Much has been written recently about the case management system for the Unified Patent Court, both on this blog and elsewhere (Kluwer blog). However, as well as issues with identifying eIDAS providers who can meet the requirements of the UPC’s strong authentication system and also provide remote identification services, IPcopy notes that the “remote ID” solutions being offered involve requirements that potentially make them inaccessible or unusable for some people.
Having recently gone through the remote ID process with one of these providers, this blog notes that, while it may be relatively painless for most users, it may be unusable for some disabled people. The fallback identification options for the provider we used require either a face-to-face visit to their premises or the services of a notary. Such fallback options will add a layer of complexity and cost.
Earlier versions of the UPC website indicated that the strong authentication scheme was originally to be released mid-late September (Kluwer). The News section on the UPC website indicates that strong authentication functionality will be activated on 10 December.
One particular issue with the proposed strong authentication scheme has been the difficulty in identifying providers who can supply a smartcard or USB token that meets the requirements that the CMS has set out. The recent updates on the UPC website relating to the 2 month delay to the implementation timeline also included a link to eIDAS providers across Europe with details on whether they meet the CMS smartcard requirements. Only a handful of providers appear to both supply a compliant solution AND offer remote identification services.
The provider used by IPcopy to obtain their smartcard used a video identification process in which IPcopy was contacted via a video call on their smartphone and asked to confirm some information, display their ID document (note: there was no need to provide a notarised copy of the passport), have a screenshot taken and perform an action (which in our case was to move our hand, with splayed fingers, in front of our face). This last requirement was presumably to confirm to the person carrying out the identification that they were seeing a live image rather than a pre-recorded video. It is noted that the provider’s website indicated that the video identification should be done alone.
Although the above process should, apart from smartphone or connection issues, be relatively painless for most users, the specific requirements to be alone and to carry out an action potentially make the remote ID process inaccessible/unusable for some people.
It is noted that the fallback identification options for the provider above require either a trip abroad (from the UK) to visit the provider in person to allow face-to-face identification to take place or the use of a notary to (i) authenticate a copy of the ID document; (ii) to provide the copy with a certificate (apostille); and (iii) to carry out the authentication in the physical presence of the holder of the ID document. A quick search online (see Illustration 4 here) indicates that this process could add nearly £200 to the process of gaining smart authentication credentials.
The above issues will in turn affect the ability of a wide range of people to test the UPC CMS system in advance.
Some initial research by IPcopy indicates that a similar “to be alone” requirement exists for at least two of the other providers who offer remote ID.
The UPC Preparatory Committee should be keen to ensure that the UPC is seen as a good, well tested option and this is only possible if testing of the CMS (the core UPC on-line platform) is open to as many potential users as possible.
Therefore, in IPcopy’s view, the UPC should provide details of an authentication system for which everyone can obtain the necessary login credentials without undue burden.