Further, because most work is done electronically, you have the added burden of proving what you wrote (or created) and when you wrote it in order to establish your copyrights for unregistered material…which could represent the bulk of what you do.

IP.com created two legal safeguarding solutions specifically to help you prove the date and content of your creative work so as to ensure you will be able to leverage your copyright protection for that work. These affordable products are designed to legally safeguard your work in the context of the real world…the way you live and work. Legal safeguarding is the process of creating a digital fingerprint and date-stamp of your work, then registering that fingerprint into the public domain as public evidence of your work and thus your copyright proof. The actual creative work is never exposed to others so your privacy is ensured while you gain this valuable means of proving what you wrote and when you wrote it.

The first product is the Legal Safeguarding Agent (LSA). The LSA is a small software agent that sits on your desktop. You can direct the agent to examine specific folders and/or file types on a regular basis. When it does, the agent will determine if files are new or have been changed since the last execution. If so, it will create an archive copy of the file along with a digital fingerprint and date-stamp. The fingerprint and date-stamp (not the document itself) are automatically sent to IP.com for registration and publication. The document and the archive of the document all remain on the users desktop. This provides maximum privacy as your documents never leave your possession. It also provides the best real-world solution to writers who create work on a regular basis, and who might change, edit or revise that work on a frequent basis. The agent can also be run manually to protect specific versions of work that you might be sending out to editors or reviewers. If the archive option is turned on, it also ceates a version control-like mechanism that ensures you have multiple versions of your work saved without renaming the work each time (the agent takes care of that foryou as it creates the archive).

The second product is the Creative Registry. The Creative Registry is an online database which allows the user to upload documents for safeguarding and safekeeping. Users can log on to the IP.com Creative Registry and upload individual documents to the Registry. When they do, they are provided a Certificate of Authenticity (CoA) which includes the document fingerprint and upload date information. The user can then use the CoA to retrieve the document in the future in order to prove the authenticity of their work. Alternatively, they can use their original document to prove their work by simply re-fingerprinting that document for a legal authority. When the document reproduces the same fingerprint (which it will if it has not been changed) as registered with IP.com they will have demonstrated the original date of their work and the fact that the content has not been changed (IP.com will freely confirm the registration information for any fingerprint. i.e. the date it was recorded by IP.com, via our website) Both of the above solutions ensure that you can prove what you wrote (or created) and when, thus ensuring that you will be able to establish when your copyright protection for a specific piece of work went into effect.

The Legal Safeguarding Agent is therefore a better solution for regular use where the volume of documents or records protected could be relatively high and storing the records on the user machine is desirable or at least not a problem (do you back up your work?). The Creative Registry is a better solution for low volume work or where the user wants to have the document stored by a trusted third party.

Both solutions help you prove the date and content of your work, irrefutably. Both solutions help ensure you can enjoy the protection of US copyright laws without the authenticity of your work being questioned.

Protecting your “work in progress” is an excellent idea and allows you to send it to others for comment, review or consideration, without fear that somehow they will steal your work and present it as their own. Using IP.com legal safeguarding solutions, you will always be able to prove that you had the work prior to the time it was shared. And when it comes time to publish or sell your work, or otherwise memorialize it in a final way, you can always register the final work with the Library of Congress.

Yet IP data loss happens all the time. Flash drives and flash memory provide high capacity storage at a cheap price. Portable USB hard drives of up to 500GB are now available for very little money. This is big enough to house large corporate databases and as easy to lose as a cell phone. Which brings us to personal digital devices like cell phones and music players. These have substantial amounts of storage which often contain more than just someone's tunes or pictures of their cat.

All of this mobile storage creates an enormous IP problem. Most people don't realize that practically anything can be intellectual property. The end result is that almost everyone is, at some point, walking around with large amounts of intellectual property in an easy-to-lose form. Mobile storage also makes it very easy for folks to go over to the dark side and take intellectual property. It's now all too simple to copy large amounts of information and very hard to track when it happens.

The good news is that the only one who gets hurt if you lose your intellectual property is you (and your shareholders). If someone loses 150,000 Social Security numbers then there are 150,000 people at risk outside your company. The bad news is that you lose big. A simple "flash drive accident" may hand your competitor your most trusted secrets, jeopardizing new products, revenue, and reputation.

As bad as the bad is, it can be mitigated. First, make sure that you have copies of everything that might contain intellectual property in a secure location. This way, if you have to prove prior art, you can do so. If you need to prove that the information was taken(misappropriated), rather than accidentally lost,  you can do that too. Second, continuously monitor the landscape to see if anything is leaking. Many folks only survey the intellectual property space when they are applying for a patent. While there are a dozen reasons to do this, finding where your intellectual property is turning up is one of them. Finally, review important information for intellectual property on a regular basis. Not everything is important but you won't know that until you review it. This way everyone will have a better appreciation of what needs to be locked down and can't ever be copied to mobile storage or devices.

This is where IP.com can help. Our InnovationQ, Prior Art Database, and Patent Search Services can, when taken together, help secure your intellectual property, assist in making decisions about what is or is not IP,  and provide you the business intelligence you need when surveying the IP landscape.

Otherwise you might wake up one day and find your that your IP has sprouted legs and walked off.

Additionally, the publishing of fingerprints through IP.com’s Prior Art Database provides unbiased third-party corroboration as well as defensible date-stamping.

IP.com legal safeguarding allows you to transparently protect your files so that you can concentrate on your business with complete confidence in the reliability and defensibility of your electronic records.

Securing your file

1. The Legal Safeguarding Agent (LSA) software runs at a user selected, predetermined
interval looking for new files to safeguard.

OR

The Legal Safeguarding Agent (LSA) software is invoked from within your own
software application using our developers API kit. The agent can be configured
to include (or ignore) only the files matching your specifications (outlined in the
next section).

2. Fingerprints are generated for newly discovered files by the LSA local software application.

3. The LSA application contacts the servers at IP.com and transmits the fingerprint information.

4. The remote IP.com server creates a new document called a BCR (Bulk Certification Record) which contains all of the transmitted fingerprints for the current session.

5. The server generates a fingerprint for the contents of the BCR to further ensure integrity. The BCR and fingerprint are saved to the IP.com Prior Art Database.

6. The server responds to the LSA application running on your network with the BCR number. The software can store the information in a file, or in a local database.

7. Publishing – once all the of the above steps are complete the certification record for the BCR is published into the IP.com Prior Art Database as well as a hard copy in The IP.com Journal. This is a critical step in ensuring the public integrity of your records.

Authenticating a file

1. A new fingerprint is generated for a file using the LSA software

2. The generated fingerprint can be searched within the IP.com Prior Art Database. The search will return any matching documents – the date of the earliest document in the search result will indicate the earliest date that a file matching that signature was recorded.

OR

The BCR from the original safeguarding session can be searched within the Prior Art Database. That document will contain all the fingerprints from that session.vThe newly generated fingerprint can be compared to the list of fingerprints stored during that session.

How is the integrity of the BCR documents ensured?

The BCR documents, which contain the individual fingerprints of files processed over the course of a given day, are published in an aggregated document to the IP.com Prior Art Database. Each document published to the IP.com Prior Art Database receives two notarizations, one from IP.com in the form of an IPCOM sequential number and date, and the second from Surety. It also appears in The IP.com Journal – the monthly printed publication containing the previous month's Prior Art Database submissions. The IP.com Journal is indexed by a number of libraries worldwide, including the Library of Congress.

The Legal Safeguarding Agent can be implemented in one of two ways, depending on the needs within your organization and your existing processes. Both methods of using the software require that the computer running the software have access to the internet to transmit and verify file signatures.

Stand-alone agent
 
The stand-alone agent is a software application that can be deployed on your network to look for files and automatically perform the safeguarding process on what it finds. The agent can be configured to look for files matching specific criteria so as to only work on the files you wish to be safeguarded while ignoring all others. For example, the object can be programmed to look for (any combination of):

Filename pattern matching

This is used to match files whose filename matches a pre-set pattern. ‘Wildcard’ characters allow for broad matches.

File location matching

You can set the agent to look for files that reside in specific directories on your network.

Match archive bit

Files stored on standard Windows® file systems can be marked with an ‘archive’ attribute. This can be accomplished by right-clicking a file and choosing ‘properties’. The file attributes can be modified to mark individual files as ‘Ready to be archived’. This method allows you to mark arbitrary files from within a large collection of files without needing special naming or sorting conventions.

Since last run

The agent has the ability to selectively include only the new files since its last run. This can improve throughput by not re-processing files that have already been safeguarded.

Change to Read Only

The agent has the ability to selectively mark files as “read only” after generating the fingerprint. This can help minimize the chance that a user could inadvertently change a safeguarded document, helping ensure it will be there in its original condition should it be needed in the future.

The agent is easily configured using a configuration file which contains information on the criteria for files to include, as well as how to store the results. Results can be stored in a file, or within a local ODBC compliant database.

Application plug-in

In addition to running as a stand-alone agent, the LSA software is made available as a set of libraries that can be included within your own application. The objects are made available to those programming in the Windows® environment and can be included easily from within VB and Visual Studio environments.

Fingerprints are generated using a hash algorithm that produces signatures of a certain complexity (bit depth) which correlates to the number of possible combinations that can be represented by the fingerprint - the higher the complexity, the lower the possibility that a duplicate fingerprint could occur for different files. Two of the common fingerprint functions, MD5 and SHA-1 use 128-bit and 160-bit lengths respectively. This means that MD5 can have over 340,000,000,000,000,000,000,000,000,000,000,000,000 different values without repeating. SHA-1 can hold over 4 billion times as many as MD5. The Legal Safeguarding Agent produces 288-bit fingerprints - by combining a MD5 and SHA-1 fingerprint; yielding 2^288 (or 4.97x10^86) possible combinations. This yields a staggering number of possible combinations; imagine the number 497 followed by 84 zeroes. Using this method, if you were to generate 100 trillion fingerprints every second, it would take 1.57x10^65 years to exhaust the possible supply of fingerprints. (157,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years)

Like their real-world counterparts, electronic fingerprints cannot be used to re-generate the file or person which produced them. Both the MD5 and SHA-1 hash algorithms are considered to be “one way” algorithms, meaning that the mathematical functions to produce the fingerprint work for creating the fingerprint, but cannot be done “in reverse” to re-create the original. This is important, as it means that fingerprints can be transmitted, stored, and viewed by the public without compromising any of your sensitive data.

How are fingerprints used to authenticate files?

Since the fingerprinting function works on each individual bit of the original electronic file, even the slightest change produces a new fingerprint. It is because of this, that fingerprints can be used as a tool of file integrity; by comparing a known fingerprint value for a file to a newly generated fingerprint for that file it is easy to see if the file has remained unchanged. The important component to this process is in having a trusted registry of fingerprint information.

IP.com offers legal safeguarding in all of its products, and specifically created the IP.com Legal Safeguarding Agent to provide this function on a single document basis, or in an integrated way to existing document management solutions. The safeguarding agent ensures the integrity of the document at multiple levels, including the last and important step of publishing the certification record (fingerprint/date-stamp) into the public domain.

The next blog post in this series provides an overview of the IP.com legal safeguarding process and how the IP.com Legal Safeguarding Agent works.

Electronic records have many advantages over paper. Unfortunately, these same advantages also expose records to tampering and fraud as we’ve seen witnessed in recent news stories. The lack of ability to prove the integrity of electronic records (who created what and when) complicates efforts in the event of a legal challenge. That is why IP.com created the legal safeguarding process.

Using electronic files doesn’t mean that you have to lose all assurances of the integrity of your work. Electronic documents can be made more secure than their paper-based counterparts through the use of legal safeguarding. Legal safeguarding is the process of fingerprinting and date-stamping electronic records so that the content and date of the document can be proven with accuracy at any future date.

Well…easily. To some degree, this sort of thing probably happens all the time. At least some of the records he falsified were images. These days, images are typically stored in an electronic format. Moreover, most documents are stored electronically as well; invention disclosures, lab notebook records and clinical trial data just to name a few. More and more evidentiary material is kept electronically and less and less is kept on paper. And you know what that means. Easy to alter. Easy to fraudulently alter.

The rate of incidents regarding falsification of research data, financial data, and all kinds of other records seems to be growing. Or maybe it’s just the discovery of the fraud that is growing. But whichever it is, the press around these incidents is ramping up the concerns we all have about the authenticity of electronic records. Lawyers, juries, and courts are all becoming savvier to this opportunity for fraud. Documents submitted as evidence are being more aggressively cross examined as to their authenticity.

If they believe that the critical disclosure was concocted after the fact to build a defense. If they believe that they witness had motive and opportunity to falsify the critical piece of evidence needed to stave off a multi-million dollar verdict against his or her employer. Especially since they only had to change one date. Not even the whole date, just the year. The difference between a disclosure dated 2003 versus one dated 2004 could be the difference between an adverse verdict worth millions and an outright dismissal of the case.

The good news is…being able to prove, unequivocally, that evidentiary records have not been altered can be inexpensive and can require almost no end-user behavioral change. Rather than building in yet another document management system, IP.com’s legal safeguarding agent can turn your current document management system into a veritable authentication insurance system. E-records are kept safely onsite (as you have always kept them), and notarization records are kept with a third party. It’s fast, easy, cost effective, and secure.

Will your electronic records help you or hurt if needed during an adversarial proceeding?