We’ve all heard the one about the author posting their manuscript to themselves (and friends) and keeping the unopened envelopes as proof of creation date. This so-called poor man’s copyright has been digitised by the World Intellectual Property Office(WIPO) with its new service ‘WIPO PROOF’. This WIPO service will be of particular interest to tech businesses rich with IP rights not capable of registration, namely copyright, trade secrets, and research data.
The service will allocate a secure digital timestamp to any intellectual asset in the form of a digital file uploaded to the WIPO Proof system. A WIPO Proof Token is "tamper-proof evidence which you can use to prove that your digital file existed at a specific point in time". This theoretically prevents IP disputes by providing proof of existence. It uses a combination of algorithms to create a digital fingerprint which is digitally signed by public and private keys. One single WIPO Proof token costs 20CHF (about £16) and lasts 2 years (bundles of tokens can also be purchased for a reduced rate).
One digital timestamped token is kept by the owner; another is kept by WIPO Proof in its secure servers in Switzerland. It is possible to validate a WIPO Proof Token and check the time stamp through the WIPO Proof System. There is no charge for third parties to do this.
WIPO Proof uses Public Key Infrastructure (PKI) technology which is fully compliant with the RFC 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). PKI has been described as the definitive standard for secure cryptographic timestamping. The European Network and Information Security Agency (ENISA) recommends PKI for a WIPO Proof type of service as it provides a framework for secure communication and transactions between organisations and individuals that comprises software and a set of rules, policies and standards.
However, like all technologies, PKI is not without its risks. Despite its much-lauded security benefits, it is still vulnerable to threats from attacks on the Certification Authority (a third party trusted system used by PKI technology to provide the digital certification) providing the certificates, theft of the digital certificate itself, theft of the code behind the system and the certificate and Denial of Service attacks generally. A telling reminder is the 2011 cyberattack of DigiNotar, a Dutch Certification Authority, who provided certificates under their own name and also on behalf of the Dutch government. The authority went bankrupt as a result.
WIPO Proof is a welcome development to help address that often problematic issue of determining who created what when. We wait to see how the service is picked up by the public and whether WIPO Proof tokens becomes a standard part of company due diligence.
Thank you very much to Emily Costello for her research in preparing this blog.