this regard Van Volkenburgh differed from claim 9; but, as Mr Robinson said in his second report, there is nothing inventive in turning functionality on and off: “I struggle with the idea that somehow there is something inventive about turning on functionality when you need it.”
145. Mr Robinson’s evidence was also that the way in which the skilled team would most likely have implemented the Van Volkenburgh masking device, in a typical call centre at the priority date, would have been to use a telephony card inserted before the rest of the call centre, as follows:
146. In that configuration, it would have been necessary to configure the telephony card to switch DTMF blocking on and off, to allow the call centre IVR system and other functionality to operate.
147. Mr Silverleaf’s response was to say that Van Volkenburgh did not envisage use of a telephony card, but described a device attached to each agent’s computer. As Mr Robinson explained, however, the skilled team implementing Van Volkenburgh at the priority date, on the basis of the CGK and available technology, would have considered the use of telephony cards to be the most straightforward route. The alternative would have been to design and build something bespoke, which he considered would be far from straightforward and unlikely: “it would be quite unlikely that they would say, ‘right, there’s no circuit diagrams here, there’s no descriptions, there’s no components listed, let’s all get out our soldering irons and work out how to do it.’ I don’t think they would do that.”
148. Mr Silverleaf objected that implementing the invention of Van Volkenburgh would have required “extensive modifications” to the telephony cards, but he had no evidence to support that submission, and it was squarely contradicted by Mr Robinson’s evidence. As Mr Robinson explained in some detail when cross-examined on this point, the telephony cards available at the time could be configured using the standard software which came with the cards, a point with which he was familiar because he had used telephony cards himself in installations before the priority date of the Patent. Mr Robinson’s explanations in this regard were, in my judgment, supported by detailed and coherent reasoning, and were entirely convincing.
149. It follows that claim 9 is obvious over Van Volkenburgh.
150. Shaffer is a US patent application by Cisco Technology, published in 2006, entitled “Method and system for providing a conference service”. The abstract describes:
“A method for providing a conference service includes hosting a conference between a plurality of endpoints and communicating at least one media stream received from at least one of the plurality of endpoints to the remaining plurality of endpoints. The method also includes receiving a request to block communication of the at least one media stream to a first endpoint of the plurality of endpoints and blocking communication of the at least one media stream to the first endpoint.”
151. Mr Robinson noted that Cisco was the first major manufacturer to provide VoIP telephony technology, and that the patent discusses IVR and call centres. He said that it would have therefore been clear to the skilled team that the patent application was relevant to their interests. That was not as such disputed by Sycurio, but Mr Silverleaf said that the disclosure of Shaffer was not directed to payment systems and did not contain any discussion of the application of the teaching to financial transactions. That comment reflected, however, Sycurio’s case that the skilled team would be focusing on payment systems, and Mrs Penn’s evidence based on her experience in that field. Mr Robinson’s comments as to the relevance of Shaffer were, by contrast, made from the perspective of PCI-Pal’s description of the skilled team, as including expertise in both payment processing and telephony technology. I have accepted that definition of the skilled team, and I therefore accept Mr Robinson’s evidence on the relevance of Shaffer to that team.
152. Shaffer explains that the background to the invention arises in “multipoint conferences”, using “conference” to mean any communication with multiple endpoints. “Endpoint” is a standard technical term to mean the final device with which one is connecting, including a standard telephone, mobile phone or IVR system. By way of example, Shaffer notes at [0003] that a multipoint conference might involve a caller, live agent and an IVR system, with the communication from the caller to the IVR system being made through either speech or DTMF signals.
153. Schaffer’s idea is, in summary, that a participant to a conference can control the output of a particular “media stream” to other participants, by selectively blocking communication of a media stream to one or more of the participants. That enables callers, for example, to prevent an agent from hearing confidential information when it is transmitted audibly to an IVR system conferenced in with the caller and agent: [0006]–[0010]. This is illustrated by Figure 2 of the specification, reproduced below with Mr Robinson’s annotations:
154. The outbound connection 81b to endpoint 71 can therefore be turned on and off by the conference unit. As shown in the figure, it is open; if this is a voice communication, then the user at endpoint 71 can talk but cannot hear anything.
155. The idea of blocking “media streams” is explained further at [0017], which states that:
“particular embodiments allow one or more conference participants to control the ability of a participant to receive output from the conference. The blocking of media streams to or from an endpoint may include blocking voice or video streams, including, for example, files. In particular embodiments, the control modules may block a control channel or signalling received from one endpoint from being communicated to one or more other endpoints. Such control channel or signalling may be used by a participant, for example, for call setup purposes or for transmitting information to an IVR system, such as transmitting account information through DTMF signalling.”
156. Mr Robinson explained that the skilled team would understand this to mean that DTMF signalling could be blocked from reaching a particular endpoint, such that it could be blocked from being transmitted to the agent without other media streams being interrupted. As he explained, at the priority date DTMF signalling was most commonly sent in the voice stream, i.e. in-band. The distinction made by Shaffer between blocking a “media stream” and blocking a “control channel or signalling” would therefore, he said, be understood by the skilled team to have referred to the ability to block DMTF signalling contained within the voice stream.
157. Much of the Shaffer specification is occupied with providing technical information as to the technology that may be used to implement the invention. Various examples are, however, given to illustrate the applications of the method and system described. At [0035] it is noted that:
“As indicated above, particular embodiments may allow for the control or blocking of signalling received from one or more conference participants from being communicated to other participants. For example, the control modules may disable the in-band DTMF signals from one or more endpoints and thus provide better security for the caller.”
158. It was common ground that “as indicated above” in this paragraph is a reference to [0017]. Mr Robinson explained that disabling “in-band DTMF” means, in technical terms, the suppression of the audio frequencies of DTMF signalling when sent in the voice stream (hence “in-band”). Both [0017] and [0035] therefore refer to the blocking of DTMF signalling sent in-band in the voice stream.
159. [0041]–[0042] describe a practical application of the system as being a call to a bank to receive account information in which the caller is in a conference with both a live agent and an IVR system. If the IVR system prompts the caller to speak confidential information such as their account number, password or PIN, the agent may tell the caller to key in a specified string (e.g. **5) to mute the output to the agent. The caller may then speak their password securely, following which they may enter another string (e.g. **6) to restore audio communication with the agent. This enables the caller to include the agent in an IVR session when the caller needs help, while allowing the caller to convey and receive confidential information to and from the IVR system.
160. Most of the claims of Shaffer (claims 1–41) refer to the communication and blocking of media streams to different endpoints. Claims 42–45 of the patent, however, refer to the communication and blocking of signalling, rather than a media stream:
“42. A method for providing a conference service, comprising:
hosting a conference between a plurality of endpoints;
communicating signalling received from at least one of the plurality of endpoints to the remaining plurality of endpoints;
receiving a request to block communication of the signalling to a first endpoint of the plurality of endpoints; and
blocking communication of the signalling to the first endpoint.
43. The method of claim 42, wherein:
the first endpoint is used by an agent;
a second endpoint of the plurality of endpoints is used by a caller;
a third endpoint of the plurality of endpoints comprises an interactive voice response (IVR) system; and
receiving a request to block communication of the signalling to the first endpoint comprises receiving a request from the caller to block communication of the signalling to the agent.
44. The method of claim 43, wherein the blocked signalling comprises confidential information of the caller.
45. The method of claim 42, wherein the signalling comprises dual tone multiple frequency (DTMF) signals.”
161. As with Van Volkenburgh, Mr Silverleaf’s first objection to obviousness over Shaffer was based on the absence of the isolation feature, which is not an issue in light of my conclusions above.
162. Mr Silverleaf’s other objection was a contention that Shaffer does not suggest the blocking of DTMF signalling whilst transmitting voice. Rather, he said, Shaffer - in particular in [0035] - discloses blocking DTMF by blocking the entire media stream which contains the DTMF signalling; that approach would block both voice and DTMF communication from the particular endpoint. Reading [0017] and [0035] as disclosing the selective blocking of DTMF signalling but not voice would, he said, require hindsight which is not a permissible approach. In his submission, properly understood there is nothing in Shaffer to direct the skilled team towards the inventive features of claim 9.
163. I do not accept that submission. It was apparent from Mr Silverleaf’s closing submissions that this point was based on the evidence of Mrs Penn, who said that those paragraphs of Shaffer would be understood as suggesting the blocking of DTMF by blocking an entire media stream. Mr Robinson’s view was, however, that Mrs Penn had misread Shaffer and, in particular, had not properly understood the reference in [0035] to disabling in-band DTMF signalling, therefore providing better security for the caller. In his opinion, the skilled team would understand this to disclose the suppression of the audio frequencies of DTMF signalling, while keeping voice communication open. Mr Robinson also considered that the skilled team with the relevant telephony systems knowledge would be aware of the CGK hardware which was suitable to disable in-band DTMF (see §48 above), and would understand that it could be applied to improve security where sensitive information was to be conveyed using DTMF tones.
164. Given that knowledge, and once Shaffer was properly understood, Mr Robinson said that there were several obvious ways of implementing the disclosure of Schaffer. One option, if confidential information was to be given through voice communication, would be to block the voice media stream from passing to the agent, but allow it to pass to the IVR system where it could be processed. He noted, however, that the second most common approach used at the time to take payments over the phone was DTMF. On that basis, he thought that a system falling within claim 9 of the Patent would be an obvious implementation of Shaffer.
165. I accept Mr Robinson’s evidence on this point. Shaffer is a highly technical document which, as was very apparent during the course of Mrs Penn’s cross-examination, addresses matters far beyond the scope of Mrs Penn’s expertise. That is no doubt why, when Mrs Penn was cross-examined on the document, her evidence was extremely confused. She also candidly admitted that she did not understand the concept of “in-band DTMF signals” referred to in [0035], a critical paragraph of Shaffer for present purposes. She should not have been giving evidence on Shaffer, and I consider that her evidence on the document was wholly unreliable. Mr Robinson, by contrast, clearly understood all aspects of Shaffer, and was able to explain the significance of the technical concepts referred to in the document and the technology used by the skilled team at the priority date. With the benefit of that expertise, he was able to explain how the skilled team would have implemented the disclosure of the document. His explanations were comprehensive and coherent.
166. I do not accept Mr Silverleaf’s submission that Mr Robinson was infected by hindsight in his interpretation of “isolated references” in [0017] and [0035] as disclosing selective blocking of DTMF signalling. Those passages provide important examples using technical terms which are then repeated in the claims of the patent. While the majority of the claims of the patent (claims 1–41) describe blocking an entire media stream to one of the endpoints, claims 42–45 are different, and are expressed in terms which refer to blocking signalling from being communicated to a particular endpoint. As set out above, claims 44 and 45 specifically refer to the signalling in question comprising DTMF tones, and the possibility that the blocked signalling comprises the caller’s confidential information, which would be of obvious interest to the skilled team. [0017] and [0035] cannot, therefore, be dismissed as isolated references that have been read out of context. Rather, they are the specific passages of the specification which foreshadow claims 42–45.
167. Accordingly, I accept Mr Robinson’s conclusion that Shaffer describes a flexible system which can be used in a call centre environment, in which the system can block either a stream or signalling which is used to convey confidential information. As he expressed it in cross-examination: “This is a facility that allows you to control different endpoints and the different communication methods going to them. You can block voice, you can block DTMF, you can block video, you can block files.”
168. There is therefore no material difference between the disclosure of Shaffer and the inventive concept of claim 9.
169. LiveOps is a one-page article entitled “LiveOps: Tell the Rep Nothing”, which was published on 15 January 2007 on “destinationCRM.com”, a website said to be related to the CRM magazine (CRM standing for Customer Relationship Management”). The article concerns the launch of a “Secure Exchange” call centre system by the call centre platform vendor LiveOps.
170. The first paragraph of the article explains that Secure Exchange is a call centre system which allows callers to input or receive sensitive data during a service call without the need for intervention by the call centre representative. The article then contains the following two paragraphs (which I have annotated with paragraph numbers for convenience):
“[2] Call centers equipped with Secure Exchange interact with callers as normal until information exchange (PIN, Social Security number, or health status, for example) is required. At that point the agent directs the call to Secure Exchange, an automated system that prompts the caller through any required steps and reads the information to the caller or takes it from them, as necessary. The caller has the option of requesting assistance from the agent, and the agent monitors call progress (though not its content) throughout.
[3] Matt Fisher, vice present of direct response and shared services for LiveOps, likens Secure Exchange to other venues where the agent is involved but unable to eavesdrop. ‘It’s like punching credit card info into the checkout-line keypad at the grocery store,’ Fisher says. ‘You’re talking to the cashier, but they can’t see your information.’”
171. Mr Robinson’s evidence (particularly in cross-examination) was that paragraph 2 read in isolation discloses a system where the caller is transferred by the agent to a conventional IVR, while allowing the agent to monitor the progress of the call. He agreed that the description of the agent monitoring the call’s progress, but not its content, indicates that there is no audio channel open to the agent. He said, however, that paragraph 3 would change the skilled team’s understanding, in that the analogy given indicates that a live conversation is continuing while the secure information is being provided by the caller. His view, therefore, was that LiveOps when read as a whole discloses the idea of a voice call between the caller and agent continuing while sensitive information is being keyed in by the caller, in a way that does not reveal that information to the agent.
172. Mrs Penn disagreed. She was of the view that paragraph 2 of LiveOps indicates a mid-call transfer approach, and that the Fisher quote in paragraph 3 is sufficiently inconsistent with the content of paragraph 2 that the skilled team would consider it to be a bad analogy or just marketing speech, rather than an accurate indication of how the system worked. There was in this regard no dispute as to Mrs Penn’s ability to comment on the document, which is not a technical document. Mr Tritton did, however, suggest that Mrs Penn’s reluctance to answer some of his questions about LiveOps in cross-examination undermined the reliability of her evidence.
173. On this point I prefer Sycurio’s position. While I accept as a premise Mr Robinson’s comment that the skilled team would expect a quote from a Vice President within LiveOps to be an informative statement, the quote in this case does not describe, in terms, the functionality of Secure Exchange, but does nothing more than provide a vague analogy from a quite different context. There is nothing in the document to explain how that analogy fits in with the system as described in paragraph 2.
174. I am not, therefore, persuaded by Mr Robinson’s view that the skilled team would regard the analogy as transforming their understanding of the system described. That does not, in my judgment, sufficiently take account of the inconsistency between paragraphs 2 and 3. I consider it far more likely that (as Mrs Penn said) the skilled team would consider the quote in paragraph 3 to be either a bad analogy or loose language in a marketing context. To extract from the document the proposition that a live call is continuing with the agent notwithstanding the description in paragraph 2 is, in my view, only possible with a good deal of hindsight.
175. The disclosure of LiveOps is therefore, in my judgment, a system which provides for a transfer of the caller to an IVR system, while allowing the agent to monitor the progress of the call, and to provide further assistance to the caller if required.
176. In light of my conclusion as to the disclosure of LiveOps, the question of obviousness over LiveOps can be answered shortly. Mr Robinson’s evidence as to the way in which the skilled team would implement LiveOps turned on his assessment of the disclosure of the document. If the disclosure of LiveOps is as set out above, Mr Robinson (rightly) did not suggest that it would be obvious to implement LiveOps in a way that replicated the inventive concept of claim 9.
177. Claim 9 is therefore not obvious over LiveOps.
178. My conclusion is that claim 9 is invalid for obviousness based on both Van Volkenburgh and Shaffer. It is not, however, obvious in light of LiveOps.
179. In light of that conclusion it is not necessary for me to consider the further validity arguments raised by PCI-Pal concerning excluded subject matter and added matter.
180. It is also not, strictly speaking, necessary for me to consider the infringement arguments. These were, however, the subject of considerable evidence at the trial, which went not only to the issue of infringement of the current variants of Agent Assist but also the question of the declarations of non-infringement sought in relation to the proposed enhancements of Agent Assist. I will therefore address the issues below in case this matter goes further and these points become relevant.
181. Two issues arise in relation to infringement. The first is whether any of the Agent Assist variants infringe claim 9, either on a normal basis or under the doctrine of equivalents, and including consideration of whether a Gillette/Formstein defence is available on the basis of the Proctor prior art. The second is whether PCI-Pal should be granted a declaration of non-infringement in relation to nine proposed Agent Assist enhancements.
182. In relation to both of those issues, Sycurio’s evidence on infringement was given by Mrs Penn, and PCI-Pal’s evidence was given by Mr Robinson and Mr Whittaker. Mr Leung was not asked to comment on infringement. As regards Mrs Penn, I note below the main points on which she opined, but in light of my comments above regarding the scope of her expertise I do not accept any of her evidence on infringement as being reliable (or indeed properly expert evidence at all). The only reliable expert evidence before me on the infringement issues is therefore that of Mr Robinson and Mr Whittaker.
183. There was (again) no dispute as to the legal test. Sections 60(1) and (2) of the Patents Act 1977 provide, in so far as relevant:
“(1) Subject to the provisions of this section, a person infringes a patent for an invention if, but only if, while the patent is in force, he does any of the following things in the United Kingdom in relation to the invention without the consent of the proprietor of the patent, that is to say—
…
(b) where the invention is a process, he uses the process or he offers it for use in the United Kingdom when he knows, or it is obvious to a reasonable person in the circumstances, that its use there without the consent of the proprietor would be an infringement of the patent;
…
(2) Subject to the following provisions of this section, a person (other than the proprietor of the patent) also infringes a patent for an invention if, while the patent is in force and without the consent of the proprietor, he supplies or offers to supply in the United Kingdom a person other than a licensee or other person entitled to work the invention with any of the means, relating to an essential element of the invention, for putting the invention into effect when he knows, or it is obvious to a reasonable person in the circumstances, that those means are suitable for putting, and are intended to put, the invention into effect in the United Kingdom.”
184. Section 60(1)(b) refers to “direct” infringement; s. 60(2) refers to “indirect” infringement by supplying a means relating to an essential element of the invention.
185. Sycurio alleges infringement under s. 60(1)(b) both on a normal construction of the Patent, and (in the alternative) under the doctrine of equivalents. On a normal construction of the Patent, the question of infringement is approached by interpreting the words of the claim objectively in the context of the specification as a whole: HHJ Hacon in Regen v Estar Medical [2019] EWHC 63 (Pat), §207. If there is no infringement on a normal construction, the doctrine of equivalents requires the court to consider whether the disputed product or process varies from the invention in ways that are immaterial. The steps in the reasoning are (it is common ground) those set out by the Supreme Court in Actavis v Eli Lilly [2017] UKSC 48, and subsequently reviewed and summarised by the Court of Appeal in Icescape v Iceworld International [2018] EWCA Civ 2219, as follows:
66. The whole approach to interpretation and scope of protection therefore involves the following steps, considered through the eyes of the notional addressee:
i) Does the variant infringe any of the claims as a matter of normal interpretation?
ii) If not, does the variant nevertheless infringe because it varies from the invention in a way or ways which is or are immaterial? This is to be determined by asking these three questions:
a) Notwithstanding that it is not within the literal (that is to say, I interpolate, normal) meaning of the relevant claim(s) of the patent, does the variant achieve substantially the same result in substantially the same way as the invention, i.e. the inventive concept revealed by the patent?
b) Would it be obvious to the person skilled in the art, reading the patent at the priority date, but knowing that the variant achieves substantially the same result as the invention, that it does so in substantially the same way as the invention?
c) Would such a reader of the patent have concluded that the patentee nonetheless intended that strict compliance with the literal meaning of the relevant claim(s) of the patent was an essential requirement of the invention?
67. Of course, in order to establish infringement in a case where there is no infringement as a matter of normal interpretation, a patentee would have to establish that the answer to questions (a) and (b) above is ‘yes’ and that the answer to question (c) is ‘no’.”
186. PCI-Pal also raised the issue of a Gillette defence (in relation to the allegation of infringement on a normal construction of the Patent) or the related Formstein principle (for infringement under the doctrine of equivalents). The Gillette principle, derived from Gillette Safety Razor v Anglo-American Trading Company [1913] 30 RPC 465, operates as a squeeze where the alleged infringement is itself an obvious variant of the prior art at the priority date. In such a case the patent cannot be infringed, because if the obvious variant fell within the scope of the patent then the claim would be invalid: see comments of Birss LJ in Facebook Ireland v Voxer [2021] EWHC 1377 (Pat), §210.
187. Formstein [1991] RPC 597 was a German case where the same principle was applied in the context of an allegation of infringement by equivalents. The court’s conclusion was that there could be no such infringement if the alleged infringement was within the prior art or was not inventive in light of the prior art. HHJ Hacon in Technetix v Teleste [2019] EWHC 126 (IPEC), §§95–100, proceeded on the assumption that a Formstein defence should be recognised under English law. Birss LJ also endorsed the Formstein approach in Facebook Ireland v Voxer, §216, although it was not necessary for him to apply the principle in that case.
188. Sycurio accepted for the purposes of this dispute that the law is as stated by Birss LJ, but contended that on the facts neither a Gillette nor a Formstein defence is available to PCI-Pal.
189. If there is no infringement under s. 60(1), whether on a normal construction or under the doctrine of equivalents, Sycurio alleges s. 60(2) infringement.
190. Agent Assist provides a remote payment system which aims to remove as much of the merchant’s environment from the scope of the PCI DSS requirements as possible. The first generation of the system was a private data centre hosted platform. Agent Assist is the second generation of the system, which is a cloud-based system. Sycurio only alleges infringement in relation to this generation of Agent Assist and does not make any allegation of infringement in relation to the first generation product.
191. Agent Assist includes three main variants which are the subject of the infringement claim: Quick Connect, Voice Connect (which has two subvariants: Voice Connect With Media Release and Voice Connect Without Media Release) and SIP Connect (which also has subvariants, but the differences between these are not material). The variants have been created so as to integrate with different telephony solutions used by merchants. There is only one difference between the variants which is potentially relevant to the infringement issues, which is described further below.
192. All three variants of Agent Assist are cloud-based systems which operate using VoIP. All three variants use PCI-Pal’s custom application called Collection and Payment (CAP). CAP is hosted entirely remotely. In order to take a payment from a customer, the call from the customer needs to be routed through one of the Agent Assist variants, and the call centre agent needs to have access to CAP either through the CAP web portal or through an application that integrates with the merchant’s systems.
193. As is typical for modern VoIP systems, SIP signalling is used to manage the routing of the call, but voice data are transferred using RTP. Each Agent Assist variant uses a network-layer software application known as a Session Border Controller (SBC) to handle VoIP calls and to carry both the SIP signalling and the RTP voice data.
194. Agent Assist seeks to route the RTP voice and SIP signalling in the most efficient and cost-effective way. When a cardholder calls the merchant, SIP signalling is used to set up the call. Once the call is answered, the RTP voice path is established. What then happens differs according to whether the system is switched to normal or active mode.
195–202. ["]
203–237. ["]
238–251. ["]
252–253. ["]
254. Even if I had concluded that claim 9 is valid, I would have found that it is not infringed by Agent Assist, whether on a normal construction of the claim or under the doctrine of equivalents.
255. The final issue is the enhancements proposed by PCI-Pal, in respect of which a declaration of non-infringement is sought. Sycurio accepts that if the court finds that none of the Agent Assist variants infringe the Patent, then the Agent Assist enhancements will also not infringe the Patent. It is therefore not necessary to address this issue.
256. For the reasons set out above, my conclusions are that:
i) The Patent concerns a technical solution for the problem of agent fraud at call centres. The skilled team is therefore a team with both telephony expertise and payment systems expertise.
ii) The scope of the CGK is as described at §§42–68 above.
iii) I prefer the submissions of PCI-Pal as to the construction of claim 9 of the Patent. I do not accept PCI-Pal’s (alternative) submission that the claim is invalid for insufficiency.
iv) The inventive concept of claim 9 is as described at §123 above.
v) Claim 9 is obvious over both Van Volkenburgh and (separately) Shaffer, and therefore invalid. I do not consider that it is obvious over LiveOps.
vi) It is therefore not necessary to consider PCI-Pal’s further invalidity arguments based on excluded subject matter and added matter.
vii) Even if claim 9 were found to be valid, neither the current variants of Agent Assist nor the proposed enhancements infringe claim 9 either on a normal construction or under the doctrine of equivalents. To the extent necessary, I would accept PCI-Pal’s reliance on a Gillette/Formstein defence based on obviousness over Proctor.