Yozons™ is proud that it invented the modern, advanced, web-based secure document delivery and electronic signature technology that has been widely adopted and licensed by the largest to our smallest competitors.
Our primary advantage is that users do not generate, maintain or keep secure encryption keys needed to securely transfer documents and/or optionally process electronic documents (i.e. applying electronic signatures, cryptographic hashes/message digests, encrypting, decrypting, etc.) among parties located anywhere in the world. Instead, the parties authenticate themselves to the server directly (not to each other) using various levels of trust, and the server ensures that documents are securely transferred and optionally appends electronic signatures or other cryptographic document processing on behalf of those parties.
This invention is protected by U.S. Patent No. 7,360,079 (3 independent claims, 42 dependent) and is assigned to Yozons. The provisional patent was filed on January 5, 2001. The patent application was filed January 4, 2002. The patent was issued on April 15, 2008, is assumed valid and is enforceable through 2022.
On May 17, 2012, the U.S. Patent Office re-confirmed the validity of all 45 claims of our '079 patent with no amendments. This, along with several patent licensees in multiple countries, demonstrates how strong the patent is. Eleven (11) companies have purchased a license to the patent, including two major electronic signature vendors; a PDF vendor; a PKI vendor in the U.K. that also performs server-centric signing with customers in the U.S.; a non-esign vendor that just happens to make use of esign for its mobile platform; as well as multiple other direct competitors.
Non-infringing technology providers -- including today's digitally signed e-mail (S/MIME), PGP/GPG, SSH/SCP/SFTP, and the MEGA file sharing system -- rely on a public key infrastructure (PKI) or similar system that requires communicating parties to generate their own keys, cryptographic hashes and/or digital signatures, and then transfer the public or shared symmetric keys to the other parties and/or have the public keys used be certified by another party who issues a digital certificate or otherwise vouches for the owner of the public key using a pre-established "chain of trust."
Users of such non-infringing technologies are able to securely communicate and apply digital signatures or cryptographic hashes directly with each other without the need for a server to handle it for them. Traditional PKI-based vendors, whose users have digital certificates and apply their digital signatures directly so as to maintain sole possession of their private keys, do not infringe; nor do vendors who do not process the documents on behalf of the users on the server; nor do vendors who do not employ any encryption or HTTPS/SSL to ensure secure document processing among its users. Of course the courts have upheld "lightweight contracting" by regular email, which also is not covered.
Other ways users can implement much of our patented technology without infringing is by deploying client-side certificates (PKI), or even non-PKI solutions like Transport Layer Security pre-shared key ciphersuites (TLS-PSK) or Transport layer security Secure Remote Password (TLS-SRP). Indeed, the courts have upheld the validity of simple email exchanges that express a clear contractual term of agreement expressed by the parties involved.
Yozons has reason to believe that every vendor and home-grown solution that does not employ user generated and controlled keys, key exchanges between users, user controlled encryption and/or cryptographic hashing for the purpose of securely processing documents on a server, and in which the server verifies the users rather than the users themselves, makes use of the teachings of this patent and must acquire a patent license to avoid infringement.
Nearly all secure document sharing and electronic signature web sites that employ HTTPS, with users verified by the server rather than directly with each other, and in which users do not share/exchange encryption keys with each other, likely infringe our patented invention. HTTPS makes use of PKI-based web server authentication to establish a secure communications channel between the server and the verified party/device, which is then followed by symmetric encryption for securely sending and receiving all documents and electronic signature requests using an encryption key solely between the web server and that party/device. This alleviates a huge obstacle found in a PKI in that parties only need to verify themselves with the server rather than verify every other party they communicate with, and allows the server to perform the electronic signature processing on behalf of its users. Non-infringing PKI/PGP/S-MIME instead provides the ability for users to securely communicate directly by encrypting the document/message using the recipient's public key, and to apply an electronic signature using the signing party's private key. Our invention instead uses a centralized server's HTTPS encryption to ensure secure document delivery between the server and each user as well as for the application of electronic signatures on behalf of each user so that the users do not have to exchange keys or verify each other's identity.
Prior to the Yozons invention, public key infrastructure (PKI) was the de facto, technical and legal standard worldwide for securing communications payloads and authenticating users. PKI remains a potent force in high security applications and in closed networks run by large corporations, governments and the military. Before the U.S. E-Sign Act, PKI was enshrined in various U.S. state electronic signature laws, and still is the legal standard per the EU's advanced electronic signature directive as well as other industry-specific uses. PKI is also a key component in technologies like S/MIME that is built into many email clients for the secure delivery and digital signing of email messages.
But the U.S. E-Sign Act changed the rules by removing the legal requirement for a PKI based on users' private keys with digital certificates verifying the users' identities and public keys.
Yozons created a simpler, more scalable, more easily adopted technology that incorporated PKI concepts into the server, allowing users to be dynamically authenticated in various ways (such as post business process verification, email-based authentication, password-protected transactions, centralized or distributed user login, and/or the use of other authentication systems such as those that use credit or other personal information databases) without users having to be pre-established or generate keys or acquire digital certificate credentials or exchange keys among the communicating parties before taking advantage of server-controlled processing of digital documents, including electronic signatures.
Most server-based document processing solutions, with optional electronic signatures, that reach outside a controlled network of pre-authorized parties are impractical in the United States if they rely on a PKI, digital certificates and/or user-managed keys. Fortunately, Yozons offers a reasonable, low cost royalty program of just 75 cents per signature so you don't have to. Preferred rates, including high volume discounts and paid-up licenses, to match your specific business needs are offered to those who acquire a license as a result of business negotiations done in good faith. Of course, those who license any of our Yozons technologies are already covered for those products.
Smart businesses negotiate and acquire one of our low-cost licenses and avoid legal battles that are high risk and expensive. As of 2014, Yozons finally finds itself in a position to begin enforcing its patent rights with legal counsel once it determines that attempts to negotiate a patent license have failed.
Please contact us for details about acquiring rights to use our patent in your products and services.
Yozons has licensed for our customers the full rights to DocuSign's U.S. Patent 6,289,460 for use in all of our electronic signature products and services. Subsequently, the USPTO cancelled claims 1-19 while allowing claim 20.