Electronic Signatures and Authentication


(Photo credits: Viernest)

Doing business on the Internet requires two basic things to actually work: (1) legal legitimacy, and (2) trust in the identity of the other party which you want to deal with. 

It is hard to imagine nowadays anyone questioning the legitimacy of an online transaction on the basis of not having any physical being, but things were not always like this and many people used to argue that you cannot execute a contract online. In some places the courts rules that online transactions were equivalent to any other transaction if the legal fundamentals of it were satisfied (offer, acceptance, consideration, and intention to create legal relationship), however some other places did not. Eventually, all countries had to pass some sort of e-commerce legislation to ensure to everyone that a transaction will not be deemed void for the mere fact that it was conducted online. In Oman, this legitimacy was granted through Chapter 3 of the Electronic Transactions Law which simply says that the offer and acceptance of a contract will be deemed valid even if communicated online.  Chapter 2 of the same law gives digital documents the legitimacy of written document for all legal purposes as long as it is saved in the same manner in which it was created, sent, or received and as long as it can be retrieved back and can be used in a way that identifies its source and date it was sent or received.

Electronics signatures and authentication are related to the second fundamental requirement for e-commerce: identification of individuals electronically. Some laws distinguish between two types of electronic signatures, a basic electronic signature and an advanced electronic signature. A basic electronic signature is any identification method attached to a message to associate it with a certain individual in a distinguishable manner from others. This could be anything from typing your name below your message to scanning a copy of your hardwritten signature and attaching it to your email. Advanced electronic signatures are messages authenticated by a third party through stricted security system. Many legal systems do not make a distiction between these two forms in definition, but obviously in practice it is more logical to rely on an advanced electronic signature, yet a basic signature would not fail as a proof in court for just being so.

The issue of identification and advanced electronic signatures are not used by consuers as signatures per se, but are used to verify the authencity of commercial websites. Whenever you see a ‘lock’ sign in your browser this means that the website owner can be verified through a verification agency. If you click on it you should be able to check at the agency’s website the name and address of the business and when their identification certificate was made and when it will expire. The most famous authentication agency is Verisign. 

Of course, this certificate will not mean anything to you if you do not know or trust the website that actually issues it. This is why many countries regulate the industyr of online authentication and specify specific rules for practicing in this field. However, in places like the UK, this is a self regulated industry and the governmetn does not intervene. In Oman, the ITA is the government body responsible for regulating and licensing authentication agencies. This is illustrated in chapters 5 and 6 of the Electronic Transactions Law (69/2008).

Invention Patents in Europe


(Photo credits: telethon)

Patents are monopoly rights for a certain period of time given by a state to those who create qualifying inventions in return of their disclosure to the public of the details of their inventions. 

This means that if you make an invention which you would like to sell and at the same time make sure that nobody else copies this invention you made, you will have to apply for a patent. The patent will usually grant you a maximum of 20 years to stop others from copying your invention. After these 20 years your patent will become public domain and anyone will be able to manufacture it without paying you any royalties or licensing fees. 

Patents grant a monopoly right only in the jurisdiction in which the patent was registered in. You will have to register in each country on its own if you wish to execrise your monopoly right in that country. This post will only talk about the patent system in Europe as the law differs from one jurisdiction to the other. I will talk about the US and Japan in later posts. (Oman’s law is very similar to American law, so I will talk about it in that post).

In the field of technology you can get a patent for a product, a manufacturing method, or a method to create a specific product. It is also possible to get a patent in certain circumates for a computer program.

There are currently two methods for getting a patent in Europe, the first is by going to each country on its own and registering for a national patent, the second is by going to the European Patent Office (EPO) and apply for a bundle of patents for all the member countries of the European Patent Convention. It is worth mentioning that this is NOT an EU intiative and it goes beyond the members of the EU. Getting your patent from the EPO is cheaper than going to all the European countries. An EPO patent is not a *super* European Patent, but a bundle of national patents from all the members. This means that once you patent is issued, if a national court decides that your patent is invalid for any reason then you patent will be invalid in that one country by itself and will not affect the validity of the patent in other places. This is pretty messed up, but because of the lack of a higher court of appeal to take care of European Patent, the industy will like to keep the current system as it is less risky than one which has a super European patent.

So what do you have to do to get a European patent from the EPO?  You simply have to fill a patent application and submit it to the EPO. However, for your patent to be granted, your creation must satisfy the requirements of the European Patent Convention (EPC), namely:

  1. It must be an invention.
  2. It must be novel.
  3. It must have required an inventive step to make.
  4. It must be industrially applicable.

We will go through these one by one:

Your creation must be an invention: The EPC does not define an invention but says that a patent may be granted for any invention in all fields of technology. However, explicity exludes inventions such as absolute theories, mathematical methods, aesthetic creations, mental acts, and mere presentation of information. The EPC also excludes inventions that contravene the public order, methods for treating the humn or animal body (methods – not products), and plan or animal varieties.

The requirement for an invention is usually not problematic, except for the fact that one of the exceptions under Art 52(2) is computer programs. The stance of the law in Europe regarding this is not clear, but I personally understand it as follows, if an invention is a pure computer application that has no novel tangible aspect then it will not be patented, however, if a computer program has some tangible aspect that extends beyound the code, then it will be patented. For example, a word processing application does not create by itself have a tangible aspect, but a program that affects the brightness of the screen depending on the time of the day has that tangible aspect. DO NOT CITE ME ON THIS, THIS IS MY PERSONAL OPINION AND I CANNOT BE BOTHERED TO DIG UP THE CASES/DECISIONS THAT SUPPORT MY OPINION AT THIS MOMENT.

The second requirement for the patent is to be novel. This is a quantitative absolute test that requires the patent to be a new. Art 54 of the EPC says that an invention is considered new if it does not form part of the state of the art.  This simply means that your invention is not like anything we have seen before the date the priority date (first filing date). This is an important because it requires the inventor NOT to disclose the functional details of his invention to the public before he files his patent application, if the information is already in the public, then the patent application will fail.

The novel will not be satisfied if a single disclosure in the relevant industry field (the fact that people from an irrelvent industyr know about it does not invalidate it) has a clear and unmistakable disclosure (the fact that it had to be *figured* out does not invalidate it) his made available  (it will be invalidated by making it available, no need to actually be seen or read) to a skilled a person (if the only person who heard or saw it did not understand what you were talking about then that will not invalidate it). 

The EPC provides an exception when the information was disclosed through an act of breach of confidence, or if the information was disclosed in an official international exhibition, if any of these two happen, the inveotor has six months from that date to make his application for that action not to invalidate his patent.

The requirement for an inventive step: This is a qualitative test. I think of it as the “It must be good enough to be protected” test. The patent will only be granted for inventiosn which are not obvious to a person skilled in the specific industry. If the invention is new, but it was an obvious progression from existing technology then it will not be protected.

Deciding whether an invention involved an inventive step requires the analysis of this step at the priority date, this is problematic because the patent examiner usaully looks at a patent months or even years after the patent was actually filed. So he must disregard all technological advancements that took place throughout that time and decide where there was an inventive step at the priority date. It is usually very easy to say in hindsight that any invention was obvious, so the EPO attempts to use a test called the ‘Problem and Solution Test”, which tries to envision the problem the invention tries to solve and see if this solution has an inventive step.

The problem and solution test consists of the following:

  1.  Indetifying the closest prior art.
  2. Determining the objective technical problem (the technical problem which the invention attempts to solve).
  3. examining whether or not the claimed solution to the problem is obvious for a skilled person in view of the state of the art.
An examiner will also look at secondary considerations IF he is not sure about the answer to the question 3 of the problem and solution test. These secondary considerations include a ‘long felt need’, ‘commercial success’, and ‘unexpected technical effect’. Secondary considerations will not rescue an invention that is obvious, but will be useful in close cases and those in doubt.

The invention must be industrially applicable: This is a requirement that is never unsatisfied because industry is defined as any industry (including agriculture – which is apparently not considered as an industry in France). But anyway, the requirement will only fail for inventions which are impossible to make.

Domain Names and Trademarks

There is an ever increasing number of domain name disputes relating to trademask, mostly because of incompatibility of these two systems.

What are Domain Names and Who Regulates Them?

Domain names are friendly shortcuts to web addresses, each website is actually located at an IP address made up of a string of numbers. The domain name system makes it easier to remember website addresses so that we can visit them later. There are two main types of domain names, those that end up with generic Top Level Domains (gTLDs) such as .com, .net, and .org, and those that end up with country code Top Level Domains (ccTLDs) such as .uk, .jp, and .ca.

gTLDs are regulated by an entity called ICANN (the Internet  Corporation for Assigned Names and Numbers). This is a non-profit corporation that has a contract with the Department of Commerce of the USA to regulate gTLDs. It’s supposed to *achieve global representation* of the internet community, but in practice the US government has a strong influence in it. ICANN has the ultimate control over gTLDs, it does not deal with the public directly in regard to domain names, but instead signs up registerars who them sell domain names to the public.

ccTLDs on the other hard are each regualted in a different manner depending on the country that owns the ccTLD, in the UK for example, a non-profit company named Nominet – which again, does not sell domain names directly, but instead signs up registrars who sell them. However, not all ccTLDs are handled the same way, some countries regulate and sell them through the same entity. In Oman, OmanTel used to regulate and sell them, however, the TRA is now responsible for regulating the .OM ccTLD and will soon start accepting registrars to sell domain names to the public.

What are Trademarks and What is Their Problem with Domain Names?

A registered trademark gives the right to its owner to stop people from using the same trademark on their goods. This is a state given right maid in essence to help consumers identify goods made by a certain seller.

A domain name is not a trademark, but it is a sign and a label which can be used as a trademark and its usage can in certain circumstances quailfy as a trademark infringement.

The link between the domain names and trademarks are obvious, but there is a conflict that makes this difficult, and that is the fact that trademarks are not absolute monopolies for the use of the term as the sytem allows different people to register the same trademark for two different business.  For example, the trademakr Vista might be registered by Microsoft for computer equipment and computer software, and registered at the same time by someone else as Vista for selling eye health products. This is legal in most jursdictions around the world, but has some restrictions where the use of a similar sign on an unconnected product might confuse the public to the source, or where the use of a trademark might harm or dilute the reputation or power of the trademark.

The fact that more than one person may be legally allowed to use the same trademark does not work well with domain names because only one person can register the same domain name all over the world. There is only one Vista.com, so who has the right to it?

If two people own the same trademark, usually the first person to register the domain name has the right to use it. However, there are cases when people who do not have the right to the domain name buy it, several of these incidents are described by the term below:

  1. Domain Name Squatting – This happens when someone buys a domain name in bad faith to take advantage of a trademark, either by attempting to sell it to the rightful owner later or to gain profit by advertising or attracting misled constumers to his website.
  2. Domain Name Typo Squatting – This happens when someone buys a domain name that contains a commonly mispelt version of a trademark (For example: Gooogle.com instead of Google) and then uses it in bad faith.
ICANN has a procedure called “Uniform Domain Name Dispute Resolution Policy” (UDRP)  which all of its registrars are forced by contract to submit to in the following case:
  1. A domain name is identical or confusingly similar to a trademark in which a complainant has rights.
  2. the current registrant has no rights or legitimate interests in respect of the domain name; and
  3. the domain name has been registered and is being used in bad faith.
If all of these conditions are satisfied then the domain may be transferred to the complainant. This procedure is supposed to be a quicker and cheaper that traditional litigation. Most ccTLD registries follow a very similar procedure to the UDRP.