Currently the World Intellectual Property Organization WIPO (an UN subsidiary) makes efforts to implement facilities for electronic filing of patent applications according the "Patent Cooperation Treaty" (PCT) to be operative in 2001: http://www.wipo.int/eng/document/govbody/wo_pct/index_28.htm De facto this means that on the long run all national Patent and Trade Mark Offices will have to comply with this technical system. I think this is relevant well beyond the Intellectual Property theatre; this project seems to be de facto also a pilot for further e- government developments, particularly in the field of electronic court filing. So, it might be of some general interest to know that the GAK, key escrow, and key recovery discussion is not finished. This is the latest draft for a *technical* standard of electronic filing to be adopted by the WIPO PCT bodies: http://www.wipo.int/eng/document/govbody/wo_pct/pdf/pct28_3a1.pdf ------------------------------- CUT ---------------------------------- -- [...] SCIT/P 8/99 Rev.1 Annex 5, page 19 3.4.8 Key Recovery A subscriber should be able to recover data, which they have encrypted or that was encrypted for them, even though their decryption private key becomes unavailable. The key may become unavailable for a variety of reasons including, inability to access the stored key (e.g., forgets password), corruption of the stored key, failure of the storage medium, and theft of the key or storage medium. An organization should be able to recover its data, which has been encrypted by subscribers, when the subscriber is unable or unwilling (e.g., disgruntled, incapacitated, unavailable) to decrypt the data. The IP Office PKI may provide the capability for key recovery of internal and external subscriber decryption keys. In order to meet these requirements, a copy of each user's private decryption keys must be obtained and securely stored to enable the authorized recovery of encrypted data. Key recovery does not apply to the subscriber's signing keys. The subscriber's private signing keys are not recoverable due to the requirement for effective nonrepudiation. Nonrepudiation is supported by having the subscriber generate his signing key pair on his own system and only transferring his public verification key to the Certification Authority during the registration process. The private signing key must remain under the sole control of the subscriber so that there is no opportunity to mascarade. The following discussion applies to decryption key recovery only. It is a highly sensitive PKI function since it deals with the confidentiality of communications and files which may, as with patent application prosecution, be held in confidence by law. Key recovery for external subscribers may only be initiated by the subscriber, a Registration Authority, or a Local Registration Authority by following established key recovery procedures and interacting with the Registration Authority. For internal subscribers, a Registration Authority or Local Registration Authority should initiate key recovery only after authorization by appropriate IP office management. Such authorization may result from a request from the internal subscriber or from a requirement by management to access data encrypted by the subscriber. [...] ------------------------------- CUT ---------------------------------- -- Surprising especially in view of the fact that the Patent and Trade Mark Offices acting as "Receiving Offices" in the PCT system are authorities which usually co-operate with the security branches of the government since the invention of the patent system ... At least they should have made a conceptual distinction between private keys for secure transmission and private keys for secure archive storage. I think this would make an important difference. Axel H Horns
