Applying cryptographic services to intellectual property

The market for cryptographic applications to intellectual property is booming. Blockchain solutions are now routinely proposed for the certification of IP assets, while emerging new platforms are leveraging blockchain technology to create new IP ecosystems. Concurrently, centralised cryptographic solutions have been proposed to generate evidence that would prove that a digital file (eg, one that represents an IP asset) existed at a specific point in time and that it has not been altered since.

There is also a need for customised solutions, where an in-house application could be interfaced with a timestamp server. For completeness, cryptographic solutions nicely complement AI systems for the management of IP rights over their lifecycle. As a result, more and more IP players are considering adopting cryptographic solution for IP applications. However, the question that naturally arises is which solution is best suited to their needs?

There is also the issue of how these solutions work and what their advantages and drawbacks are in legal terms. At a time of digital transformation, such questions matter as decision makers need to make crucial technological choices. Making the right decision becomes even more significant in times of limited operational capacity and budgetary constraints. In addition, digital certification services involve fairly complex cryptographic concepts and, as is to be expected, give rise to some misunderstandings among IP professionals. Besides blockchain-based paradigms, there are other cryptographic solutions that deserve the attention of IP players too. A recent example is WIPO’s centralised timestamping service, WIPO PROOF.

This article begins by examining blockchain-based certification systems and then centralised solutions, with an emphasis on the WIPO PROOF solution. Next, such solutions are compared; the consequences of the legal qualification of the cryptographic services are discussed; and the article then concludes with a list of key questions that IP players may want to ask of both themselves and potential service providers.

Blockchain distributed timestamping

A blockchain is a distributed ledger or a decentralised register involving networked computers. Information records are not stored in a single place, nor are they typically under the control of a single entity. Basically, a blockchain progressively stores new data records in blocks that are linked using cryptography. Each new block is linked to a previous block, which eventually forms a chain of blocks. The blocks are timestamped, hence the benefit for IP assets: a blockchain may be used as a registry for storing evidence proving that digital records (eg, embodying an IP asset) existed at a specific point in time (ie, the date and time of the timestamp). In particular, it may be used to generateevidence of the creation of original works or prior use of inventions.

One aspect that is often misunderstood by IP professionals is that data need not be stored in an unencrypted form in the blockchain (in fact, it is usually not). Rather, data is generally hashed – that is, transformed via a cryptographic hash function that reduces any input data to a unique string of fixed size. The string obtained is called a ‘digital fingerprint’, a ‘hash value’ or simply ‘hash’. Its hexadecimal representation typically looks like this: “752f768fe0c9df7da0…”. Input data can be of any type and any length; for example, it may be a text document (eg, a book, an algorithm or other data), an audio file (eg, a song, a jingle or a simple sound) or a video (eg, a movie or other video-based production).

Hash values of the input data can be compared to the fingerprints of humans. The hash function is a one-way function, meaning that it is practically unfeasible to invert it. Likewise, it is not possible to identify a human from a sole fingerprint without a list of indexed fingerprints. Different inputs to a hash function yield distinct hash values but the same input always leads to the same hash value, just like fingerprints are unique to every individual. Thus, one cannot obtain the initial input data from its sole hash value, but one can easily compare the hash values of different files; if the files differ, their hash values differ as well, subject to highly improbable collisions between the hash values. Accordingly, hash values can be safely logged on a blockchain, without disclosing the initial data used to obtain them.

Hash functions are used not only to conceal the data stored in a blockchain but also to link successive blocks. Namely, each new block includes a cryptographic hash from a previous block. Thus, two types of hash value should be distinguished:

• hashes of data logged in the blockchain; and
• hashes of blocks that are linked to form the chain (as illustrated in Figure 1).

As a concrete example, assume that a blockchain participant wants to secure IP rights (ie, copyright or prior user rights) for a given creation, such as an image, a 3D printing dataset, a sound or a text. The corresponding digital file is first transformed by a hash function into a hash value. The latter is stored in a given block (eg, block k), which further includes another hash value of contents of a previous block (block k – 1), so as to link the two blocks. In addition, each block is timestamped. This process is repeated for each new block created; all contents of block k are hashed, which yields a further hash value to be included in a subsequent block k + 1, and so on. This mechanism is illustrated in Figure 2.

IP players may want to use a blockchain to store evidence of successive versions of their creations. As the digital fingerprints (the hash values) of data logged in a blockchain are cryptographically signed, blockchain participants can, in principle, easily verify the ownership of data stored in the blockchain. However, the extent of the verification is subject to limitations discussed later.

A blockchain is decentralised; every node maintains a copy of the blockchain, such that records can be accessed from any of the nodes. As with other types of distributed ledger technology, a blockchain relies on a consensus mechanism to ensure the reliability of the validation of transaction blocks. The consensus mechanism, together with the chaining of the blocks, makes it extremely difficult to retroactively modify data stored in any block. Since modifying a block would challenge the logic of links to all subsequent blocks, an attacker would have to coherently modify all subsequent blocks for this modification to be accepted by the consensus mechanism. In other words, a blockchain guarantees, by design, the integrity of the data stored thereon.

To summarise, a blockchain is distributed and immutable. Since the original information does not have to be logged in an unencrypted form, creation dates for the data files can be certified without disclosing the corresponding data. In addition, records can be accessed even after the failure of one or more nodes. In contrast, a central database might more easily be subject to attacks and a single point of failure, and its contents may more easily be forged.

Drawbacks and comments

There are also drawbacks. To better understand them, some terminologies need to be introduced. First, a distinction should be made between public blockchains and private blockchains. Second, some blockchains are permissioned, while others are permissionless. Public blockchains such as the bitcoin platform have no access restrictions; anyone can participate. A private blockchain is managed by an administrator and is available only to selected participants. However, there are many mixed forms, which involve various levels of permissions. Third, a distinction must be made between actual blockchain registers (ie, blockchain platforms) and blockchain-like technology, involving protocols and cryptographic processes similar to a blockchain’s. For example, a private blockchain system may exploit Ethereum-like cryptographic protocols and processes yet be completely independent from the Ethereum cryptocurrency platform.

On the technical side, a blockchain is often described as a disintermediated system, where trusted third parties (ie, humans) are replaced by numerous computers. However, it can also be perceived as a reintermediated system, given that computers are themselves a form of intermediation, which have a cost as well. In that respect, one issue with blockchain is the central process unit utilisation and power consumption required by the numerous computers involved. However, this essentially concerns bitcoin networks, which involve a demanding consensus (proof-of-work) mechanism and manifestly have an environmental impact. Still, other types of blockchain rely on more permissive consensuses, which consume less power, hence the need to choose carefully which blockchain to work with.

As fingerprints of logged data are cryptographically signed, participants can, in principle, easily verify ownership. However, no trusted third party comes to ensure the identities of authors of the transactions logged in a public blockchain, where authors typically act anonymously or pseudonymously. Thus, proving ownership may be an issue, legally speaking.

Moreover, eluding trusted third parties in order to reduce transaction costs – as is usual on public blockchain platforms – precludes, in principle, the direct involvement of qualified trust service providers (QTSP) in the sense of the EU Regulation on Electronic Identification and Trust Services for Electronic Transactions (eIDAS Regulation), which notably affects the legal presumptions with respect to the electronic signature and timestamps generated. In accordance with the regulation, the fact that no QTSP is involved does not mean that timestamps and signatures obtained from a public blockchain will be denied legal effects and admissibility as evidence in legal proceedings. However, this will affect the burden of proof – as discussed later.

Nevertheless, solutions have been proposed that would solve this issue by complementing certifications obtained from a public blockchain with digital timestamp receipts issued by local authorities from different jurisdictions. In addition, specific blockchain set-ups (typically private or public, permissioned blockchain) may involve trusted third parties. However, in permissioned blockchains, access is limited or moderated, such that not everyone may be able to verify data logged thereon.

Besides, as mentioned earlier, a distinction must be drawn between popular blockchain networks (eg, bitcoin and Ethereum) and blockchain technology. For instance, blockchain technology can be leveraged to achieve a specific solution that, as such, is acknowledged as a qualified service (the provider then qualifies as a QTSP) in the sense of the eIDAS Regulation, as opposed to public blockchain networks, which cannot. This again illustrates the need to choose the blockchain solution carefully.

Another legal difficulty stems from the fact that a decentralised ledger may span multiple locations, making it difficult to establish the applicable law in some cases.

Centralised electronic timestamping

Another way to obtain timestamps is to use a timestamping service (or software), independently of any blockchain. Such solutions can be referred to as centralised (or local) timestamping solutions because timestamps are obtained from a single server, rather than decentralised blockchains.

Local timestamping solutions can be easily implemented by organisations to record when a digital item was signed. The cryptographic ingredients (eg, hashes, timestamps and signatures) are basically the same as those used in blockchains. A typical workflow is shown in Figure 3. First, a fingerprint (hash) is locally created for each document that a user wants to timestamp. This hash is sent to a timestamping authority (TSA), which concatenates a current timestamp to the hash received. The TSA does not see the original data as it cannot reverse the hash, owing to the one-way function used to obtain it. Next, the TSA signs the concatenation obtained (possibly after having hashed it) with a private key, thereby producing signed data. Finally, the TSA sends all relevant data to the user, who stores it carefully with the original document, in order to later be able to prove ownership of the document, if needed.

Using the TSA’s public key, anyone will be able to check the validity of the timestamp and the integrity of the signed data – assuming that the TSA’s public key is publicly available. However, the procedure is not always straightforward in practice.

The legal regime of local timestamps is prima facie simpler than that of blockchain, as all operations are normally performed on a single server, making it easier to identify the applicable law. Above all, a centralised solution may, in principle, be easily obtained from or interfaced with a trust service provider (eg, the TSA in Figure 3), including QTSPs under the eIDAS Regulation for benefits in terms of legal presumption. However, in practice, centralised solutions do not necessarily rely on QTSPs – as illustrated below.

Example of centralised solutions dedicated to IP assets: WIPO PROOF and e-Soleau

WIPO PROOF is an online timestamping solution for certifying IP assets and was launched on 27 May 2020 by WIPO. It works in a similar manner to the centralised cryptographic solution discussed earlier – namely, a user who wants to certify a digital file connects to the WIPO PROOF website, accesses a web application through a local web browser and selects a digital file to be certified. The local browser generates a hash of the file, using a one-way function, and this is subsequently timestamped and signed by WIPO PROOF, using a private cryptographic key to form a token. Importantly, the selected file is neither uploaded nor otherwise accessed by WIPO PROOF. Finally, the user downloads and stores the token, which may later serve as proof that the selected file existed at the date and time of the timestamp. WIPO PROOF further provides a convenient online tool to verify the token in a few clicks. An independent verification is possible in principle, provided that the public key of WIPO PROOF is available, but is not straightforward.

WIPO PROOF relies on a public key infrastructure. The simple process and user interface, the reassuring technical background and the non-intrusive scheme proposed (it never accesses the digital files) will satisfy the vast majority of users who occasionally need this type of service. However, the displayed prices suggest that the service is not adapted for frequent or systematic certifications of digital files. That said, custom bundles can be negotiated and the single token price is in line with similar solutions, such as the e-Soleau service launched by the French National Institute of Industrial Property (INPI) in 2016.

A major technical difference between the two centralised services, however, is that e-Soleau not only computes hashes of the user files, but also stores a copy of the files, whereas WIPO PROOF does not even access the files. This feature of e-Soleau may be a consequence of the early paper-based service that it aims to replicate, in which sealed envelopes are stored at the INPI for evidential purposes. As a result, the WIPO PROOF scheme is less intrusive and also more secure, inasmuch as user files are not stored on WIPO databases and thus cannot be hacked (at least not on WIPO databases). Conversely, the e-Soleau solution is more convenient for those who prefer to outsource the storage of their certified files.

As reliable and convenient as they may be technically, such centralised solutions are not accredited as qualified services in the sense of the eIDAS Regulation. There are various reasons for this. For instance, WIPO PROOF cannot become a QTSP, irrespective of the technical merits of the service proposed, because WIPO is a non-EU entity and thus a foreign entity. While it would, in principle, be possible for WIPO to enter into a bilateral agreement with the European Union to be granted qualified status, the organisation does not subject itself to such bilateral arrangements. This is unsurprising, given that WIPO is an international organisation and a specialised agency of the United Nations and, as such, operates on a multilateral framework.

As a result, the resulting timestamps may have to be considered as simple timestamps in the sense of the eIDAS Regulation, to be on the safe side. Thus, they will be admitted in court, as a matter of principle, but data owners will not necessarily enjoy a favourable evidential presumption. However, this must be nuanced, given that the reputation of the providers of WIPO PROOF and e-Soleau may be perceived favourably by the courts. Plus, the technical aspects of such solutions are well documented and, given the seriousness of the proposed solutions, a court may decide to assimilate the resulting timestamps to qualified timestamps in the sense of the eIDAS Regulation.

Still, even if the courts do not challenge the cryptographic processes used by WIPO PROOF or e-Soleau, users may have to prove ownership of their original files during a dispute (just like IP players who use a public blockchain to certify their IP assets), as no trusted link can be established between the tokens and the data owners, as with many other cryptographic solutions. Thus, users may potentially have to cope with several legal presumption issues.

Comparison between centralised and decentralised schemes: what matters, legally speaking

Involving a QTSP or being accredited as a qualified service allows so-called ‘qualified timestamps’ and ‘qualified signatures’ to be obtained, which favourably affects the burden of proof. More precisely, a timestamp will enjoy the presumption of accuracy of the date and the time that it indicates and the integrity of the data to which the date and time are bound, according to Article 41.2 of the eIDAS Regulation. Similarly, an electronic signature process involving a qualified signature is initially presumed to be reliable. Cryptographic solutions that are not qualified cannot guarantee a favourable legal presumption, even though they will be admitted in court. This is meant to be fair, given the guarantees offered by qualified providers as to the signature and timestamp processes used and identities of the transaction authors. Thus, IP players may want to ensure that a QTSP is involved, to enjoy a favourable presumption. Otherwise, the classic rules will apply, whereby the burden of proof lies with the party asserting its rights – although such presumptions can always be reversed in court proceedings.

Despite obvious advantages, QTSPs have jurisdictional limits. For example, a trust service provider that is acknowledged as a qualified provider in the European Union may not be acknowledged as such in Switzerland, and vice versa. Still, nothing prevents service providers from obtaining qualified status in several jurisdictions. Note the jurisdictional limits of qualified providers similarly affect centralised solutions and specific blockchain-based solutions that involve trust service providers to complement blockchain timestamps. Thus, IP players may not only want to ensure that one or more QTSPs are involved, but that these are carefully chosen, taking into account the jurisdiction(s) where they want to benefit from a favourable presumption.

Centralised solutions versus decentralised (ie, blockchain) solutions

Regardless of whether they are qualified, electronic signatures and timestamps are explicitly acknowledged in several jurisdictions, thanks to the European standardisation of the eIDAS Regulation, and thus enjoy a legal basis. As both centralised timestamping services and decentralised blockchain solutions involve electronic signatures and timestamps as fundamental components of their operation, it is tempting to conclude that they enjoy a clear legal framework. However, some aspects are not explicitly covered by the law (eg, the decentralised architecture of blockchains spanning multiple countries, which are not necessarily member states of the European Union) and raise additional questions (eg, what is the applicable law?). Such questions must be addressed by case law and specific legislation.

As discussed earlier, what eventually matters – legally speaking – is the qualification of the signatures and timestamps involved in the process, be it local or decentralised. Another potential issue for the data owner is proving ownership of the initial data files, hence the benefits of qualified services or providers, which ensure favourable legal presumptions.

Therefore, it is essential for IP players to decide whether they want to enjoy a favourable presumption and where they want this presumption to apply, and to then carefully investigate the types of signature and timestamp used by the cryptographic solution that they consider to adopt. If they want to be sure to benefit from a favourable presumption, they need a solution (whether centralised or not) involving a QTSP or accredited qualified service in the jurisdictions of interest to them.

Technically speaking, some may find it simpler and more environmentally friendly to rely on an IP-oriented centralised service to sign and timestamp their data, especially users who only need such a service occasionally. However, others may prefer to rely on a general certification solution or a blockchain interface, especially those who seek to systematically (and thus frequently) certify their data files, mainly for cost reasons.

For completeness, nothing prevents IP players from developing customised solutions, for example, interfacing an in-house application with a (qualified) trust service provider, to pull down (qualified) timestamps. But again, costs will matter, given that services provided by (qualified) trust service providers are unlikely to come for free. Still, customised certification solutions may be cheaper and, eventually, favourably affect the burden of proof.

Downsides of cryptographic solutions

It should also be remembered that most digital certification services – whether centralised or decentralised – have drawbacks. To start with, users must be sure to keep data files unaltered over time. This is not as simple as it seems because of the dynamic content that files may contain, let alone the fact that they may be accidentally altered or deleted by users. Not all certification services address this issue. If the original files used to obtain the timestamps are modified even slightly, it will no longer be possible to verify them. Therefore, users should not only ensure that their data files are stored safely, but also consider using long-term archiving digital file formats, such as those available under the PDF/A standard.

Moreover, the underlying cryptographic algorithms might fail in the long term as they may be broken or become obsolete. Thus, there is no guarantee that the timestamped hashes will remain valid evidence in the long term.

Despite these drawbacks, cryptographic certification solutions remain attractive compared to schemes based on regular mail and emails. Indeed, such schemes are impractical for, if not incompatible with, systematic (and thus frequent) registrations of large data files. While emails (eg, sent to oneself) can be systematically implemented and easily automated, these can be intercepted and forged. Internal email systems are more secure but no less forgeable. In all cases, the reliability of email evidence may easily be challenged in court.

Questions to ask when looking for a suitable digital certification service

Finally, there are a number of questions – with regard to costs, legal aspects and technical aspects – that may be worth asking when looking for a suitable certification solution (see Table 1). Of course, some technical questions may have legal consequences.

Complementary not a substitute

Centralised timestamping services (or software) and blockchains are appealing solutions for securing limited IP rights, especially for numerous and/or large data files. Centralised solutions are less power intensive and may, in some cases, be legally clearer as they make it easier to establish the applicable law. Unlike solutions based exclusively on public blockchains, local timestamping solutions may, in principle, directly involve QTSPs in the sense of the eIDAS Regulation. QTSPs give better guarantees in respect of the identity of the data owners and the reliability of the signature and timestamp processes. Quite logically, this favourably impacts the burden of proof. However, in practice, the existing centralised certification services directed to intellectual property are not necessarily recognised as qualified services or do not necessarily involve a QTSP. Beyond local timestamping solutions, specific blockchain-based solutions (or hybrid solutions) may also involve QTSPs. This illustrates that IP players should carefully consider the range of available cryptographic solutions, if not develop their own solutions.

In view of the available solutions, it may be concluded, as a rule of thumb, that centralised solutions are more convenient for casual users (ie, users who want to occasionally certify IP assets). However, IP players wishing to frequently or systematically certify IP assets may prefer blockchain-based solutions, which are normally less expensive. That said, prices will likely evolve as IP digital certification is still in its infancy and competition is meant to grow.

Of course, the cryptographic solutions discussed here allow only some proof of possession to be established. This can certainly be useful to ascertain the existence of copyright or prior possession. However, the IP protection obtained is narrow at best. Such cryptographic solutions do not give rise to exclusive rights such as those provided by trademarks, designs or utility patents, which enjoy a clearer legal basis but still require filing an application at a trademark or patent office.

Thus, cryptographic solutions can be used as part of an IP management strategy, but as a complement to – rather than a substitute for – formal IP rights. Still, when it comes to IP rights that have no registration requirements, cryptographic solutions may soon be the norm.