From February 1, 2022, you will no longer be able to generate WIPO PROOF tokens. Starting from this date, and for the 5 following years, WIPO PROOF will continue to store tokens, and you can validate them, download them, and generate premium certificates.

As the token generation service will be terminated after January 31, 2022, pre-paid bundles can be used until that date.

From February 1, 2022, any unused balance of pre-paid bundles will be reimbursed.

No, the tokens can be used to demonstrate a file existed at a given point in time and can be validated even after the discontinuation of the service. The WIPO PROOF validation system will be available until January 2027, and it is always possible to validate the tokens using independent platforms or using readily available open source utilities, so to ensure their validation in the long term.

Yes. The token storage and verification services and the premium certificate service will be maintained, and can be used via the WIPO PROOF web site for 5 years until January 31, 2027. Note that tokens can always be validated using independent platforms or using readily available open source utilities, and so tokens can be validated in the long term.

For additional security, we advise you to download your tokens and to keep them securely with the original digital files. You may also consider generating and storing premium certificates for your tokens, after January 31, 2022.

The premium certificate service will remain available until January 31, 2027. As the certificate is mostly used for additional evidence in case of disputes, we recommend generating premium certificates as-needed after January 31, 2022

WIPO PROOF is a global, online service that rapidly generates tamper-proof evidence proving your intellectual asset existed at a specific point in time, and that it has not been altered since then. The service creates a WIPO PROOF token – a date and time-stamped digital fingerprint of your intellectual asset, which can be used as evidence in the context of legal disputes.

Use WIPO PROOF as an additional element of your IP management strategy. It complements existing IP systems by helping to safeguard your intellectual assets whether or not they become formal IP rights.

Designed to be easy to use, WIPO PROOF provides features and packages tailored to any kind of inventor or creator, from the individual to the large corporation: 

• Anyone can use the service, generating digital evidence in a matter of seconds online, for a wide variety of use cases.
• Law firms, IP practices and legal representatives can use the service on behalf of their clients. A dedicated feature allows the declaration of different owners for each file, whether they are individuals or companies.

A WIPO PROOF token is a time-stamped digital fingerprint that proves the existence of a digital file at a specific date and time.

Technically, it is an encrypted file generated using Public Key Infrastructure (PKI) technology, that contains:

• A hash code of the original file, generated by a local browser’s one-way algorithm, which uniquely identifies the original file.
• The exact date and time the token creation request was issued.
• A digital signature identifying WIPO as the entity responsible of generating the token
• A public key that ensures the authenticity of the token

A token is a file with a “.tsr” extension that can be downloaded from your WIPO PROOF dashboard, and stored together with the original file. The token cannot be opened or modified, and for this reason, it provides certainty that the date and time the token was created is exact and has not been tampered with. It can be thought of as a digital notary-type service. 

Details of your tokens are accessible from your WIPO PROOF dashboard.Find out more about how it works.

WIPO PROOF does not require any proof that an entity or person is authorized to act on-behalf of someone else; however, the terms of use of the service specify that any use of the service, on-behalf of a third party, must be authorized. WIPO recommends a valid agreement between parties is put in place, justifying the relationship between them.

You need any major up-to-date Internet browser, the original digital work, and a WIPO Account. Payment must be made or a valid pre-paid bundle must be available on your WIPO Account. When a WIPO PROOF token is generated, you will receive:

1. An online acknowledgement that the token has been created.
2. A confirmation email for each purchase containing all of the details associated with your token including a link to download it. Your receipt for the purchase will be included in the downloaded zip file.

When processing more than one digital file at a time (for a single purchase), you will receive only one link to download all of your tokens at once and a single receipt.

We recommend you download the token and store the email, token and original digital file together for easy retrieval. We also recommend that you appropriately name each element in order to easily identify them as a package.

You can download your token(s) any time from the WIPO PROOF service by logging into your account and going to your WIPO PROOF dashboard. WIPO stores each token for 5 years from the date it was created, for easy retrieval.

Unpaid token creation requests will appear in the “token(s) to be processed” section on your dashboard and will be saved there for four weeks. During this time, the system will provide reminders of unpaid tokens via email.
In order to retrieve your work from where you’ve left it, you can:

1. Connect to your dashboard
2. Access the “Token(s) to be processed” section of the dashboard
3. Select all the “Token(s) to be processed” that appear there and click on “Pay now”

The WIPO PROOF token contains a digital fingerprint (hash code) of the original digital file. If the file is altered in any way (even changing 1 character) then the digital fingerprint will be different and there will be no way to prove that the WIPO PROOF token corresponds to the same digital file. If there is ever a dispute or legal process related to your digital file, you need to be able to prove that the WIPO PROOF token, and its timestamp, correspond exactly to the digital file.

Verification of a WIPO PROOF token validates the exact date and time the token was generated for a specific digital file

Owners of the original file or any third party can verify a WIPO PROOF token connecting to the WIPO PROOF service and choosing the “VERIFY TOKEN” . To verify a token, you must provide two items:

The unaltered original file for which the token was created

The corresponding WIPO PROOF token. This can be downloaded from your dashboard.

When you or a third-party requests verification of the WIPO PROOF token, WIPO provides it in the form of an on-screen message. The process of verification generates a new hash from the original file, and compares this with the hash contained in the token. If they match, it will confirm that the token was generated from that exact original file, and the date and time when this happened.

It is important to note that, if the original file has been modified even slightly, the verification will fail, and therefore it will not demonstrate the existence of the original file at the date and time it was processed.

Yes. For anyone to independently verify a WIPO PROOF token, they will need the following:

1. The original file;
2. The hash of the file in question which they can create with a SHA-256 hashing tool;
3. The WIPO PROOF token;
4. The WIPO TSA public certificate that was used to sign the hash in 1 (retrievable from the actual time stamp). NB, using a tool in 5 will extract this from the token for you;
5. The verification can be done using an openssl (open source) tool, e.g., https://www.openssl.org/, to verify the timestamp/token. See below.
   
   openssl ts -verify -data file.txt -in file.tsr -CAfile wipo_cachain.pem -untrusted tsa.crt
   where:
   file.txt is the timestamped file
   file.tsr is the timestamp response file.
   cacert.pem contains certificates needed for the timestamp issuance (CertSign’s root and qualified)
   tsa.crt is our TS server public certificate

Your token will no longer be valid if the original digital file is modified in any way – including the slightest formatting changes. A WIPO PROOF token is a digital fingerprint of a specific digital file. If you change the digital work in any way, even something as small as adding a period or a comma, it will of course be different from the original file for which the WIPO PROOF token was created. Therefore, the token will not match the modified file.

No, WIPO PROOF only processes digital files.However, you can scan documents or take digital photographs of objects and then generate a WIPO PROOF token for the digital file. Be sure to keep the digital file with the WIPO PROOF token so that it can be validated in the future.

No. A WIPO PROOF token can be generated for any size of digital file, whether it is numeric, image, executable, text or audio-visual. However, there may be limitations on the customer’s side related to the Internet browser and processing power of the device used to access WIPO PROOF.

No, WIPO PROOF does not read or store your original file. Technically, a strong cryptographic hashing function processes your digital document while still in its original location, producing a hash value uniquely identifying that file. The hash value is then used to create the WIPO PROOF token. From the hash value, it is not possible to read or recreate the original file, ensuring 100% confidentiality.

We recommend that you store your original digital file securely, together with the WIPO PROOF token.

WIPO PROOF tokens can be used in jurisdictions that recognize digital timestamping as admissible digital evidence or legal proof. WIPO PROOF proves that a digital file existed at a specific date and time, and that the file was under the physical possession of the requestor of the WIPO PROOF token. These tokens are likely to be admissible in jurisdictions that recognize national, regional, or international standards such as in eIDAS. The technologies and systems used by WIPO to generate WIPO PROOF tokens meet the highest standards for reliability, accuracy, integrity and confidentiality. WIPO uses certified hardware compliant to FIPS 140 level 3, advanced electronic seals, a key ceremony witnessed by an independent auditor, and a fully automated, defensible, and auditable chain of evidence.

There is no limit to the validity of the token. You can verify your WIPO PROOF token as long as you are able to make the unaltered original digital file available.

By default, WIPO PROOF stores each token for 5 years from the moment of purchase. During this time, the tokens can be downloaded at any time.

WIPO PROOF uses robust industry standard technology (IETF RFC 3161), thereby reducing the risk of abuse. No external party, not even WIPO, will be able to modify a WIPO PROOF token once generated. By using WIPO PROOF, anyone in the world with a WIPO Account can benefit from a robust, timely and effective service from the world’s trusted and recognized authority on intellectual property.

No, the digital fingerprint of your file (the hash) is created and date- and time-stamped only at the moment you request a WIPO PROOF token for your file. Tokens cannot be back-dated.

WIPO PROOF’s technical infrastructure is designed to meet the industry standards that define a Trusted Time Stamping Authority (TSA):

1. RFC 3161- timestamps generated by WIPO PROOF are compliant with RFC 3161, an IETF standard, that provides specifications for the implementation of the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP);
2. WIPO PROOF conforms to the requirements specified in the eIDAS regulation - ETSI EN 319 401 and ETSI EN 319 421. These standards specify the general policy requirements for Trust Service Providers (TSP), and policy and security requirements for TSPs issuing timestamps. WIPO is currently preparing to be independently audited and confirmed as fulfilling these standards.

Additionally, WIPO PROOF is certified against ISO 27001 standards for information security management.

A digital timestamp is considered as “trusted” if it is issued by a Trusted Third Party (TTP) acting as a Time Stamping Authority (TSA). A TSA issues trusted timestamps, which can be used to prove the existence of digital files at a certain point in time, without the risk of tampering by the owner or any other party. TSAs utilize provable, "trusted time" from one or more reliable time sources, such as the Coordinated Universal Time (UTC).

WIPO PROOF is a trusted Timestamping Authority (TSA) and conforms to the same eIDAS regulation as “qualified” TSAs. The EU administration provides the qualified status to a TSA, on the examination of an audit report provided by independent 3rd parties. The audit report must prove compliance with the eIDAS regulation and ETSI standards, and it is the EU’s decision to award a qualified status upon review of this audit report. The same audit process is also used by WIPO PROOF and WIPO passed its audit by a 3rd party eIDAS conformity assessment body with no non-conformities in October 2020.

Regardless of this fact, WIPO PROOF cannot become a “qualified” TSA, simply because WIPO is considered a foreign entity to the EU. While Article 14 of the eIDAS Regulation states that trust services provided by foreign eIDAS compliant providers (such as WIPO) may be recognized as legally equivalent to qualified trust services, WIPO’s status as an international organization and specialized agency of the United Nations does not allow itself to meet the necessary requirements for it, since WIPO operates on a multi-lateral framework and does not subject itself to such bilateral arrangements.

However, it is worth noting that the creation of WIPO PROOF was unanimously approved by its more than 190 member states (including the member states of the EU) in October 2019 during WIPO’s General Assemblies, which should be noted in any disputes or legal proceedings where a WIPO PROOF token is submitted as evidence.

WIPO PROOF uses hardware-based, redundant time servers that source their time from the globally recognized Global Positioning System (GPS) which uses a network of satellites orbiting the earth. Each satellite carries several atomic clocks and has a very accurate time, which enables the GPS to offer a high-precision time.

You can recover your account by choosing “Forgot your username” or “Forgot your password” on the login page. Once you’ve logged in, download your unexpired tokens to your device.