Friday 17 December 2021

Digital Signatures and Digital Signing

Adding a signature to a document is fundamentally a way of providing assurance that the person whose signature it is has approved of its contents. A signature by itself is, however, not a very secure way of doing this. Handwritten signatures can be easily forged, copied or even machine written. Especially when provided in copied form, there is no definitive way of telling whether a signature on a document is genuine and actually proves that the person did in fact sign the document. 

Do these signatures look genuine?

To get more assurance, it is possible for example to get a notary to certify that a signature is genuine, the notary then being used as a trusted third party that is vouching for the signature being genuine. For further reassurance, the document itself can be protected from being altered by adding ribbon and seals, which provide assurances that the document that has been signed has not changed since being signed. Doing all this takes time and money, so in practice it is often taken on trust that a signed document is genuine. For documents relating to patent proceedings at the European Patent Office, the UK IPO and elsewhere, the office will accept a copy of a signed document and assume that it is genuine, the assumption being that the document was originally hand signed and then copied, provided it looks real. 

How can you tell this signature is genuine?
The process of using copies of genuine handwritten signatures and filing these online in pdf form at the EPO, typically to register an assignment, is standard practice and usually works without any trouble, provided the formal requirements of being able to identify the assignor and assignee are met and that duly authorised representatives of both parties have signed. I have personally arranged to have many assignments recorded at both offices this way with no trouble, even though in many cases I did not and could not verify myself that the signatures were genuine. Over the past couple of years, however, as personal contact has become the exception, there has been more interest in the use of digital signatures. The problem at the moment is that many people still do not actually know what one is, let alone how to properly use one. 

At risk of stating what should be the obvious, a digital signature is not something that is written by hand or pasted on a computer screen that looks like one written by hand on a piece of paper. It should be clear that this type of signature is far too easy to fake. If spotted, such signatures should be (and often are) rejected. Even if you sign by hand your actual signature on a computer screen, the proof that it was you is non-existent because anyone else could have done the same by copying and pasting an image of your signature from somewhere else, the result being indistinguishable. 

A real digital signature is something quite different. A digital signature, if done correctly, performs all the original functions of a genuine original handwritten signature but without the need for an authenticated paper copy. To work, a digital signature must be kept in its original form along with the document it is supposed to be authenticating. Without the code making up the digital signature, in combination with the original document, the signature is meaningless because it cannot be verified, defeating its whole purpose. A common confusion I have seen is when a scanned pdf is presented with what seems to be a digital signature, but the process of scanning has stripped it out, leaving only a mark on a computer file that suggests it was signed. This is, of course, useless and not even as good as a scanned copy of a handwritten signature.

To go back to basics, digital signing at its heart involves asymmetric cryptography. A user who wants to sign something will have a private key, which they keep to themselves, and a public key, which is open for all to see. The user can apply their private key to a document (or, in practice, a hash of a document) to produce a signature string. Anyone else can then use the combination of the document, signature and public key to cryptographically prove that the user's private key was used to sign the document. The signature therefore proves that the document was signed by the user. The only assumption made is that nobody else had access to the user's private key. It is fundamental to the ability to verify the signature that the document and signature are kept together and in their original state. If either is altered by even one single bit, the signature will not validate. 

An example of digital signing I have used before relates to how the Bitcoin system works. Bitcoin addresses (P2PKH types) are representations of the public key part of a public-private key pair. The owner of the bitcoin associated with an address is in possession of the private key and therefore only they are capable of 'spending' the bitcoin. In practice, transferring ownership from one address to another involves a process of digital signing, in which the owner signs a transaction with their private key to the effect that only the owner of the private key of the recipient address can then do any further transactions with whatever is sent to that address. Since all transactions are publicly available, anyone can verify how much any particular address contains. Another feature is that the owner of an address can verify that they own it by digitally signing a message linked to the address. An example I have used before is the following:

I, Tufty Sylvestris, confirm that I am the owner of the following address.

bc1quklwszfchvfzpxa7wk8pge7ykczcg0pv54wc8a

IA0TdtltWrzK62rDVw/WkZ36hNOGshhw8UFXySK7VFY9Nv5mQWr6B3aXpDpFH15gPH7uUJsPzlLB/T+eKkXjMWo=

To go back to the principle of signing documents, the message part corresponds to the document. The message is signed with the private key corresponding to the address, resulting in the signature string. Anyone can then verify that the signature is genuine by copying these components into a signature verifying tool, such as the one provided within the Electrum Bitcoin wallet, or one available online. You do, however, have to be very careful that the tool you are using for verification is not in some way compromised or you could be easily fooled

An additional problem with using just a public-private key pair is that you do not necessarily have a link between the owner of the private key and a specific person unless you have some other way of figuring out who the owner of the private key is. To take a well known example, the owner of the private key to address 12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX is, beyond any reasonable doubt, the person who was behind the pseudonym Satoshi Nakamoto because this address was the destination for the very first 50 (spendable) bitcoin that were mined on 9 January 2009. 

For any normal use, it is necessary to provide a link between a private key and an actual person. A usual way to do this is for private keys for use in digital signing to be issued and certified by trusted authorities. For the EPO, this is done by a user's private key being securely stored on a smart card issued by the EPO to a patent attorney together with a PIN. With possession of the PIN and the smart card, the attorney can sign a document to the satisfaction of the EPO. Documents can only be signed with physical possession of the card and knowledge of the PIN, providing a decent level of security. This works very well for everyday activities of an EP attorney, who can use their smart card to digitally sign documents that are sent online to the EPO. The same principle can also be used to sign any documents. I can, for example, take any pdf document and apply a digital signature from my smart card that proves I signed the document. The document with its signature attached could then be sent to someone who wanted evidence that I signed it and they would be able to verify with a single click that the signature was valid.

The EPO has recently announced, in the November 2021 issue of the Official Journal, that "a qualified electronic signature" will be "considered to fulfil the legal requirement for a signature with respect to data in electronic form in the same way that a handwritten signature does with respect to data on paper". On the face of it, this seems quite straightforward. Provided the digital signature can be verified, the EPO will accept it. Clearly a signature produced using an EPO-issued smart card will work. Other signatures should also work, such as those issued by Docusign, which are increasingly common. The key, however, is that it must be possible to verify the signature. As a patent attorney, if I am asked whether something will qualify to be used in support of, for example, a request to record an assignment, the answer should be simple. If I can verify it myself, it should be ok. If I am presented with a copied pdf with a stamp stating that it has been digitally signed, the answer is of course no. 

Another feature of the new rule is that, as I know from recent personal experience, documents that have been signed on screen and passed off as handwritten signatures are now more likely to be rejected. Under the new provisions, before trying to record an assignment that looks like it might have been signed on a screen rather than by hand, ask yourself whether it looks like it meets the requirements and, if not, go back to your client and ask how the document was signed. 

Wednesday 8 December 2021

Missing the non-obvious

The laboratory technique of Polymerase Chain Reaction (PCR) will by now be well known, at least in principle, to most people from its extensive use in testing for a particular virus. In very simple terms, PCR is a method of amplifying a DNA target sequence through repeated heating and cooling cycles that amplify the target sequence until it reaches a level high enough to be detected. PCR can therefore be used to detect extremely small amounts of a particular sequence, provided enough cycles are used. As the inventor Kary Mullis put it, "you can find almost anything in anybody" (see here). How many cycles are used is therefore critical to how much reliance you put on the results, particularly if you are using it to diagnose the presence of a virus (the RNA sequences being converted to DNA for RT-PCR testing). 

To have confidence in the results, a PCR machine will need calibrating and validating to ensure that the thermal cycling is accurately and repeatedly carried out and that the amount detected after each cycle is accurate. If this is done properly, the technique can be used to establish quantitatively as well as qualitatively what was present in the original sample, i.e. not just whether something was there but also how much.

Fluorescent dyes can be used that allow measurements to be made that correlate the amount of the detected substance with a fluorescent response, which allows an instrument to be calibrated and validated so that it can be known how a measured response corresponds to an amount of material present. Such dyes might, for example, be used in the form of a standard solution put in a PCR machine to establish a calibrated level.

GB patent application 1421819.2 disclosed the use instead of a fluorophore suspended in a thermoplastic polymer matrix, for use in PCR validation. A PCR tube made of the polymer (shown here on the right, the sole drawing in the application) with a fluorophore suspended in the polymer, allowed a spectrometer to detect a known level of fluorescence so that the PCR machine could be validated. Claim 1 of the application as filed read:

1. Use of a fluorophore suspended in a thermoplastic polymer matrix, which fluorophore suspended in a thermoplastic polymer matrix has fluorescence characteristics within a predetermined uncertainty budget, wherein the polymer matrix is selected from the group consisting of: poly methyl methacrylate (PMMA), polycarbonate (PC), polyoxymethylene (POM), chlorinated polyvinyl chloride (CPVC) or PVC/Acrylic copolymer to validate a thermal cycler.

The examiner objected that the claimed invention lacked an inventive step, given that suspended fluorophores were known and the choice of polymer was obvious. The applicant was unable to get over this and the issue came before a hearing officer at the UK IPO.  By this stage, claim 1 had been amended to add a few more features:
1.  A method of validating a thermal cycler, characterised by the steps of:   
    suspending a fluorophore in a thermoplastic polymer matrix, wherein the fluorophore has fluorescence characteristics within a predetermined uncertainty budget, and wherein the polymer matrix is selected from the group consisting of: methyl methacrylate (PMMA), polycarbonate (PC), polyoxymethylene (POM), chlorinated polyvinyl Chloride (CPVC) Or PVC/Acrylic copolymer, and the thermoplastic matrix is cut to the shape of a PCR tube; and   
    validating the thermal cycler using measurements obtained in the thermal cycler and the predetermined uncertainty of the fluorophore:  
    wherein validating the thermal cycler includes confirming that the measurements obtained the thermal cycler match the fluorescence characteristics of the fluorophore within the predetermined uncertainty budget.
The examiner still objected that the claimed invention lacked inventive step because it was known to use fluorophores to validate a PCR machine and the choice of polymer was obvious, all of them being well known polymers. What neither the examiner nor the applicant argued though, at least until they were prompted to by the hearing officer, is whether the feature of the "thermoplastic matrix is cut to the shape of a PCR tube" was significant. The hearing officer looked through the two documents cited by the examiner and concluded that neither document actually disclosed a thermoplastic polymer matrix, in which a fluorophore is suspended, being cut to the shape of a PCR tube. Based largely on this, the hearing officer found that the skilled person would not be motivated to provide such a PCR tube based on the documents. The claimed invention was therefore not obvious and the application sent back to the examiner to conclude proceedings. 

The lesson to be learned from this should be obvious, which is that you should always take care to check what it is you are claiming as the invention and argue on the basis of any and all differences over the prior art. It really shouldn't be necessary to rely on the examiner or a hearing officer to do it for you.

Friday 23 July 2021

Use Your Imagination

I get quite tired of reading decisions from the UK IPO each month on section 1(2), largely because there are so many of them and they tend to follow the same basic structure, which is:

  1. Examiner objects that the invention is excluded as a computer program / business method / mathematical method etc.
  2. Applicant ('s attorney) disagrees and argues, often making inconsequential technical sounding amendments.
  3. Hearing officer follows the usual route of assessing the invention with the Aerotel 4-step test and AT&T/CVON 'signposts' (see here for more about a technical effect, which has not really changed since 2013 at least).
  4. None of the signposts indicate the presence of a relevant technical contribution.
  5. Application is refused. 

The stream of applications following this route and being refused as a result has been pretty steady for the past few years, with usually a handful each month. Occasionally there will be a different result, where the applicant has managed to pull out a technical effect that persuades the hearing officer there is something there after all, but these are few and far between and do not affect the general procedure of how borderline cases are assessed. Every so often though, there is one that bucks the trend and comes up with something potentially interesting. There was one last month that I thought interesting enough to comment on, which related to applications in the name of Imagination Technologies Limited (BL O/420/21). 

The applications (there are several) related to a data processing system for determining median values for a stream of data, in which intermediate values were used to allow values already calculated to be used in calculating a subsequent median value, somewhat similar to calculating a rolling average. The applicant had already managed to get one application granted (GB2587590B) to this way of calculating median values for a data stream that was specified as being audio samples of an audio signal or signal samples of a transmitted signal. They also, however, filed three divisional applications to versions of a more general system that was not specifically linked to what the data represented. The difference was in how the invention was claimed, in that the divisional claims included much more specific detail about the system being embodied in hardware on an integrated circuit. The extent of disclosure in the applications of the type of hardware used was limited to the (fairly usual) way of representing hardware, the most detailed one being in Figure 7, shown below. 

The examiner had objected that the way the invention was claimed did not make any difference, and considered that the invention was not allowable because the type of data stream was not specified and the claims had not therefore been 'tethered' to the real world. This, of course, brings to mind the well-established case law dating back to Vicom (T 208/84) at the EPO, which is still being followed at the EPO and UK IPO. According to this case law, provided the data being processed relates to something technical, for example an image (in the case of Vicom), it is possible to be patentable if the method is new and inventive. If this is the case, it does not matter what form the invention is claimed, and claims to computer programs themselves, in whatever form, are also allowable provided they have this 'further technical effect'. Following this principle, it should be clear that it would not make an invention patentable just by specifying that it is embodied on hardware. The Court of Appeal decision in Gale's Application [1991] RPC 305 makes this clear in the UK too. 

In this case, the applicant argued that the invention was technical because it was specifically embodied in hardware and was not therefore a computer program or a mathematical method as such. The hearing officer tended to agree with this and thought that the application did point towards a hardware implementation, largely because the claimed inventions referred to "fixed function circuitry" and "dedicated hardware", which in the hearing officer's view meant the same thing. The invention had therefore to be construed as a piece of hardware and not a computer program. 

On the mathematical method question, the situation was complicated by Gale's Application, in which a ROM was programmed to perform an improved square root calculation method. Substance should rule over form, according to the Court of Appeal, and this could not be enough to escape the exclusion. Nevertheless, the hearing officer agreed with the applicant that, because the invention was in "fixed function circuitry", its implementation was not conventional and was not simply a generic ROM including programmed instructions. This was enough to distinguish it from Gale. This got the application over the line and the remaining steps in Aerotel and AT&T/CVON were passed, resulting in the claimed inventions being allowable. 

There was, however, a twist in the tale. Before sending the applications back to the examiner to get them allowed, the hearing officer noticed that there were still claims in the applications directed to a computer program that would cause the integrated circuit to carry out the claimed method. Rather than finding that this would entirely contradict the applicant's arguments that the way the invention was implemented was specifically on dedicated hardware and not on a computer program, the hearing officer instead simply stated that these claims had to be deleted. 

This is only a decision of a hearing officer at the UK IPO and therefore not precedential. Further decisions may well disagree with it. It does, however, suggest that applications directed to what are in reality mathematical methods embodied on software could be patentable in the UK if they are described as being specifically implemented on hardware. This tends to go against everything that I have seen on this subject since I first started looking, but I expect there will now be others that will want to have a go at the same kind of arguments. Let's see how that works out.


Thursday 6 May 2021

Cargo Cult Patenting

I wrote a while ago about an important point to learn when training to become a scientist or a patent attorney, which comes originally from a lecture given in 1974 by Richard Feynman to students at Caltech. My point then, which was about not taking anyone's word for it (nullius in verba), is of course important and still very relevant in today's world, if not more so. It recently occurred to me, however, that there is another way of looking at it when considering why some people file patent applications.

The key story in the lecture is that, during the second world war, some islands in the Pacific were taken over by the USA and used as bases for air raids on Japan. Some of these islands were inhabited, often by relatively primitive and technologically unsophisticated people. These people were fascinated by all the amazing stuff that was brought in by American aeroplanes. By the end of 1945, however, this all stopped as the war ended and the military went away. The islanders, who by then had become used to all this stuff, were upset and wanted it to continue. Not understanding why the aeroplanes came in the first place, they did what they thought was necessary, which was to try to reproduce everything that they could remember happening at the time the aeroplanes did come. As Feynman tells it, the islanders "arranged to make things like runways, to put fires along the sides of the runways, to make a wooden hut for a man to sit in, with two wooden pieces on his head like headphones and bars of bamboo sticking out like antennas—he’s the controller—and they wait for the airplanes to land. They’re doing everything right. The form is perfect. It looks exactly the way it looked before. But it doesn’t work. No airplanes land".

This brings me on to thoughts about why people decide that they want to get a patent. The fundamental reason, of course, is to try to get protection for an invention so that the invention can be monetised in some way, whether this is by selling the product or service protected by the patent to the exclusion of others or licensing the patent to get royalties from others who want to use your invention to make money and need your permission. Patents are also an important tool in raising and securing investment. If you are starting up a new company to develop new technology, it is often crucial to be able to get some patent applications filed so that investors can have more confidence that there is something that the value of their investment can attach to. Even if the company cannot hope to make the patented product themselves, there is the possibility of using a patent as leverage to make others pay. Sometimes this can turn into patent trolling, where companies acquire patents solely for this purpose, but in many cases the patents did at some point result from actual innovation, even if the patents have changed hands since then.

A further reason why someone might want to get lots of patents has, however, now occurred to me. If, let's say, you are in a position where you know enough about a technical field to bamboozle most people, but have not actually come up with any new and useful inventions yourself (because you don't actually understand the field in a practical way), it may be possible to fool some people with lots of money that you are very innovative and worth investing in by filing patent applications that hardly anyone can understand, especially (and most importantly) the people with money. It may even be possible to draft your patent applications in such a way that they look to the untrained eye very much like real inventions and even have features that provide a genuine novel distinction over the prior art and to which a non-obvious technical effect can be associated. If you file enough of these applications, it is practically certain that some will get through the system and be granted, even by an office as strict as the EPO. The inventions themselves will, of course, be actually worthless because they do not represent a real advance on anything. Their  real worth is instead in generating patents that keep the money flowing rather than protecting any new and inventive developments. While the money keeps coming in, their worthlessness in terms of innovation doesn't matter. You can even start making vaguely threatening noises about how your patent armoury is becoming larger and that others should start to watch out in case you decide to start infringement proceedings. You should not, of course, be too specific about what is being infringed and how to avoid being pinned down to specifics. All this can be drawn out over a period of years while the market is still rising and the money keeps coming in. At some point, however, the likely outcome is that it will all come to an end and some people will lose lots of money. By that point you will hopefully have moved on with your huge gains and left someone else holding the can containing the worthless collection of junk you have built up with other people's money. 

I wonder if this might ring true to anyone?

Friday 12 February 2021

UNION-IP Winter Roundtable 2021

 


The Union IP Roundtable, held annually towards the end of February, is a regular feature in my calendar. In previous years I have attended the meeting at the DPMA in Munich to hear discussions of various topics relevant to patent practitioners across Europe. I attended my first one as a speaker, presenting my ideas on partial priority a little while before the Enlarged Board of the EPO agreed with me. Since then, topics have covered "Smart IP", literal and non-literal infringement, and indirect infringement. The topics and speakers are always carefully chosen to encourage a range of views from different European jurisdictions, which often highlight the differences that still exist in the patent world across Europe, despite extensive harmonisation over the past few decades. 

The topic for this year's roundtable relates to the one thing it has been impossible to avoid for the past 12 months or so. The title is "IP strategy and challenges in an era of cooperation", which in essence is about what we can do in response to new challenges such as Covid-19 and how IP can help (or possibly hinder). Two main topics will be covered: how governments can balance patent rights and public health (e.g. crown use provisions and when they should be used), and whether or not to patent in the age of Covid-19 (e.g. whether it is acceptable to patent treatments to protect public health). I have my own views on these subjects, but I will certainly be interested to hear what others have to say.

The speakers at the event include Michael Fysh QC SC (former Patents County Court judge), Matthieu Dhenne (Partner at Ipsilon), Jorge Contreras (University of Utah & Open Covid Pledge co-founder), Keiko Higuchi (Mitsubishi), David Rosenberg (former GSK vice president of IP) and Nigel Clarke (patent information expert at the EPO). The full programme can be viewed here

As with everything else these days, the meeting will be held entirely online, so there is no excuse not to go this time. The registration fees are consequently lower than normal, being only 20 Euros for Union members and 80 for non-members. Registration is required by 25 February 2021, so book your place now. 

Thursday 4 February 2021

Craig Wright and nChain's European patents

Craig Wright is, to put it mildly, a controversial character. I will not go into the details why, as others have done this in much more detail (see for example Arthur van Pelt's website). It is sufficient to say here that Mr Wright has claimed, and continues to claim, to be Satoshi Nakamoto, the pseudonymous creator of Bitcoin. His claims are at best dubious and are very much contested. For what it is worth, in my opinion it is abundantly clear that he is definitely not Satoshi Nakamoto. The consequences of this, which are many, have yet to be fully worked out.

Despite not being able to prove that he is who he says he is, Mr Wright has over the past few years managed to build up, via the company nChain Holdings Limited in which he plays a key role, what is now a very substantial portfolio of patent applications. On 1 February 2017, nChain started filing GB patent applications. The total number of GB applications filed in the name of nChain now stands at 290, the latest being filed on 23 December 2020. There are also a further 73 applications, all filed in 2016 in the name of EITC Holdings Limited, which have since been assigned to nChain. These applications, which invariably do not progress beyond the first 12 months in the UK, have been used as priority claims for subsequent PCT, EP, US, CN and other applications. The current state of the patent portfolio is consequently now absolutely massive and clearly represents an investment amounting to many millions of whatever fiat currency you choose to use. For a small company based in London (but registered in Antigua), this is an enormous effort, making it very much an outlier in the patent world.

To summarise the entire portfolio would be a task that is far beyond my limited abilities and available time, let alone my readers' attention span. Instead, I will just concentrate on what nChain has managed to achieve so far at the European Patent Office, which Mr Wright has acknowledged is the toughest one to get applications past. It is still relatively early days, given that we are only a few years from the earliest filing dates, but there have already been some successes. None of the patents has been opposed. An interesting point to note is that all of them are very much computer-implemented and presumably rely on the EPO's established view that applications of cryptography are very much within the allowable area of patentability. 

Given the controversy around nChain and Mr Wright (see here), the fact that their patents have so far attracted no serious attention seems surprising to me. From my limited research so far, there is certainly the possibility that some (see for example here) may be invalid, although it is also possible that the technical relevance of nChain's patents is simply too low to be significant. However, given the huge investment so far, it would be surprising if nChain did not intend to use their patents in some way, otherwise it would be an awful lot of money to spend on what many would consider to be a narcissistic and possibly fraudulent vanity project. It would be interesting to see what others think of it, in particular if there is any relevant prior art on the granted patents that the EPO have not considered.

Update 6-10 Feb 2021: In light of the comments received so far by devoted followers of Mr Wright, I would like to add that it is very easy to verify ownership of any particular bitcoin address. Here's an example:

I, Tufty Sylvestris, confirm that I am the owner of the following address.

bc1quklwszfchvfzpxa7wk8pge7ykczcg0pv54wc8a

IA0TdtltWrzK62rDVw/WkZ36hNOGshhw8UFXySK7VFY9Nv5mQWr6B3aXpDpFH15gPH7uUJsPzlLB/T+eKkXjMWo=

Anyone can verify this unambiguously, for example by plugging the text, address and signature into a bitcoin wallet verification tool (e.g. Electrum, which I use). Craig Wright has not been able to do this for any address containing coins owned by Satoshi Nakamoto (e.g. the single address mentioned in block 0, which was definitely owned by Satoshi, who should therefore have the corresponding private key enabling the address to be signed). Therefore Craig Wright's claims to be Satoshi Nakamoto can be discounted. Hitchen's razor applies.