Smart cards are credit card-sized plastic cards that contain a microprocessor and a small amount of memory.It helps here to know a little bit about how public-key cryptography works. When you want to send an electronic document securely to another person, but the transmission path is insecure (for example over the internet), the document needs to be encrypted somehow. If you and the recipient have a code that only you and they know, you can use this code to encrypt the document and the recipient can use the same code to decrypt the document at the other end. Someone obtaining the encrypted document along the way would only be able to get at the document if they either know or can work out the key. This is known as symmetric cryptography. The downside of this is that the key for encryption and decryption needs to be kept secret, as well as being shared by the sender and recipient. This is obviously difficult to achieve, particularly when the parties are far away from each other. A better way is to make the encryption and decryption asymmetric, where a different key is required to encrypt and decrypt. The sender can then encrypt the document using a public key, and the recipient can decrypt it with their private key. The encryption key can safely be made public, since knowledge of one cannot easily result in knowledge of the other (unless perhaps you know an easy way of factoring large numbers into primes; fame and fortune awaits if you can do it). The advantage of this is that anyone can find out a public key, and can encrypt and send documents to the recipient without needing to share anything with them beforehand.
The EPO decided very early on in the planning process for its online services that the certificates which would allow users to conduct secure transactions with us would be stored on smart cards. Unlike passwords, smart cards allow us to provide the more secure two-factor authentication, comprising something that is held (the card) and something that is known (the PIN.) Two-factor authentication means that PINs can be simpler and therefore easier to remember than with a password, since, without the card, the PIN is useless, and vice versa. Also, the simpler PINs are not susceptible to brute-force attacks because the smart card locks out after several unsuccessful attempts to enter the PIN.
In addition to being small and portable, smart cards afford a much higher level of secure storage for certificates than, say, if they are stored on a hard drive. They offer tamper-proof storage of the user's private keys and digital certificates, are highly resistant to unauthorised deletion or copying of the certificates and keys, and any attempt to tamper with them requires significant effort which would invariably result in physical damage to the cards themselves. Also, it is easier to spot the loss or theft of a card than of a certificate stored on a computer.
The EPO's online filing software uses asymmetric cryptography, but in a different way. Instead of using a public key to encrypt an electronic document, the sender (i.e. the patent attorney) uses a private key, which is accessible via their smart card in combination with a secret PIN, to sign (i.e. encrypt) the documents to be sent to the EPO [this is not quite how it works, as explained in one of the helpful comments below, but the general principle is the same]. Since these documents can only be decrypted by the other (public) key, this provides an assurance that the documents were signed by the person authorised to do so. This is known as non-repudiation, and is of course an essential feature in ensuring that whoever signs is taking responsibility for what is being sent. Another feature inherent in this system is that the signed documents can only be sent in their entirety, and cannot be amended in any way once they have been signed. This allows another feature of the EPO's online filing software to work, which is that an electronic receipt is issued once a signed set of documents is successfully received by the EPO. This receipt always includes a "Message Digest", which is a string of hexadecimal codes that is uniquely derived from the content of what was transmitted, presumably the result of a hash function performed on the signed documents.
All this should be fairly simple for a patent attorney to understand, particularly if they deal with anything computer-related in their day to day work. Once the basic principles are understood, it should be clear that electronic filing, as well as providing a convenient way to transmit documents to the EPO, provides much greater assurance to the sender that what was sent has actually been received. Compared to the old way of doing things, where a set of paper documents would be signed off by the attorney and then be passed through several pairs of hands before arriving at the EPO, electronic filing provides much more assurance to the nervous attorney who might be worried about getting things done correctly.
All this is by way of introduction to a recent EPO Boards of appeal decision T 1101/14, which I noticed on the PatLit blog here. The case relates to EP application 08743225.8, which was refused by the examining division in December 2013. The applicant then appealed the decision, their attorney filing a notice of appeal the following month. The attorney then filed a statement of grounds of appeal, together with several sets of claims as main and auxiliary requests. Shortly afterwards, the EPO issued a formalities report, indicating that the grounds of appeal had not actually been filed. What had been sent was only a one page cover letter, and the statement of grounds with the supporting arguments had not been included. The attorney then requested re-establishment of rights, arguing that the missing grounds had been the result of "an isolated error of a suitable experienced and normally reliable secretary". The attorney had not noticed that the grounds were missing, but argued that "the two errors were uncharacteristic and isolated mistakes in an otherwise secure system". The board indicated that they had no doubts regarding the professional qualifications of the secretary, nor of the quality of supervision by the representative, but considered that "signing the wrong documents is incompatible with all due care unless special circumstances are invoked which could justify the representative's mistake in a particular case, thus following the cited reasons of T 1095/06" (point 6.5 of the reasons). In this case, there were no such special circumstances, and the request for re-establishment was refused.
Among the arguments submitted by the attorney was one that struck me as being quite odd. This was summarised in point 2.3 of the reasons, relating to why the attorney had not noticed the error when the filing receipt indicated only two pages in the letter of appeal and did not indicate the presence of a 12 page document. The board stated:
The representative has however argued that she does not - and is not required to - check the electronic acknowledgement of receipt, as this is a secretarial task. She explained that, according to the procedure for electronic filing used in her office, the primary purpose of the acknowledgement of receipt is to confirm that the documents received at the EPO tally with the transmitted ones so that, in the case of a transmission problem, some or all of the documents can be sent again.Given the explanation I have provided above of how the online filing software works, this seems to me to indicate such a basic lack of understanding that the error resulting in the missing grounds of appeal was almost bound to happen at some point. Contrary to the view expressed by the attorney, it would never be the case with online filing that only some of the documents would be sent. Instead, it can be either all or nothing. If a filing receipt is issued, this is a definite indication that what was signed was received by the EPO. Electronic filing does not work in the same way as operating a fax machine, where sometimes pages can be skipped so it is always essential to check that the correct number of pages has been transmitted.
So what lessons should be learned from this? The main one, to my mind, is that when using online filing it is of utmost importance that the attorney checks the documents that are going to be sent on screen, and not in the form of a printout. Many attorneys still prefer to check printed documents, but this cannot provide assurance, regardless of how reliable your secretary is, that what is being checked is the same as what has been uploaded. Another lesson, however, which shouldn't really need to be learned by any attorney, is that the patent attorney is the one that has to take ultimate responsibility for what is signed and sent to the EPO. Blaming secretaries is not usually going to work.
I totally agree, particularly with respect to the comments in the final paragraph above.
ReplyDeleteI was manager of the patent department in a global company, when we decided to start using on-line filing in about 2004/2005. At that time we held an internal meeting including all attorneys and secretarial staff to discuss the new procedure. Unsurprisingly, we agreed that whatever was filed (on-line) was the sole responsibility of the attorney for a particular case, whether or not their secretary had prepared the necessary electronic forms for filing. We agreed that it was up to the attorney to check the forms – in fact we felt that this provided an additional check, which would highlight any errors ! (Note: at this time on-line filing was still relatively new, the system was much less forgiving and secretaries help in completing the forms saved time and was greatly appreciated.)
Very interesting. Sounds like a sensible system to have. I suspect the same is not the case still in some private practice firms.
DeleteIt doesn't make any real difference to the point you're making (which I agree with entirely), but I don't think the signing process works quite how you've said. Rather than encrypting the documents with the sender's private key, what I think happens is that the documents are hashed, and then it is only the hash that is encrypted with the sender's private key. (This requires much less processor time, and means you can send the documents unencrypted without also having to send them all encrypted as well just to prove provenance - saving a lot of space as the encrypted hash is a few bytes rather than potentially many MB.)
ReplyDeleteThe documents and encrypted hash are then sent as a WASP file (a "wrapped and signed application package", the wasp.dat file you can see if you export a signed submission from the EPO's online filing software.)
You would hope that the EPO then decrypt the hash using the public key, create their own hash of the documents sent, and check the two match to confirm everything was received. A less preferable alternative, but one that would save the EPO processor time, would be to do nothing on receipt and only do any decrypting, re-hashing and comparison if a dispute over what was sent/received actually arose. Presumably, at the least they either hash or decrypt themselves, to produce the "message digest" sent back on the receipt. It would be nice to know exactly what is done, I think.
But anyway, you're entirely right that the idea that a few pages might "go missing" as they would with a fax betrays a fairly basic misunderstanding of the way the online filing system must work.
Thank you very much for the explanation. I admit I was making a few guesses about how it worked, as I couldn't find the technical details. Glad to see I got the basic principles right though.
Delete