1. Introduction
The Security Policy for the integration of IP Author with Chat GPT (Generative Pre-trained Transformer) technology has been meticulously designed to establish a robust framework that ensures the utmost confidentiality, integrity, and availability of sensitive data while utilizing this tool. This policy serves as a comprehensive guide for all stakeholders, including developers, administrators, and end-users, to adhere to the highest security standards and protect the tool and the data it processes.
IP Author, developed by Dolcera Corporation, stands as a flagship patent drafting tool designed to serve patent law firms and corporations globally. Leveraging the cutting-edge capabilities of AI-powered Robotic Patent Drafting Service using ChatGPT technology, IP Author embodies Dolcera’s years of experience and profound understanding of the challenges faced by patent prosecution attorneys. This groundbreaking tool empowers attorneys to expedite the creation of provisional applications while upholding the most stringent standards of quality.
Through the power of advanced AI technology, IP Author streamlines the drafting process, delivering significant time and resource savings for our esteemed clients. Utilizing iterative interactions, our tool generates compelling and accurate claim language, thereby ensuring the creation of robust patent applications. Moreover, IP Author provides comprehensive support for invention illustrations and prior art references, further enhancing the overall patent drafting experience.
At Dolcera, we are deeply committed to innovation and excellence. This unwavering dedication drives us to continuously enhance IP Author with the latest advancements in artificial intelligence and natural language processing, reaffirming our commitment to delivering exceptional tools and services to our valued clients.
The key offering of IP Author includes:
- Generating patent claims
- Generating concise background and description of the invention
- Prior-art references
2. Data Flow of IP Author
Within this interactive system, the IP Author gathers user inputs and conveys them to ChatGPT.ChatGPT’s algorithms analyze the contextto produce relevant responses. The IP Author then presents these outputs in a refined and understandable manner. This collaboration between human expertise and AI proficiency ensuresa seamless and satisfying user experience.
AWS
IP Author runs on private cloud and Amazon AWS. To check Amazon AWS data security and compliance policies, please visit: https://aws.amazon.com/privacy/
3. Asset Management
- Asset Protection – Dolcera places utmost importance on the protection of customer data, adhering strictly to its agreement with customers and established policies. All customer data is securely housed within the confines of AWS’s US-based Data Centers, ensuring enhanced redundancy and reliability. Currently, customers do not have the option to choose the storage location of their data.
- The following categories of customer data are stored at rest in a dedicated data center:
- Customer Credentials – Including usernames, email ids, and passwords.
- Patent Data – Comprising inputs utilized by IP Author and the outputs generated from it
- These data sets are stored on AWS servers and are safeguarded in accordance with AWS’s robust Data Protection Rules, ensuring compliance and stringent security measures.
- Asset Monitoring – Dolcera diligently monitors and analyzes the security status of its corporate and production infrastructure, maintaining a comprehensive overview. However, access to Patent Data (Inputs and Outputs in IP Author) is restricted solely to instances where customers specifically request assistance with application issues. The Patent Data is stored in encrypted form on AWS servers, and access is limited to Dolcera’s IT Admin, who accesses the data only upon customer request.
- Access to user data is rigorously controlled, restricted exclusively to authorized IT Admin personnel responsible for their designated roles. Stringent access controls and authentication mechanisms are enforced to prevent any unauthorized access, disclosure, or tampering with the data.
- Asset Disposal – As part of foundational security controls, Dolcera encrypts customer data by default. Upon explicit customer requests, both Customer and Patent data will be securely deleted from our databases. In the absence of such requests, the data will be retained on our AWS servers for a minimum of three years or until server repurposing becomes necessary.
- To ensure data integrity, we implement daily backups of all existing data. In the event of contingencies resulting in data loss, restoration from the previous day’s backup will be promptly executed in accordance with our established software policy.
4. Data Usage - Fair Policy
- Data Collection – Dolcera gathers specific user information based on the following criteria:
- Email ID: This is collected for user authentication purposes.
- Website Cookies: Functional cookies are utilized to maintain the login session for a duration of 8 hours. It’s important to note that Dolcera solely employs Functional cookies, which exclusively collect and store anonymized data such as session identifiers and user preferences. No personally identifiable information (PII) or sensitive data is ever stored or transmitted through these cookies.
- Users retain the freedom to control and manage their cookie preferences via their web browser settings. While they can choose to block or delete functional cookies, it is crucial to understand that doing so may impact certain functionalities of IP Author.
- To maintain a secure environment and protect user data, Dolcera strictly prohibits the usage of third-party cookies or any external entities to access or place functional cookies on our website. This ensures that user data remains confined within our controlled environment, mitigating potential security risks.
- To further reinforce data security, robust measures, including encryption, access controls, and routine system audits, are employed to safeguard the information collected through functional cookies. These protocols effectively prevent unauthorized access, data breaches, and any misuse of data.
- Tracking Technologies: Dolcera refrains from utilizing any tracking technologies, such as web beacons or similar mechanisms, that might monitor, collect, or store personal information about website visitors or users. Upholding our unwavering commitment to data privacy, your online information remains entirely anonymous and untracked while interacting with IP Author.
- Third-Party Data Collection: Dolcera explicitly abstains from collecting any user information from third parties, nor do we share user data with external organizations. Moreover, Dolcera strictly prohibits any external entities from utilizing tracking technologies on IP Author, ensuring your data remains protected within our controlled environment, untouched by external risks.
- Confidentiality Assurance: Rest assured, Dolcera will never share, trade, or disclose your data for marketing or any other commercial purposes, further reaffirming our dedication to upholding your data privacy and security.
5. User Management - Identity, Authentication and Access Management
- User Authentication: Access to the backend systems of ipauthor.com is meticulously restricted to authorized administrators. Users gain access to the tool by providing a unique email ID and password. Administrators possess the necessary privileges to access server data and responsibly monitor data in the event of application-related issues. Every access instance is meticulously logged and subject to audit as needed, ensuring accountability and transparency.
- Data Usage: Dolcera strictly employs customer data solely to deliver the agreed-upon services and purposes that align with providing those services. Rest assured, we do not share your data with advertiser-supported services nor engage in data mining for marketing or advertising purposes. In the event of discontinuation of service usage, we take the necessary steps to ensure the continuous ownership and privacy of your data. Users retain the option to opt-out from data sharing immediately or, by default, their data will be automatically deleted 30 days after project completion.
- Profile Information: Beyond the aforementioned email ID, we refrain from collecting any other user information. The profile information shared is exclusively used for access purposes and no other intentions.
- Encryption: To bolster data security, we employ the built-in encryption functionalities provided by AWS, ensuring comprehensive protection of data both at rest and during transmission. Leveraging the AWS Key Management Service (KMS), we encrypt data across AWS workloads, employ digital signatures, facilitate encryption within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs). For further details, refer to the link to AWS KMS provided below.
- Password Policies: Users are actively encouraged to create strong passwords and regularly update them. All passwords are encrypted and securely stored in our database. For authorization purposes, we rely on auth0.com (Auth), a trusted authentication service.
- User Training: Upholding a proactive approach to security, all users will receive comprehensive training on security best practices, fostering awareness regarding potential threats such as phishing and social engineering attacks. Empowering users with knowledge contributes significantly to a secure digital environment.
6. Data Security
- Data Storage: Our software relies on the secure infrastructure provided by Amazon AWS to store all data. AWS ensures robust data protection through encryption both at rest and in transit, bolstering the security of your information. In addition, AWS meticulously enforces least privilege access controls, limiting data access to authorized personnel only. To further ensure data integrity, regular backups are conducted, safeguarding against potential data loss or corruption. In the event of any incidents, AWS follows well-defined incident response procedures to address and mitigate any security issues promptly.
- For more detailed information on AWS’s comprehensive Data Security policy, please refer to the following link: AWS Data Security Policy.
7. Incident Management
- Incident Reporting and Management: In the event of an incident, users can promptly report it through IP Author’s dedicated service desk contact number or email ID. Our specialized incident management team, consisting of highly skilled experts, will then undertake a comprehensive investigation and analysis of the reported incident. Necessary steps will be taken promptly to mitigate any potential impact.
- Investigation Procedure: The IT lead will spearhead the investigation of the information security incident. To ensure a thorough and effective investigation, the IT lead holds the authority to restrict information system access or operations temporarily, as a precautionary measure against unauthorized information disclosures. As part of the investigation process, the IT lead may convene a preliminary fact-finding working group, comprising relevant business and technical personnel.
- If the IT lead uncovers indications of potential violations of applicable federal or state laws or regulations, appropriate management will be informed, and law enforcement agencies will be notified, if deemed necessary.
- Furthermore, if the investigation reveals the possibility of unauthorized access to restricted, prohibited, or sensitive information, management will assemble an information security incident response team to address the situation.
- In instances where the IT lead identifies deviations from assigned tasks or non-compliance with organizational rules and policies by an employee, the employee’s manager and the CEO will be notified. If an investigation into the matter ensues, the IT lead will fully cooperate with the employee’s manager and/or Dolcera’s Human Resources group to facilitate the investigation, ensuring appropriate corrective or disciplinary action, if deemed necessary.
- Information Security Incident Response Team (ISIRT): Upon receiving relevant information from the IT lead and in close collaboration with the management, the CEO will orchestrate the formation of the Information Security Incident Response Team (ISIRT). This specialized team, under the guidance of the CEO, will be entrusted with developing a comprehensive Information Security Incident Response Plan (Plan).
- The primary objectives of the ISIRT are as follows:
- Develop and execute well-defined communication and action plans to ensure prompt and appropriate responses to the Information Security Incident. This includes adherence to reporting, notification, and communication requirements as mandated by applicable laws or deemed suitable in the circumstances.
- Provide periodic progress reports on the Information Security Incident and the effective implementation of the response plan.
- In fulfilling its mandate, the ISIRT will be diligent in elevating crucial operational decisions to the relevant organizational levels, safeguarding the core interests of Dolcera and all stakeholders impacted by the incident. Moreover, the IT lead will be accountable for meticulously documenting the ISIRT’s discussions, decisions, and all subsequent actions taken in accordance with those deliberations.
8. Network Security
- The IP Author application and its associated components are deployed within an Amazon Web Services (AWS) Virtual Private Cloud (VPC).
- This VPC is thoughtfully designed with a segregation of private and public subnets, ensuring that sensitive components remain isolated from the public internet.
- To guarantee the utmost security and privacy, all data transmitted between client and application servers, as well as databases, is safeguarded through SSL/TLS encryption protocols.
- Our SSL certificates are subject to regular updates and automatic renewals, maintaining a robust security posture at all times.
- As a fundamental measure to protect sensitive data, particularly user data, we employ AWS Key Management Service (KMS) for encryption at rest, adding an extra layer of security to safeguard the confidentiality of the information.