Skip to Content

Notice

Revised Procedure for Public Key Infrastructure Certificates

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

United States Patent and Trademark Office, Commerce.

ACTION:

Notice.

SUMMARY:

The United States Patent and Trademark Office (USPTO) published a notice on Legal Framework for Electronic Filing System-Web (EFS-Web) to set forth the current policy and procedure for using EFS-Web and to permit a holder of a public key infrastructure (PKI) certificate to designate a single employee of a contractor who may use the PKI certificate under the direction and control of the holder. The USPTO received many suggestions and inquiries from users of EFS-Web and the Patent Application Information Retrieval (PAIR) system. In response to the suggestions, the USPTO is expanding the procedure for PKI certificates to permit a holder of a PKI certificate to designate more than one employee to use the PKI certificate under the direction and control of the holder in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO.

DATES:

Effective Date: December 17, 2009.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Joni Y. Chang, Senior Legal Advisor, Office of Patent Legal Administration, Office of the Associate Commissioner for Patent Examination Policy, by telephone at 571-272-7720, or by mail addressed to: Mail Stop Comments Patents, Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.

Inquiries regarding EFS-Web and other USPTO information technology (IT) systems may be directed to the Patent Electronic Business Center (Patent EBC), by telephone: 1-866-217-9197 (toll-free) and 571-272-4100, or by e-mail: ebc@uspto.gov.

Inquiries regarding IT policy for U.S. national patent applications may be directed to Mark Polutta (571-272-7709), Senior Legal Advisor, Office of Patent Legal Administration.

Inquiries regarding IT policy for international patent applications may be directed to Tamara Graysay (571-272-6728), Special Program Examiner, Office of Patent Cooperation Treaty (PCT) Legal Administration.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Since October of 2000, the USPTO has been providing users of the USPTO electronic systems with PKI certificates free of charge to pro se inventors, registered patent practitioners and limited recognition practitioners who signed an agreement with the USPTO and have been approved for use of the systems. A PKI certificate holder enjoys many benefits including having the ability to file patent applications and follow-on documents in applications electronically via EFS-Web as a registered user, and retrieving e-Office actions and checking the status of an application electronically via Private PAIR. The USPTO published a notice on the Legal Framework for EFS-Web to set forth the current policy and procedure for using EFS-Web and to permit a holder of a PKI certificate to designate a single employee of the holder's organization, or a single employee of a contractor, who may use the PKI certificate under the direction and control of the holder. See Legal Framework for Electronic Filing System-Web (EFS-Web), 74 FR 55200 (October 27, 2009) (notice). The USPTO received many suggestions and inquiries from users of EFS-Web and PAIR on the usage of PKI certificates. In response to the suggestions, the USPTO is expanding the procedure for PKI certificates to permit a holder of a PKI certificate to designate more than one employee to use the PKI certificate under the direction and control of the holder in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. The designated employees should be paralegals or support staff of the certificate holder. Each designated employee must be either an employee of the holder's organization or an employee of a contractor. The PKI certificate holder and the designated employees may use the holder's PKI certificate concurrently. For example, a registered patent practitioner may file a patent application electronically via EFS-Web using his or her PKI certificate at the same time when one of the practitioner's paralegals files a follow-on document in another application electronically via EFS-Web, and another paralegal of the practitioner retrieves an e-Office action via Private PAIR, using the practitioner's PKI certificate under the direction and control of the practitioner. The revised procedure for PKI certificates will provide users more flexibility and meet users' needs for multiple concurrent usage of the USPTO electronic systems.

The revised procedure for PKI certificates is effective immediately upon the publication of this notice. The PKI subscriber agreement has been revised to permit a holder of a PKI certificate to designate more than one employee to use the PKI certificate under the direction and control of the holder in accordance with the PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. The Start Printed Page 66956revised PKI subscriber agreement (provided in section II of this notice and to be posted on the USPTO Web site) will apply to new PKI certificate holders who receive their PKI certificates on or after the publication date of this notice and current PKI certificate holders that continue to use their PKI certificates (includes any PKI certificate usage by their designated employees). The Legal Framework for EFS-Web published in the Federal Register (74 FR 55200) on October 27, 2009, will be revised in accordance with this notice and the revised version will also be posted on the USPTO Web site.

I. New Frequently Asked Questions Regarding PKI Certificates: The following are provided for further clarification of the procedure for PKI certificates and to address the inquiries that the USPTO has received:

1. Can current PKI certificate holders designate more than one employee without applying for a new PKI certificate or filing a newly signed certificate action form (PTO-2042)?

Answer: Yes, a new request for PKI certificate is not needed. Continued use of a PKI certificate after the publication of this notice will constitute agreement to the revised PKI subscriber agreement by the current PKI certificate holder. See section 9 of the PKI subscriber agreement. Therefore, a current PKI certificate holder may designate more than one employee immediately to use the holder's PKI certificate under the direction and control of the holder in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web.

2. What is the maximum number of employees that a PKI certificate holder may designate?

Answer: PKI certificate holders may only designate a reasonable number of employees for which he or she can maintain proper control. The PKI certificate holder is responsible for the usage by the designated employees who can only use the PKI certificate under the direction and control of the holder in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. The holder must take reasonable steps to ensure compliance with the requirements in the revised PKI subscriber agreement and the rules and policies of the USPTO. When a PKI certificate holder or one of the holder's designated employees electronically transmits a submission to the USPTO via EFS-Web using the holder's PKI certificate, the PKI certificate holder is presenting the information in the submission to the USPTO and making the certification under 37 CFR 11.18(b). Furthermore, the PKI certificate holder is not permitted to designate a person who is not an employee, and designated employees are not permitted to share the certificate with anyone else (e.g., a designated employee cannot designate another employee).

3. Can a PKI certificate holder designate employees of more than one contractor?

Answer: Yes, a PKI certificate holder may designate employees of more than one contractor as long as the PKI certificate holder maintains control of the PKI certificate usage and can ensure that the employees of the contractors are using the PKI certificate in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web.

4. Can multiple PKI certificate holders designate the same employee to use their certificates?

Answer: Yes, multiple PKI certificate holders may designate the same employee if the PKI certificate holders and the designated employee take reasonable steps to ensure that the designated employee uses the proper PKI certificate for each task in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. For example, if Holder Smith asked the designated employee to electronically submit a patent application via EFS-Web, the designated employee must use the PKI certificate of Holder Smith to submit the patent application, rather than a certificate of another holder who did not give the designated employee the direction to file the patent application.

5. Can a PKI certificate holder designate an employee that is not located in the same location?

Answer: Yes, a PKI certificate holder may designate an employee that is not located in the same location as long as the designated employee uses the PKI certificate under the direction and control of the holder in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web.

6. What should a PKI certificate holder do if one of his or her designated employees is leaving the holder's organization or the contractor's organization?

Answer: The PKI certificate holder must take reasonable steps to ensure that the employee does not continue to use the PKI certificate when the employee leaves the holder's organization or the contractor's organization or when the contractor is no longer a contractor to the holder.

7. Can a pro se inventor use his or her PKI certificate to file an application or document for another person or retrieve information regarding another person's application?

Answer: No, a pro se inventor cannot use (or permit someone else to use) his or her PKI certificate to file an application or document for another person, or retrieve information (e.g., an e-Office action or the status) regarding another person's application. A pro se inventor may use his or her PKI certificate to file his or her application or follow-on documents in his or her application that does not contain a power of attorney.

8. Can a PKI certificate holder designate a company that offers paralegal services to use the PKI certificate?

Answer: No, a PKI certificate holder cannot designate a company. A PKI certificate holder may only designate more than one employee of a contractor (or the organization of the holder) to use his or her certificate under the holder's direction and control in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web.

9. Can a PKI certificate holder designate an invention promotion company or an invention promoter to use the PKI certificate?

Answer: No, a PKI certificate holder is not permitted to designate an invention promotion company or an invention promoter to use the PKI certificate. A PKI certificate holder may only designate more than one employee of a contractor (or the organization of the holder) to use his or her certificate under the holder's direction and control in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. The designated employees should be paralegals or support staff of the holder's organization (or a contractor's organization). A PKI certificate holder must take reasonable steps to ensure that the PKI certificate is not being used in connection with the unauthorized practice before the USPTO in patent matters. See section 3 of the PKI subscriber agreement.

10. Can a registered patent practitioner who is a PKI certificate holder designate his or her client or a “foreign associate” (e.g., an attorney in another law firm) to use the PKI certificate?Start Printed Page 66957

Answer: No, a PKI certificate holder cannot designate his or her client, and cannot designate a “foreign associate” (e.g., an attorney in another law firm) who is not an employee of the certificate holder's organization and is not an employee of a contractor. A PKI certificate holder may only designate more than one employee of a contractor (or the organization of the holder) to use his or her certificate under the holder's direction and control in accordance with the revised PKI subscriber agreement and the rules and policies of the USPTO including the Legal Framework for EFS-Web. The designated employees should be paralegals or support staff of the certificate holder. Furthermore, if the “foreign associate” is located outside of the United States, it would be difficult for the holder to maintain control of the PKI certificate usage and ensure compliance with the rules and policies of the USPTO by a person located outside of the United States. In addition, accessing an application before the applicant has received a foreign filing license by a person located outside of the United States, or by a foreign national inside the United States, constitutes an export. The holder cannot permit the use of the PKI certificate in a manner that would violate or circumvent the Export Administration Regulations. See section 6 of the PKI subscriber agreement for more information.

11. Can a PKI certificate holder or a designated employee file a third party submission or a protest via EFS-Web using the PKI certificate?

Answer: No, the EFS-Web Legal Framework (section B2) specifically prohibits the filing of third party submissions and protests in patent applications via EFS-Web. The USPTO has a special screening procedure to ensure such documents are filed in compliance with 37 CFR 1.99 or 1.291 (in paper) before being entered into the application. See also 35 U.S.C. 122(c) and Manual of Patent Examining Procedure (MPEP) §§ 1134, 1134.01 and 1901.05. Filing such documents electronically via EFS-Web would be circumventing these rules and procedures and be a violation of the Legal Framework for EFS-Web and the revised PKI subscriber agreement. Such violation may cause the USPTO to revoke the PKI certificate and/or refer the PKI certificate holder to the Office of Enrollment and Discipline for appropriate action. Therefore, PKI certificate holders should take reasonable steps to ensure that their designated employees do not file third party submissions and protests via EFS-Web.

12. Can a designated employee continue to use the PKI certificate of a deceased holder?

Answer: No, all of the designated employees must stop using the PKI certificate of a deceased holder because designated employees only have the authority to use the PKI certificate under the direction and control of the holder. The USPTO will revoke the PKI certificate once the USPTO becomes aware that the holder is deceased.

13. Can a PKI certificate holder or his or her designated employees continue to use the PKI certificate after the holder is suspended from practice before the USPTO?

Answer: No, the PKI certificate holder and all of his or her designated employees must stop using the PKI certificate once the holder is suspended from practice before the USPTO. The USPTO will revoke the PKI certificate once the appropriate official in the USPTO becomes aware of the suspension.

II. Revised PKI Subscriber Agreement (November 2009): The following is the PKI Subscriber Agreement in effect as of December 17, 2009:

I request that the United States Patent and Trademark Office (USPTO) issue me a set of public key certificates (a digital signing certificate and an encryption) in accordance with conditions stated herein and as explained and governed by the EFS-Web Legal Framework. See e.g., Legal Framework for Electronic Filing System-Web (EFS-Web), 74 FR 55200 (October 27, 2009) (notice)). I have read and signed the Certificate Action Form [PTO Form-2042] requesting issuance of public key certificates to me for doing business with the USPTO.

I agree that my use and reliance on the USPTO public key certificates is subject to the terms and conditions set out below. By signing the Certificate Action Form [PTO Form-2042], I agree to the terms of this Subscriber Agreement and to the rules and policies of the USPTO including the EFS-Web Legal Framework.

1. Identification Information: I warrant that the information I submit, as corrected or updated by me periodically, is true and complete.

If any of the information contained in the Certificate Action Form [PTO Form-2042], changes, I agree to update my information within 10 working days via written communication sent to Mail Stop EBC, Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450. This includes loss of right to access a given customer number.

2. Protection of Keys: The USPTO will not have a copy of my private key corresponding to the public key contained in the digital signing certificate. I understand that the password I establish in the client software is my responsibility and that the password is unknown to the USPTO. Further, there is no mechanism for the USPTO to find the password. In the event of a lost password, as in the event of the loss of my private key, the USPTO can, at my request, recover only the private key corresponding to the public key contained in the confidentiality certificate and authorize the generation of a new digital signing public/private key pair.

(a) I agree to keep my password and private key confidential, and to take all reasonable measures to prevent the loss, unauthorized disclosure, modification or use of my password, and private key. I agree that I will be responsible for these items and that no unauthorized person will have access to them.

(b) I agree and acknowledge that, when the USPTO issues me the information permitting me to generate a certificate, the USPTO will keep a copy of my private key corresponding to the public key of my confidentiality certificate, and the USPTO will not disclose this key except with my consent, or where required by law.

(c) I agree to promptly notify the USPTO if my password or private key is lost, compromised or rendered insecure, or if the information contained in my certificate request, including address, e-mail address, or telephone number, has changed, or becomes otherwise incorrect or incomplete.

Each public key certificate includes the public key of a public/private key pair. The digital signing key pair is generated by the subscriber's personal computer when completing a certificate creation or recovery action via the Digital Certificate Management Web site and the public key becomes part of the digital signing certificate. Only the subscriber holds the private key corresponding to the public key contained in the digital signing certificate. Both the public and private keys of the confidentiality certificate will be generated by the USPTO Certificate Authority and sent via a secure channel to the subscriber. The USPTO Certificate Authority will hold a copy of the subscriber's private key corresponding to the public key contained in the confidentiality certificate in order to provide key recovery capability.

3. Acceptable Use or Reliance/Designation of Supervised Employee: I will use my USPTO certificates only for electronic communication with the USPTO (e.g., Private Patent Application Information Retrieval (Private PAIR) status inquiry, electronic filing, etc.) in compliance with the rules and policies of the USPTO (e.g., EFS-Web Legal Framework). I will use or rely on USPTO certificates only for securing communication with the USPTO, and will not encourage or permit anyone to use or rely on the certificates (other than the USPTO).

I may designate more than one employee to use my USPTO certificates under my direction and control in accordance with this subscriber agreement and the rules and policies of the USPTO including the EFS-Web Legal Framework. Each designated employee must only be either an employee of my organization or an employee of a contractor. Each designated employee will use or rely on granted USPTO certificates only for communication with the USPTO in Start Printed Page 66958compliance with the rules and policies of the USPTO and will not encourage or permit anyone to use or rely on the certificates (other than the USPTO).

I understand that I am responsible for each designated employee's use of the USPTO certificates. I will take reasonable steps to ensure compliance of the requirements set forth in this agreement by each designated employee, including the restrictions on the software use in section 5 and the restrictions on the export (including deemed export) of technology and software included in patent applications in section 6. If a designated employee is not a U.S. citizen, I understand that the designated employee's access to the technology and software constitutes an export. See section 6 of this agreement.

I agree not to use or permit the use of my USPTO certificates in connection with the unauthorized practice of law. For example, I will not grant permission to an invention promotion company or an invention promoter to use my USPTO certificates. I also understand that if I am a practitioner, violations of the USPTO ethics rules set forth in Parts 10 and 11 of 37 CFR may subject me to disciplinary action. If I have been granted limited recognition by the Office, I agree not to use the digital certificate beyond the limits of the rights I have been granted.

I understand that my USPTO certificates will be used to access records and systems on a U.S. Government computer system and that unauthorized use or use beyond the purpose authorized may subject me to criminal penalties under U.S. Law and/or disciplinary action.

4. Revocation of Certificates: The USPTO may revoke my certificates at any time without prior notice if:

(a) Any of the information I supply in my certificate request changes;

(b) The USPTO knows or suspects that my private key has been compromised;

(c) The private key of the issuing USPTO Certificate Authority has been compromised;

(d) The signing certificate of the issuing USPTO Certificate Authority is revoked;

(e) I fail to comply with my obligations under this Agreement or the rules or policies of the USPTO, including the EFS-Web Legal Framework; or

(f) For any other reason the USPTO deems necessary.

The USPTO will promptly notify me of the revocation. Such revocation does not affect the authenticity of a transmission made or a message I digitally signed before certificate revocation.

I may surrender my certificates at any time by written submission to the USPTO at:

Certificate Services Request, U.S. Patent and Trademark Office, Mail Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.

5. Software use: I agree to honor (and to make sure that each designated employee will honor) any applicable copyright, patent, or license agreements with respect to any software provided to me by the USPTO, and will not (and will make sure that each designated employee will not) tamper with, alter, destroy, modify, reverse engineer, or decompile such software in any way. I agree not to use (and agree to make sure that each designated employee will not use) the software for any purpose other than communication with the USPTO.

6. Restrictions on the Export (Including Deemed Export) of Technology and Software Included in Patent Applications: I understand that technology and software included in unpublished patent applications may be subject to export controls set out in the Export Administration Regulations (15 CFR parts 730-774). Access to such technology and software by any person located outside the United States or by a foreign national inside the United States constitutes an export that may require a license from the U.S. Commerce Department's Bureau of Industry and Security (“BIS”). I agree not to use (and to make sure that each designated employee will not use) or permit the use of the USPTO certificate in a manner that would violate or circumvent the Export Administration Regulations.

Information regarding U.S. export controls and their application to technology and software included in patent applications is available from BIS. Please see BIS's Web site, available at http://www.bis.doc.gov, or contact BIS's Office of Exporter Services at 202-482-4811.

7. Availability: I understand that the USPTO does not warrant or represent 100% availability of the USPTO Public Key Infrastructure services due to system maintenance, repair, or events outside the control of the USPTO. Information regarding scheduled downtime, if known, will appear on the USPTO Electronic Business Center Web site. Any delays caused by downtime must be addressed through the ordinary petition process.

8. Term of Agreement: This Agreement may be terminated by either party upon proper notice. In the case of a termination by the USPTO, notice may be provided by any reasonable means, including a posting on the USPTO Web site.

9. General: If any provision of this Agreement is declared by a court to be invalid, illegal, or unenforceable, all other provisions shall remain in full force and effect.

The USPTO reserves the right to refuse to issue certificates. The USPTO reserves the right to cancel this program at any time. Modifications to this agreement will be posted on the USPTO Web site at http://www.uspto.gov/​ebc/​efs. Continued use of the system after posting will constitute agreement to the updated terms.

10. Requests: Requests for issuance of certificates, revocation of certificates or key recovery shall be sent to the USPTO Registration Authority at:

Certificate Services Request, U.S. Patent and Trademark Office, Mail Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.

11. Dispute Resolution and Governing Law: This Agreement shall be governed by and construed in accordance with the laws of the United States of America.

III. Additional Information: The USPTO appreciates the suggestions and inquiries from users. The USPTO will continue to provide clarifications, answers to frequently asked questions, and other helpful information on the USPTO Web site. Users are encouraged to check the USPTO Web site for more information and contact the Patent Electronic Business Center for questions related to the usage of PKI certificates or USPTO electronic systems.

Start Signature

Dated: December 11, 2009.

David J. Kappos,

Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office.

End Signature End Supplemental Information

[FR Doc. E9-30026 Filed 12-16-09; 8:45 am]

BILLING CODE 3510-16-P