WIPO PROOF is a global, online service that rapidly generates tamper-proof evidence proving your intellectual asset existed at a specific point in time, and that it has not been altered since then. The service creates a WIPO PROOF token – a date and time-stamped digital fingerprint of your intellectual asset, which can be used as evidence in the context of legal disputes.

Use WIPO PROOF as an additional element of your IP management strategy. It complements existing IP systems by helping to safeguard your intellectual assets whether or not they become formal IP rights.

Designed to be easy to use, WIPO PROOF provides features and packages tailored to any kind of inventor or creator, from the individual to the large corporation: 

• Anyone can use the service, generating digital evidence in a matter of seconds online, for a wide variety of use cases.
• Higher volume customers can benefit from offers, features and packages targeted to their needs. Pre-paid bundles of tokens, APIs, and the option to pay via a WIPO Current Account facilitate a more extensive use of the service. For example, the availability of APIs enables direct integration with third party systems and applications.
• Law firms, IP practices and legal representatives can use the service on behalf of their clients, as a dedicated feature allows the declaration of different owners for each file, might they be individuals or companies.

A WIPO PROOF token is a digital fingerprint that proves the existence of a digital file at a specific date and time.

Technically, it is an encrypted file generated using Public Key Infrastructure (PKI) technology, that contains:

• A hash code of the original file, generated by a local browser’s one-way algorithm, which uniquely identifies the original file.
• The exact date and time the token creation request was issued.
• A private key identifying WIPO as the entity responsible of generating the token
• A public key that ensures the authenticity of the token

A token is a file with a “.tsr” extension that can be downloaded from your WIPO PROOF dashboard, and stored together with the original file. The token cannot be opened or modified, and for this reason, it provides certainty that the date and time the token was created is exact and has not been tampered with. It can be thought of as a digital notary-type service. 

Details of your tokens are accessible from your WIPO PROOF dashboard.Find out more about how it works.

WIPO PROOF does not require any proof that an entity or person is authorized to act on-behalf of someone else; however, the terms of use of the service specify that any use of the service, on-behalf of a third party, must be authorized. WIPO recommends a valid agreement between parties is put in place, justifying the relationship between them.

You need any major up-to-date Internet browser, the original digital work, and a WIPO Account. Payment must be received or a valid bundle must be available on your WIPO Account. When a WIPO PROOF token is generated, you will receive:

1. An online acknowledgement that the token has been created.
2. A confirmation email for each purchase containing all of the details associated with your token including a link to download it. Your receipt for the purchase will be included in the downloaded zip file.

When processing more than one digital file at a time (for a single purchase), you will receive only one link to download all of your tokens at once and a single receipt.

We recommend you download the token and store the email, token and original digital file together in the same folder on your device for easy retrieval. We also recommend that you appropriately name each element in order to easily identify them as a package.

You can download your token(s) any time from the WIPO PROOF service by logging into your account and going to your WIPO PROOF dashboard. WIPO stores each token for 5 years from the date it was created, for easy retrieval.

Unpaid token creation requests will appear in the “token(s) to be processed” section on your dashboard and will be saved there for four weeks. During this time, the system will provide reminders of unpaid tokens via email.
In order to retrieve your work from where you’ve left it, you can:

1. Connect to your dashboard
2. Access the “Token(s) to be processed” section of the dashboard
3. Select all the “Token(s) to be processed” that appear there and click on “Pay now”

Later on, possibly after several years, you may need to validate your WIPO PROOF token. This could be during a dispute related to your original digital file or its content. With the WIPO PROOF token and an exact, unaltered copy of the original digital file, you can prove you had possession of the original digital file, in the same state, at the specific point in time you generated the token. This is why it is extremely important to keep the original digital file, unaltered, alongside its corresponding WIPO PROOF token.

Verification of a WIPO PROOF token validates the exact date and time the token was generated for a specific digital file

Owners of the original file or any third party can verify a WIPO PROOF token connecting to the WIPO PROOF service and choosing the “VERIFY TOKEN” . To verify a token, you must provide two items:

The unaltered original file for which the token was created

The corresponding WIPO PROOF token. This can be downloaded from your dashboard.

When you or a third-party requests verification of the WIPO PROOF token, WIPO provides it in the form of an on-screen message. The process of verification generates a new hash from the original file, and compares this with the hash contained in the token. If they match, it will confirm that the token was generated from that exact original file, and the date and time when this happened.

It is important to note that, if the original file has been modified even slightly, the verification will fail, and therefore it will not demonstrate the existence of the original file at the date and time it was processed.

Yes. For anyone to independently verify a WIPO PROOF token, they will need the following:

1. The original file;
2. The hash of the file in question which they can create with a SHA-256 hashing tool;
3. The WIPO PROOF token;
4. The WIPO TSA public certificate that was used to sign the hash in 1 (retrievable from the actual time stamp). NB, using a tool in 5 will extract this from the token for you;
5. The verification can be done using an openssl (open source) tool, e.g., https://www.openssl.org/, to verify the timestamp/token. See below.
   
   openssl ts -verify -data file.txt -in file.tsr -CAfile wipo_cachain.pem -untrusted tsa.crt
   where:
   file.txt is the timestamped file
   file.tsr is the timestamp response file.
   cacert.pem contains certificates needed for the timestamp issuance (CertSign’s root and qualified)
   tsa.crt is our TS server public certificate

Your token will no longer be valid if the original digital file is modified in any way – including the slightest formatting changes. A WIPO PROOF token is a digital fingerprint of a specific digital file. If you change the digital work in any way, even something as small as adding a period or a comma, it will of course be different from the original file for which the WIPO PROOF token was created. Therefore, the token will not match the modified file.

No, WIPO PROOF only processes digital files.

No. A WIPO PROOF token can be generated for any size of digital file, whether it is numeric, image, executable, text or audio-visual. However, there may be limitations on the customer’s side related to connectivity and/or the types of devices used to access WIPO PROOF.

No, WIPO PROOF does not read or store your original file. Technically, a strong cryptographic hashing function processes your digital document while still in its original location, producing a hash value uniquely identifying that file. The hash value is then used to create the WIPO PROOF token. From the hash value, it is not possible to read or recreate the original file, ensuring 100% confidentiality.

WIPO PROOF tokens can be used in countries that recognize digital timestamping as legitimate or legal proof. WIPO PROOF proves that a digital file existed as a specific version on a specific date and time, and that the file was under the physical possession of the requestor of the WIPO PROOF token. These tokens are likely to be admissible if they can be reliably proven to be generated in compliance with national, regional, or international standards such as in eIDAS. The technologies and systems used by WIPO to generate WIPO PROOF tokens meet the highest standards for reliability, accuracy, integrity and confidentiality. WIPO uses certified hardware compliant to FIPS 140 level 3, advanced electronic seals, a key ceremony witnessed by an independent auditor, and a fully automated, defensible, and auditable chain of evidence.

There is no limit to the validity of the token. You can verify your WIPO PROOF token as long as you are able to make the unaltered original digital file available.

However, while the validity of WIPO PROOF tokens is not subject to expiration, in the long term, there is a risk that the cryptographic algorithms that support the generation of the WIPO PROOF tokens could be broken and hence become obsolete. Should this happen, the WIPO PROOF tokens generated with these algorithms might be deemed to have less evidential value. Although WIPO is using the same strong algorithms used by governments and other organizations processing sensitive medical and financial information, the possible advancement of quantum computing technologies in the next 5-10 years could speed up the time it takes to break today’s cryptographic algorithms. This is a risk faced not only by WIPO PROOF, but also by other similar services.

WIPO commits itself to ensure the service’s cryptographic algorithms remain updated to the latest standards; future enhancements to WIPO PROOF will provide necessary measures to maintain the integrity and evidential value of stored tokens, should any previously used algorithms become broken or obsolete.

By default, WIPO PROOF stores each token for 5 years from the moment of purchase. During this time, the tokens can be downloaded at any time.  

WIPO commits in keeping the tokens up-to-date with the most advanced encryption algorithms, for the time they are stored in its secure database.

When the first 5-year period is approaching its end, you will be notified automatically, and a new 5-year period can be requested for an additional fee. WIPO is exploring longer storage periods as part of its future enhancements.

WIPO PROOF uses robust industry standard technology (IETF RFC 3161), thereby reducing the risk of abuse. No external party, not even WIPO, will be able to modify a WIPO PROOF token once generated. By using WIPO PROOF, anyone in the world with a WIPO Account can benefit from a robust, timely and effective service from the world’s trusted and recognized authority on intellectual property.

When working in life science research, you are likely to generate extensive genetic and biochemical data, such as sequence data, which may be an important intellectual asset for you or others for future research and use. This may also include chemical structure information. WIPO PROOF provides you with tamper-proof evidence that your data existed at a certain point in time and thus enables you to develop the full range of your IP options regarding your sequence or chemical structure information. If, for example, you wish to make your data publicly available for open science and innovation, WIPO PROOF may provide you with evidence that you possessed the data set before its publication. If, on the other hand, you wish to maintain your data and their uses undisclosed, WIPO PROOF can give you evidence of your prior user rights in the case of third party patent filings affecting your use of the data. In case you wish to maintain certain biological resources and their uses as a trade secret, obtaining your WIPO PROOF token can discourage possible theft or misuse of these valuable assets, together with other protective measures. WIPO PROOF can strengthen your trade secret protection or patent applications because timestamping your data with WIPO PROOF as such is not a public disclosure and does not create novelty destroying prior art. You therefore will have the opportunity to file patent applications, which include or build on these data, provided that no other publicly available disclosure has been made. Thus, WIPO PROOF can serve as an important tool for you to use the full range of your IP options regarding your genetic and biochemical data and their uses.

No, the digital fingerprint of your file (the hash) is created and date- and time-stamped only at the moment you request a WIPO PROOF token for your file. Tokens cannot be back-dated.

WIPO PROOF’s technical infrastructure is designed to meet the industry standards that define a Trusted Time Stamping Authority (TSA):

1. RFC 3161- timestamps generated by WIPO PROOF are compliant with RFC 3161, an IETF standard, that provides specifications for the implementation of the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP);
2. WIPO PROOF conforms to the requirements specified in the eIDAS regulation - ETSI EN 319 401 and ETSI EN 319 421. These standards specify the general policy requirements for Trust Service Providers (TSP), and policy and security requirements for TSPs issuing timestamps. WIPO is currently preparing to be independently audited and confirmed as fulfilling these standards.

Additionally, WIPO PROOF is certified against ISO 27001 standards for information security management.

A digital timestamp is considered as “trusted” if it is issued by a Trusted Third Party (TTP) acting as a Time Stamping Authority (TSA). A TSA issues trusted timestamps, which can be used to prove the existence of digital files at a certain point in time, without the risk of tampering by the owner or any other party. TSAs utilize provable, "trusted time" from one or more reliable time sources, such as the Coordinated Universal Time (UTC).

WIPO PROOF is a trusted Timestamping Authority (TSA) and conforms to the same eIDAS regulation as “qualified” TSAs. The EU administration provides the qualified status to a TSA, on the examination of an audit report provided by independent 3rd parties. The audit report must prove compliance with the eIDAS regulation and ETSI standards, and it is the EU’s decision to award a qualified status upon review of this audit report. The same audit process is also used by WIPO PROOF and WIPO passed its audit by a 3rd party eIDAS conformity assessment body with no non-conformities in October 2020.

Regardless of this fact, WIPO PROOF cannot become a “qualified” TSA, simply because WIPO is considered a foreign entity to the EU. While Article 14 of the eIDAS Regulation states that trust services provided by foreign eIDAS compliant providers (such as WIPO) may be recognized as legally equivalent to qualified trust services, WIPO’s status as an international organization and specialized agency of the United Nations does not allow itself to meet the necessary requirements for it, since WIPO operates on a multi-lateral framework and does not subject itself to such bilateral arrangements.

However, it is worth noting that the creation of WIPO PROOF was unanimously approved by its more than 190 member states (including the member states of the EU) in October 2019 during WIPO’s General Assemblies, which should be noted in any disputes or legal proceedings where a WIPO PROOF token is submitted as evidence.

WIPO PROOF uses hardware-based, redundant time servers that source their time from the globally recognized Global Positioning System (GPS) which uses a network of satellites orbiting the earth. Each satellite carries several atomic clocks and has a very accurate time, which enables the GPS to offer a high-precision time.

The generation and verification of proof of existence for IP and related assets, often presented in courts of law as digital evidence, is a sensitive topic. The backing and certification of such digital evidence by a centralized and neutral authoritative body maximizes trust and asserts more validity than digital evidence without such backing. This authoritative authentication and backing serves to ensure that the underlying technology used in proof of existence is of the highest global standards and that the digital evidence has not been tampered with. The acceptance of verifiable evidence provided through a distributed public blockchain is not yet widely guaranteed in courts, as public blockchains do not have institutional stewardship.

Additionally, what you do on the public blockchain is not anonymous, and this is a common misperception. In fact, public blockchains are only confidential. When a transaction is made, a unique code called a public key is recorded on the blockchain. This key does not contain personal information; however, it can always be linked to an entity or person through other means. Although blockchain entries remain encrypted in the public sphere, WIPO believes that many creators and innovators may prefer to retain complete anonymity, not just confidentiality. WIPO PROOF provides this anonymity, because only WIPO knows that you generated a WIPO PROOF token – no unique identification information is made available to the public.

WIPO is currently looking into the potential evolution of WIPO PROOF to add a blockchain component as an addition to the PKI service, but not replacing it. This blockchain component will be an optional output of WIPO PROOF’s process, and completely at the discretion of our customers to decide to use it or not.

You can recover your account by choosing “Forgot your username” or “Forgot your password” on the login page. Once you’ve logged in, download your unexpired tokens to your device.