Yozons™ is proud that it invented the modern, advanced, web-based secure document delivery and electronic signature technology that had been widely adopted and licensed by the largest to our smallest competitors.
Our primary advantage was that users did not need to generate, maintain or keep secure encryption keys needed to securely transfer documents and/or optionally process electronic documents (i.e. applying electronic signatures, cryptographic hashes/message digests, encrypting, decrypting, etc.) among parties located anywhere in the world. Instead, the parties authenticated themselves to the server directly (not to each other) using various levels of trust, and the server ensured that documents were securely transferred and optionally appended electronic signatures or other cryptographic document processing on behalf of those parties.
This invention was protected by U.S. Patent No. 7,360,079 (3 independent claims, 42 dependent) and was assigned to Yozons. The provisional patent was filed on January 5, 2001. The patent application was filed January 4, 2002. The patent was issued on April 15, 2008. The patent expired on April 15, 2020 and our invention is now available for all to use without a need for a license.
On May 17, 2012, the U.S. Patent Office re-confirmed the validity of all 45 claims of our '079 patent with no amendments. This, along with several patent licensees in multiple countries, demonstrated how strong the patent was. Eleven (11) companies have purchased a license to the patent, including two major electronic signature vendors; a PDF vendor; a PKI vendor in the U.K. that also performed server-centric signing with customers in the U.S.; a non-esign vendor that just happened to make use of esign for its mobile platform; as well as multiple other direct competitors.
Non-infringing technology providers -- including today's digitally signed e-mail (S/MIME), PGP/GPG, SSH/SCP/SFTP, and the MEGA file sharing system -- relied on a public key infrastructure (PKI) or similar system that required communicating parties to generate their own keys, cryptographic hashes and/or digital signatures, and then transfer the public or shared symmetric keys to the other parties and/or have the public keys used be certified by another party who issues a digital certificate or otherwise vouches for the owner of the public key using a pre-established "chain of trust."
Users of such non-infringing technologies were able to securely communicate and apply digital signatures or cryptographic hashes directly with each other without the need for a server to handle it for them. Traditional PKI-based vendors, whose users have digital certificates and apply their digital signatures directly so as to maintain sole possession of their private keys, did not infringe; nor did vendors who did not process the documents on behalf of the users on the server; nor did vendors who did not employ any encryption or HTTPS/SSL to ensure secure document processing among its users. Of course the courts have upheld "lightweight contracting" by regular email, which also was not covered.
Other ways users could implement much of our patented technology without infringing was by deploying client-side certificates (PKI), or even non-PKI solutions like Transport Layer Security pre-shared key ciphersuites (TLS-PSK) or Transport layer security Secure Remote Password (TLS-SRP). Indeed, the courts have upheld the validity of simple email exchanges that express a clear contractual term of agreement expressed by the parties involved.
Nearly all secure document sharing and electronic signature web sites that employed HTTPS, with users verified by the server rather than directly with each other, and in which users did not share/exchange encryption keys with each other, likely infringed our now expired patented invention. HTTPS makes use of PKI-based web server authentication to establish a secure communications channel between the server and the verified party/device, which is then followed by symmetric encryption for securely sending and receiving all documents and electronic signature requests using an encryption key solely between the web server and that party/device. This alleviated a huge obstacle found in a PKI in that parties only needed to verify themselves with the server rather than verify every other party they communicated with, and allowed the server to perform the electronic signature processing on behalf of its users. Non-infringing PKI/PGP/S-MIME instead provided the ability for users to securely communicate directly by encrypting the document/message using the recipient's public key, and to apply an electronic signature using the signing party's private key. Our invention instead used a centralized server's HTTPS encryption to ensure secure document delivery between the server and each user as well as server created and managed key pairs for the application of electronic signatures on behalf of each user so that the users did not have to exchange keys or verify each other's identity.
Prior to the Yozons invention, public key infrastructure (PKI) was the de facto, technical and legal standard worldwide for securing communications payloads and authenticating users. PKI remains a potent force in high security applications and in closed networks run by large corporations, governments and the military. Before the U.S. E-Sign Act, PKI was enshrined in various U.S. state electronic signature laws, and still is the legal standard per the EU's advanced electronic signature directive as well as other industry-specific uses. PKI is also a key component in technologies like S/MIME that is built into many email clients for the secure delivery and digital signing of email messages.
But the U.S. E-Sign Act changed the rules by removing the legal requirement for a PKI based on users' private keys with digital certificates verifying the users' identities and public keys.
Yozons created a simpler, more scalable, more easily adopted technology that incorporated PKI concepts into the server, allowing users to be dynamically authenticated in various ways (such as post business process verification, email-based authentication, password-protected transactions, centralized or distributed user login, and/or the use of other authentication systems such as those that use credit or other personal information databases) without users having to be pre-established or generate keys or acquire digital certificate credentials or exchange keys among the communicating parties before taking advantage of server-controlled processing of digital documents, including electronic signatures.
Most server-based document processing solutions, with optional electronic signatures, that reach outside a controlled network of pre-authorized parties are impractical in the United States if they rely on a PKI, digital certificates and/or user-managed keys. A license is no longer required for your products to benefit from our invention back in 2001.
Yozons previously licensed for our customers the full rights to DocuSign's U.S. Patent 6,289,460 for use in all of our electronic signature products and services. Subsequently, the USPTO cancelled claims 1-19 while allowing claim 20. What little remains of this patent's claims expired on December 6, 2019. All are free to use this patent that was never used outside of the long-defunct DocuTouch.