[Federal Register Volume 74, Number 241 (Thursday, December 17, 2009)]
[Notices]
[Pages 66955-66958]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-30026]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
Patent and Trademark Office
[Docket No. PTO-P-2009-0055]
Revised Procedure for Public Key Infrastructure Certificates
AGENCY: United States Patent and Trademark Office, Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The United States Patent and Trademark Office (USPTO)
published a notice on Legal Framework for Electronic Filing System-Web
(EFS-Web) to set forth the current policy and procedure for using EFS-
Web and to permit a holder of a public key infrastructure (PKI)
certificate to designate a single employee of a contractor who may use
the PKI certificate under the direction and control of the holder. The
USPTO received many suggestions and inquiries from users of EFS-Web and
the Patent Application Information Retrieval (PAIR) system. In response
to the suggestions, the USPTO is expanding the procedure for PKI
certificates to permit a holder of a PKI certificate to designate more
than one employee to use the PKI certificate under the direction and
control of the holder in accordance with the revised PKI subscriber
agreement and the rules and policies of the USPTO.
DATES: Effective Date: December 17, 2009.
FOR FURTHER INFORMATION CONTACT: Joni Y. Chang, Senior Legal Advisor,
Office of Patent Legal Administration, Office of the Associate
Commissioner for Patent Examination Policy, by telephone at 571-272-
7720, or by mail addressed to: Mail Stop Comments Patents, Commissioner
for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
Inquiries regarding EFS-Web and other USPTO information technology
(IT) systems may be directed to the Patent Electronic Business Center
(Patent EBC), by telephone: 1-866-217-9197 (toll-free) and 571-272-
4100, or by e-mail: [email protected].
Inquiries regarding IT policy for U.S. national patent applications
may be directed to Mark Polutta (571-272-7709), Senior Legal Advisor,
Office of Patent Legal Administration.
Inquiries regarding IT policy for international patent applications
may be directed to Tamara Graysay (571-272-6728), Special Program
Examiner, Office of Patent Cooperation Treaty (PCT) Legal
Administration.
SUPPLEMENTARY INFORMATION: Since October of 2000, the USPTO has been
providing users of the USPTO electronic systems with PKI certificates
free of charge to pro se inventors, registered patent practitioners and
limited recognition practitioners who signed an agreement with the
USPTO and have been approved for use of the systems. A PKI certificate
holder enjoys many benefits including having the ability to file patent
applications and follow-on documents in applications electronically via
EFS-Web as a registered user, and retrieving e-Office actions and
checking the status of an application electronically via Private PAIR.
The USPTO published a notice on the Legal Framework for EFS-Web to set
forth the current policy and procedure for using EFS-Web and to permit
a holder of a PKI certificate to designate a single employee of the
holder's organization, or a single employee of a contractor, who may
use the PKI certificate under the direction and control of the holder.
See Legal Framework for Electronic Filing System-Web (EFS-Web), 74 FR
55200 (October 27, 2009) (notice). The USPTO received many suggestions
and inquiries from users of EFS-Web and PAIR on the usage of PKI
certificates. In response to the suggestions, the USPTO is expanding
the procedure for PKI certificates to permit a holder of a PKI
certificate to designate more than one employee to use the PKI
certificate under the direction and control of the holder in accordance
with the revised PKI subscriber agreement and the rules and policies of
the USPTO including the Legal Framework for EFS-Web. The designated
employees should be paralegals or support staff of the certificate
holder. Each designated employee must be either an employee of the
holder's organization or an employee of a contractor. The PKI
certificate holder and the designated employees may use the holder's
PKI certificate concurrently. For example, a registered patent
practitioner may file a patent application electronically via EFS-Web
using his or her PKI certificate at the same time when one of the
practitioner's paralegals files a follow-on document in another
application electronically via EFS-Web, and another paralegal of the
practitioner retrieves an e-Office action via Private PAIR, using the
practitioner's PKI certificate under the direction and control of the
practitioner. The revised procedure for PKI certificates will provide
users more flexibility and meet users' needs for multiple concurrent
usage of the USPTO electronic systems.
The revised procedure for PKI certificates is effective immediately
upon the publication of this notice. The PKI subscriber agreement has
been revised to permit a holder of a PKI certificate to designate more
than one employee to use the PKI certificate under the direction and
control of the holder in accordance with the PKI subscriber agreement
and the rules and policies of the USPTO including the Legal Framework
for EFS-Web. The
[[Page 66956]]
revised PKI subscriber agreement (provided in section II of this notice
and to be posted on the USPTO Web site) will apply to new PKI
certificate holders who receive their PKI certificates on or after the
publication date of this notice and current PKI certificate holders
that continue to use their PKI certificates (includes any PKI
certificate usage by their designated employees). The Legal Framework
for EFS-Web published in the Federal Register (74 FR 55200) on October
27, 2009, will be revised in accordance with this notice and the
revised version will also be posted on the USPTO Web site.
I. New Frequently Asked Questions Regarding PKI Certificates: The
following are provided for further clarification of the procedure for
PKI certificates and to address the inquiries that the USPTO has
received:
1. Can current PKI certificate holders designate more than one
employee without applying for a new PKI certificate or filing a newly
signed certificate action form (PTO-2042)?
Answer: Yes, a new request for PKI certificate is not needed.
Continued use of a PKI certificate after the publication of this notice
will constitute agreement to the revised PKI subscriber agreement by
the current PKI certificate holder. See section 9 of the PKI subscriber
agreement. Therefore, a current PKI certificate holder may designate
more than one employee immediately to use the holder's PKI certificate
under the direction and control of the holder in accordance with the
revised PKI subscriber agreement and the rules and policies of the
USPTO including the Legal Framework for EFS-Web.
2. What is the maximum number of employees that a PKI certificate
holder may designate?
Answer: PKI certificate holders may only designate a reasonable
number of employees for which he or she can maintain proper control.
The PKI certificate holder is responsible for the usage by the
designated employees who can only use the PKI certificate under the
direction and control of the holder in accordance with the revised PKI
subscriber agreement and the rules and policies of the USPTO including
the Legal Framework for EFS-Web. The holder must take reasonable steps
to ensure compliance with the requirements in the revised PKI
subscriber agreement and the rules and policies of the USPTO. When a
PKI certificate holder or one of the holder's designated employees
electronically transmits a submission to the USPTO via EFS-Web using
the holder's PKI certificate, the PKI certificate holder is presenting
the information in the submission to the USPTO and making the
certification under 37 CFR 11.18(b). Furthermore, the PKI certificate
holder is not permitted to designate a person who is not an employee,
and designated employees are not permitted to share the certificate
with anyone else (e.g., a designated employee cannot designate another
employee).
3. Can a PKI certificate holder designate employees of more than
one contractor?
Answer: Yes, a PKI certificate holder may designate employees of
more than one contractor as long as the PKI certificate holder
maintains control of the PKI certificate usage and can ensure that the
employees of the contractors are using the PKI certificate in
accordance with the revised PKI subscriber agreement and the rules and
policies of the USPTO including the Legal Framework for EFS-Web.
4. Can multiple PKI certificate holders designate the same employee
to use their certificates?
Answer: Yes, multiple PKI certificate holders may designate the
same employee if the PKI certificate holders and the designated
employee take reasonable steps to ensure that the designated employee
uses the proper PKI certificate for each task in accordance with the
revised PKI subscriber agreement and the rules and policies of the
USPTO including the Legal Framework for EFS-Web. For example, if Holder
Smith asked the designated employee to electronically submit a patent
application via EFS-Web, the designated employee must use the PKI
certificate of Holder Smith to submit the patent application, rather
than a certificate of another holder who did not give the designated
employee the direction to file the patent application.
5. Can a PKI certificate holder designate an employee that is not
located in the same location?
Answer: Yes, a PKI certificate holder may designate an employee
that is not located in the same location as long as the designated
employee uses the PKI certificate under the direction and control of
the holder in accordance with the revised PKI subscriber agreement and
the rules and policies of the USPTO including the Legal Framework for
EFS-Web.
6. What should a PKI certificate holder do if one of his or her
designated employees is leaving the holder's organization or the
contractor's organization?
Answer: The PKI certificate holder must take reasonable steps to
ensure that the employee does not continue to use the PKI certificate
when the employee leaves the holder's organization or the contractor's
organization or when the contractor is no longer a contractor to the
holder.
7. Can a pro se inventor use his or her PKI certificate to file an
application or document for another person or retrieve information
regarding another person's application?
Answer: No, a pro se inventor cannot use (or permit someone else to
use) his or her PKI certificate to file an application or document for
another person, or retrieve information (e.g., an e-Office action or
the status) regarding another person's application. A pro se inventor
may use his or her PKI certificate to file his or her application or
follow-on documents in his or her application that does not contain a
power of attorney.
8. Can a PKI certificate holder designate a company that offers
paralegal services to use the PKI certificate?
Answer: No, a PKI certificate holder cannot designate a company. A
PKI certificate holder may only designate more than one employee of a
contractor (or the organization of the holder) to use his or her
certificate under the holder's direction and control in accordance with
the revised PKI subscriber agreement and the rules and policies of the
USPTO including the Legal Framework for EFS-Web.
9. Can a PKI certificate holder designate an invention promotion
company or an invention promoter to use the PKI certificate?
Answer: No, a PKI certificate holder is not permitted to designate
an invention promotion company or an invention promoter to use the PKI
certificate. A PKI certificate holder may only designate more than one
employee of a contractor (or the organization of the holder) to use his
or her certificate under the holder's direction and control in
accordance with the revised PKI subscriber agreement and the rules and
policies of the USPTO including the Legal Framework for EFS-Web. The
designated employees should be paralegals or support staff of the
holder's organization (or a contractor's organization). A PKI
certificate holder must take reasonable steps to ensure that the PKI
certificate is not being used in connection with the unauthorized
practice before the USPTO in patent matters. See section 3 of the PKI
subscriber agreement.
10. Can a registered patent practitioner who is a PKI certificate
holder designate his or her client or a ``foreign associate'' (e.g., an
attorney in another law firm) to use the PKI certificate?
[[Page 66957]]
Answer: No, a PKI certificate holder cannot designate his or her
client, and cannot designate a ``foreign associate'' (e.g., an attorney
in another law firm) who is not an employee of the certificate holder's
organization and is not an employee of a contractor. A PKI certificate
holder may only designate more than one employee of a contractor (or
the organization of the holder) to use his or her certificate under the
holder's direction and control in accordance with the revised PKI
subscriber agreement and the rules and policies of the USPTO including
the Legal Framework for EFS-Web. The designated employees should be
paralegals or support staff of the certificate holder. Furthermore, if
the ``foreign associate'' is located outside of the United States, it
would be difficult for the holder to maintain control of the PKI
certificate usage and ensure compliance with the rules and policies of
the USPTO by a person located outside of the United States. In
addition, accessing an application before the applicant has received a
foreign filing license by a person located outside of the United
States, or by a foreign national inside the United States, constitutes
an export. The holder cannot permit the use of the PKI certificate in a
manner that would violate or circumvent the Export Administration
Regulations. See section 6 of the PKI subscriber agreement for more
information.
11. Can a PKI certificate holder or a designated employee file a
third party submission or a protest via EFS-Web using the PKI
certificate?
Answer: No, the EFS-Web Legal Framework (section B2) specifically
prohibits the filing of third party submissions and protests in patent
applications via EFS-Web. The USPTO has a special screening procedure
to ensure such documents are filed in compliance with 37 CFR 1.99 or
1.291 (in paper) before being entered into the application. See also 35
U.S.C. 122(c) and Manual of Patent Examining Procedure (MPEP)
Sec. Sec. 1134, 1134.01 and 1901.05. Filing such documents
electronically via EFS-Web would be circumventing these rules and
procedures and be a violation of the Legal Framework for EFS-Web and
the revised PKI subscriber agreement. Such violation may cause the
USPTO to revoke the PKI certificate and/or refer the PKI certificate
holder to the Office of Enrollment and Discipline for appropriate
action. Therefore, PKI certificate holders should take reasonable steps
to ensure that their designated employees do not file third party
submissions and protests via EFS-Web.
12. Can a designated employee continue to use the PKI certificate
of a deceased holder?
Answer: No, all of the designated employees must stop using the PKI
certificate of a deceased holder because designated employees only have
the authority to use the PKI certificate under the direction and
control of the holder. The USPTO will revoke the PKI certificate once
the USPTO becomes aware that the holder is deceased.
13. Can a PKI certificate holder or his or her designated employees
continue to use the PKI certificate after the holder is suspended from
practice before the USPTO?
Answer: No, the PKI certificate holder and all of his or her
designated employees must stop using the PKI certificate once the
holder is suspended from practice before the USPTO. The USPTO will
revoke the PKI certificate once the appropriate official in the USPTO
becomes aware of the suspension.
II. Revised PKI Subscriber Agreement (November 2009): The following
is the PKI Subscriber Agreement in effect as of December 17, 2009:
I request that the United States Patent and Trademark Office
(USPTO) issue me a set of public key certificates (a digital signing
certificate and an encryption) in accordance with conditions stated
herein and as explained and governed by the EFS-Web Legal Framework.
See e.g., Legal Framework for Electronic Filing System-Web (EFS-
Web), 74 FR 55200 (October 27, 2009) (notice)). I have read and
signed the Certificate Action Form [PTO Form-2042] requesting
issuance of public key certificates to me for doing business with
the USPTO.
I agree that my use and reliance on the USPTO public key
certificates is subject to the terms and conditions set out below.
By signing the Certificate Action Form [PTO Form-2042], I agree to
the terms of this Subscriber Agreement and to the rules and policies
of the USPTO including the EFS-Web Legal Framework.
1. Identification Information: I warrant that the information I
submit, as corrected or updated by me periodically, is true and
complete.
If any of the information contained in the Certificate Action
Form [PTO Form-2042], changes, I agree to update my information
within 10 working days via written communication sent to Mail Stop
EBC, Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-
1450. This includes loss of right to access a given customer number.
2. Protection of Keys: The USPTO will not have a copy of my
private key corresponding to the public key contained in the digital
signing certificate. I understand that the password I establish in
the client software is my responsibility and that the password is
unknown to the USPTO. Further, there is no mechanism for the USPTO
to find the password. In the event of a lost password, as in the
event of the loss of my private key, the USPTO can, at my request,
recover only the private key corresponding to the public key
contained in the confidentiality certificate and authorize the
generation of a new digital signing public/private key pair.
(a) I agree to keep my password and private key confidential,
and to take all reasonable measures to prevent the loss,
unauthorized disclosure, modification or use of my password, and
private key. I agree that I will be responsible for these items and
that no unauthorized person will have access to them.
(b) I agree and acknowledge that, when the USPTO issues me the
information permitting me to generate a certificate, the USPTO will
keep a copy of my private key corresponding to the public key of my
confidentiality certificate, and the USPTO will not disclose this
key except with my consent, or where required by law.
(c) I agree to promptly notify the USPTO if my password or
private key is lost, compromised or rendered insecure, or if the
information contained in my certificate request, including address,
e-mail address, or telephone number, has changed, or becomes
otherwise incorrect or incomplete.
Each public key certificate includes the public key of a public/
private key pair. The digital signing key pair is generated by the
subscriber's personal computer when completing a certificate
creation or recovery action via the Digital Certificate Management
Web site and the public key becomes part of the digital signing
certificate. Only the subscriber holds the private key corresponding
to the public key contained in the digital signing certificate. Both
the public and private keys of the confidentiality certificate will
be generated by the USPTO Certificate Authority and sent via a
secure channel to the subscriber. The USPTO Certificate Authority
will hold a copy of the subscriber's private key corresponding to
the public key contained in the confidentiality certificate in order
to provide key recovery capability.
3. Acceptable Use or Reliance/Designation of Supervised
Employee: I will use my USPTO certificates only for electronic
communication with the USPTO (e.g., Private Patent Application
Information Retrieval (Private PAIR) status inquiry, electronic
filing, etc.) in compliance with the rules and policies of the USPTO
(e.g., EFS-Web Legal Framework). I will use or rely on USPTO
certificates only for securing communication with the USPTO, and
will not encourage or permit anyone to use or rely on the
certificates (other than the USPTO).
I may designate more than one employee to use my USPTO
certificates under my direction and control in accordance with this
subscriber agreement and the rules and policies of the USPTO
including the EFS-Web Legal Framework. Each designated employee must
only be either an employee of my organization or an employee of a
contractor. Each designated employee will use or rely on granted
USPTO certificates only for communication with the USPTO in
[[Page 66958]]
compliance with the rules and policies of the USPTO and will not
encourage or permit anyone to use or rely on the certificates (other
than the USPTO).
I understand that I am responsible for each designated
employee's use of the USPTO certificates. I will take reasonable
steps to ensure compliance of the requirements set forth in this
agreement by each designated employee, including the restrictions on
the software use in section 5 and the restrictions on the export
(including deemed export) of technology and software included in
patent applications in section 6. If a designated employee is not a
U.S. citizen, I understand that the designated employee's access to
the technology and software constitutes an export. See section 6 of
this agreement.
I agree not to use or permit the use of my USPTO certificates in
connection with the unauthorized practice of law. For example, I
will not grant permission to an invention promotion company or an
invention promoter to use my USPTO certificates. I also understand
that if I am a practitioner, violations of the USPTO ethics rules
set forth in Parts 10 and 11 of 37 CFR may subject me to
disciplinary action. If I have been granted limited recognition by
the Office, I agree not to use the digital certificate beyond the
limits of the rights I have been granted.
I understand that my USPTO certificates will be used to access
records and systems on a U.S. Government computer system and that
unauthorized use or use beyond the purpose authorized may subject me
to criminal penalties under U.S. Law and/or disciplinary action.
4. Revocation of Certificates: The USPTO may revoke my
certificates at any time without prior notice if:
(a) Any of the information I supply in my certificate request
changes;
(b) The USPTO knows or suspects that my private key has been
compromised;
(c) The private key of the issuing USPTO Certificate Authority
has been compromised;
(d) The signing certificate of the issuing USPTO Certificate
Authority is revoked;
(e) I fail to comply with my obligations under this Agreement or
the rules or policies of the USPTO, including the EFS-Web Legal
Framework; or
(f) For any other reason the USPTO deems necessary.
The USPTO will promptly notify me of the revocation. Such
revocation does not affect the authenticity of a transmission made
or a message I digitally signed before certificate revocation.
I may surrender my certificates at any time by written
submission to the USPTO at:
Certificate Services Request, U.S. Patent and Trademark Office, Mail
Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.
5. Software use: I agree to honor (and to make sure that each
designated employee will honor) any applicable copyright, patent, or
license agreements with respect to any software provided to me by
the USPTO, and will not (and will make sure that each designated
employee will not) tamper with, alter, destroy, modify, reverse
engineer, or decompile such software in any way. I agree not to use
(and agree to make sure that each designated employee will not use)
the software for any purpose other than communication with the
USPTO.
6. Restrictions on the Export (Including Deemed Export) of
Technology and Software Included in Patent Applications: I
understand that technology and software included in unpublished
patent applications may be subject to export controls set out in the
Export Administration Regulations (15 CFR parts 730-774). Access to
such technology and software by any person located outside the
United States or by a foreign national inside the United States
constitutes an export that may require a license from the U.S.
Commerce Department's Bureau of Industry and Security (``BIS''). I
agree not to use (and to make sure that each designated employee
will not use) or permit the use of the USPTO certificate in a manner
that would violate or circumvent the Export Administration
Regulations.
Information regarding U.S. export controls and their application
to technology and software included in patent applications is
available from BIS. Please see BIS's Web site, available at http://www.bis.doc.gov, or contact BIS's Office of Exporter Services at
202-482-4811.
7. Availability: I understand that the USPTO does not warrant or
represent 100% availability of the USPTO Public Key Infrastructure
services due to system maintenance, repair, or events outside the
control of the USPTO. Information regarding scheduled downtime, if
known, will appear on the USPTO Electronic Business Center Web site.
Any delays caused by downtime must be addressed through the ordinary
petition process.
8. Term of Agreement: This Agreement may be terminated by either
party upon proper notice. In the case of a termination by the USPTO,
notice may be provided by any reasonable means, including a posting
on the USPTO Web site.
9. General: If any provision of this Agreement is declared by a
court to be invalid, illegal, or unenforceable, all other provisions
shall remain in full force and effect.
The USPTO reserves the right to refuse to issue certificates.
The USPTO reserves the right to cancel this program at any time.
Modifications to this agreement will be posted on the USPTO Web site
at http://www.uspto.gov/ebc/efs. Continued use of the system after
posting will constitute agreement to the updated terms.
10. Requests: Requests for issuance of certificates, revocation
of certificates or key recovery shall be sent to the USPTO
Registration Authority at:
Certificate Services Request, U.S. Patent and Trademark Office, Mail
Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.
11. Dispute Resolution and Governing Law: This Agreement shall
be governed by and construed in accordance with the laws of the
United States of America.
III. Additional Information: The USPTO appreciates the suggestions
and inquiries from users. The USPTO will continue to provide
clarifications, answers to frequently asked questions, and other
helpful information on the USPTO Web site. Users are encouraged to
check the USPTO Web site for more information and contact the Patent
Electronic Business Center for questions related to the usage of PKI
certificates or USPTO electronic systems.
Dated: December 11, 2009.
David J. Kappos,
Under Secretary of Commerce for Intellectual Property and Director of
the United States Patent and Trademark Office.
[FR Doc. E9-30026 Filed 12-16-09; 8:45 am]
BILLING CODE 3510-16-P