Revised Procedure for Public Key Infrastructure Certificates, 66955-66958 [E9-30026]

Agencies

• DEPARTMENT OF COMMERCE
• Patent and Trademark Office

[Federal Register Volume 74, Number 241 (Thursday, December 17, 2009)]
[Notices]
[Pages 66955-66958]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-30026]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

Patent and Trademark Office

[Docket No. PTO-P-2009-0055]


Revised Procedure for Public Key Infrastructure Certificates

AGENCY: United States Patent and Trademark Office, Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The United States Patent and Trademark Office (USPTO) 
published a notice on Legal Framework for Electronic Filing System-Web 
(EFS-Web) to set forth the current policy and procedure for using EFS-
Web and to permit a holder of a public key infrastructure (PKI) 
certificate to designate a single employee of a contractor who may use 
the PKI certificate under the direction and control of the holder. The 
USPTO received many suggestions and inquiries from users of EFS-Web and 
the Patent Application Information Retrieval (PAIR) system. In response 
to the suggestions, the USPTO is expanding the procedure for PKI 
certificates to permit a holder of a PKI certificate to designate more 
than one employee to use the PKI certificate under the direction and 
control of the holder in accordance with the revised PKI subscriber 
agreement and the rules and policies of the USPTO.

DATES: Effective Date: December 17, 2009.

FOR FURTHER INFORMATION CONTACT: Joni Y. Chang, Senior Legal Advisor, 
Office of Patent Legal Administration, Office of the Associate 
Commissioner for Patent Examination Policy, by telephone at 571-272-
7720, or by mail addressed to: Mail Stop Comments Patents, Commissioner 
for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
    Inquiries regarding EFS-Web and other USPTO information technology 
(IT) systems may be directed to the Patent Electronic Business Center 
(Patent EBC), by telephone: 1-866-217-9197 (toll-free) and 571-272-
4100, or by e-mail: ebc@uspto.gov.
    Inquiries regarding IT policy for U.S. national patent applications 
may be directed to Mark Polutta (571-272-7709), Senior Legal Advisor, 
Office of Patent Legal Administration.
    Inquiries regarding IT policy for international patent applications 
may be directed to Tamara Graysay (571-272-6728), Special Program 
Examiner, Office of Patent Cooperation Treaty (PCT) Legal 
Administration.

SUPPLEMENTARY INFORMATION: Since October of 2000, the USPTO has been 
providing users of the USPTO electronic systems with PKI certificates 
free of charge to pro se inventors, registered patent practitioners and 
limited recognition practitioners who signed an agreement with the 
USPTO and have been approved for use of the systems. A PKI certificate 
holder enjoys many benefits including having the ability to file patent 
applications and follow-on documents in applications electronically via 
EFS-Web as a registered user, and retrieving e-Office actions and 
checking the status of an application electronically via Private PAIR. 
The USPTO published a notice on the Legal Framework for EFS-Web to set 
forth the current policy and procedure for using EFS-Web and to permit 
a holder of a PKI certificate to designate a single employee of the 
holder's organization, or a single employee of a contractor, who may 
use the PKI certificate under the direction and control of the holder. 
See Legal Framework for Electronic Filing System-Web (EFS-Web), 74 FR 
55200 (October 27, 2009) (notice). The USPTO received many suggestions 
and inquiries from users of EFS-Web and PAIR on the usage of PKI 
certificates. In response to the suggestions, the USPTO is expanding 
the procedure for PKI certificates to permit a holder of a PKI 
certificate to designate more than one employee to use the PKI 
certificate under the direction and control of the holder in accordance 
with the revised PKI subscriber agreement and the rules and policies of 
the USPTO including the Legal Framework for EFS-Web. The designated 
employees should be paralegals or support staff of the certificate 
holder. Each designated employee must be either an employee of the 
holder's organization or an employee of a contractor. The PKI 
certificate holder and the designated employees may use the holder's 
PKI certificate concurrently. For example, a registered patent 
practitioner may file a patent application electronically via EFS-Web 
using his or her PKI certificate at the same time when one of the 
practitioner's paralegals files a follow-on document in another 
application electronically via EFS-Web, and another paralegal of the 
practitioner retrieves an e-Office action via Private PAIR, using the 
practitioner's PKI certificate under the direction and control of the 
practitioner. The revised procedure for PKI certificates will provide 
users more flexibility and meet users' needs for multiple concurrent 
usage of the USPTO electronic systems.
    The revised procedure for PKI certificates is effective immediately 
upon the publication of this notice. The PKI subscriber agreement has 
been revised to permit a holder of a PKI certificate to designate more 
than one employee to use the PKI certificate under the direction and 
control of the holder in accordance with the PKI subscriber agreement 
and the rules and policies of the USPTO including the Legal Framework 
for EFS-Web. The

[[Page 66956]]

revised PKI subscriber agreement (provided in section II of this notice 
and to be posted on the USPTO Web site) will apply to new PKI 
certificate holders who receive their PKI certificates on or after the 
publication date of this notice and current PKI certificate holders 
that continue to use their PKI certificates (includes any PKI 
certificate usage by their designated employees). The Legal Framework 
for EFS-Web published in the Federal Register (74 FR 55200) on October 
27, 2009, will be revised in accordance with this notice and the 
revised version will also be posted on the USPTO Web site.
    I. New Frequently Asked Questions Regarding PKI Certificates: The 
following are provided for further clarification of the procedure for 
PKI certificates and to address the inquiries that the USPTO has 
received:
    1. Can current PKI certificate holders designate more than one 
employee without applying for a new PKI certificate or filing a newly 
signed certificate action form (PTO-2042)?
    Answer: Yes, a new request for PKI certificate is not needed. 
Continued use of a PKI certificate after the publication of this notice 
will constitute agreement to the revised PKI subscriber agreement by 
the current PKI certificate holder. See section 9 of the PKI subscriber 
agreement. Therefore, a current PKI certificate holder may designate 
more than one employee immediately to use the holder's PKI certificate 
under the direction and control of the holder in accordance with the 
revised PKI subscriber agreement and the rules and policies of the 
USPTO including the Legal Framework for EFS-Web.
    2. What is the maximum number of employees that a PKI certificate 
holder may designate?
    Answer: PKI certificate holders may only designate a reasonable 
number of employees for which he or she can maintain proper control. 
The PKI certificate holder is responsible for the usage by the 
designated employees who can only use the PKI certificate under the 
direction and control of the holder in accordance with the revised PKI 
subscriber agreement and the rules and policies of the USPTO including 
the Legal Framework for EFS-Web. The holder must take reasonable steps 
to ensure compliance with the requirements in the revised PKI 
subscriber agreement and the rules and policies of the USPTO. When a 
PKI certificate holder or one of the holder's designated employees 
electronically transmits a submission to the USPTO via EFS-Web using 
the holder's PKI certificate, the PKI certificate holder is presenting 
the information in the submission to the USPTO and making the 
certification under 37 CFR 11.18(b). Furthermore, the PKI certificate 
holder is not permitted to designate a person who is not an employee, 
and designated employees are not permitted to share the certificate 
with anyone else (e.g., a designated employee cannot designate another 
employee).
    3. Can a PKI certificate holder designate employees of more than 
one contractor?
    Answer: Yes, a PKI certificate holder may designate employees of 
more than one contractor as long as the PKI certificate holder 
maintains control of the PKI certificate usage and can ensure that the 
employees of the contractors are using the PKI certificate in 
accordance with the revised PKI subscriber agreement and the rules and 
policies of the USPTO including the Legal Framework for EFS-Web.
    4. Can multiple PKI certificate holders designate the same employee 
to use their certificates?
    Answer: Yes, multiple PKI certificate holders may designate the 
same employee if the PKI certificate holders and the designated 
employee take reasonable steps to ensure that the designated employee 
uses the proper PKI certificate for each task in accordance with the 
revised PKI subscriber agreement and the rules and policies of the 
USPTO including the Legal Framework for EFS-Web. For example, if Holder 
Smith asked the designated employee to electronically submit a patent 
application via EFS-Web, the designated employee must use the PKI 
certificate of Holder Smith to submit the patent application, rather 
than a certificate of another holder who did not give the designated 
employee the direction to file the patent application.
    5. Can a PKI certificate holder designate an employee that is not 
located in the same location?
    Answer: Yes, a PKI certificate holder may designate an employee 
that is not located in the same location as long as the designated 
employee uses the PKI certificate under the direction and control of 
the holder in accordance with the revised PKI subscriber agreement and 
the rules and policies of the USPTO including the Legal Framework for 
EFS-Web.
    6. What should a PKI certificate holder do if one of his or her 
designated employees is leaving the holder's organization or the 
contractor's organization?
    Answer: The PKI certificate holder must take reasonable steps to 
ensure that the employee does not continue to use the PKI certificate 
when the employee leaves the holder's organization or the contractor's 
organization or when the contractor is no longer a contractor to the 
holder.
    7. Can a pro se inventor use his or her PKI certificate to file an 
application or document for another person or retrieve information 
regarding another person's application?
    Answer: No, a pro se inventor cannot use (or permit someone else to 
use) his or her PKI certificate to file an application or document for 
another person, or retrieve information (e.g., an e-Office action or 
the status) regarding another person's application. A pro se inventor 
may use his or her PKI certificate to file his or her application or 
follow-on documents in his or her application that does not contain a 
power of attorney.
    8. Can a PKI certificate holder designate a company that offers 
paralegal services to use the PKI certificate?
    Answer: No, a PKI certificate holder cannot designate a company. A 
PKI certificate holder may only designate more than one employee of a 
contractor (or the organization of the holder) to use his or her 
certificate under the holder's direction and control in accordance with 
the revised PKI subscriber agreement and the rules and policies of the 
USPTO including the Legal Framework for EFS-Web.
    9. Can a PKI certificate holder designate an invention promotion 
company or an invention promoter to use the PKI certificate?
    Answer: No, a PKI certificate holder is not permitted to designate 
an invention promotion company or an invention promoter to use the PKI 
certificate. A PKI certificate holder may only designate more than one 
employee of a contractor (or the organization of the holder) to use his 
or her certificate under the holder's direction and control in 
accordance with the revised PKI subscriber agreement and the rules and 
policies of the USPTO including the Legal Framework for EFS-Web. The 
designated employees should be paralegals or support staff of the 
holder's organization (or a contractor's organization). A PKI 
certificate holder must take reasonable steps to ensure that the PKI 
certificate is not being used in connection with the unauthorized 
practice before the USPTO in patent matters. See section 3 of the PKI 
subscriber agreement.
    10. Can a registered patent practitioner who is a PKI certificate 
holder designate his or her client or a ``foreign associate'' (e.g., an 
attorney in another law firm) to use the PKI certificate?

[[Page 66957]]

    Answer: No, a PKI certificate holder cannot designate his or her 
client, and cannot designate a ``foreign associate'' (e.g., an attorney 
in another law firm) who is not an employee of the certificate holder's 
organization and is not an employee of a contractor. A PKI certificate 
holder may only designate more than one employee of a contractor (or 
the organization of the holder) to use his or her certificate under the 
holder's direction and control in accordance with the revised PKI 
subscriber agreement and the rules and policies of the USPTO including 
the Legal Framework for EFS-Web. The designated employees should be 
paralegals or support staff of the certificate holder. Furthermore, if 
the ``foreign associate'' is located outside of the United States, it 
would be difficult for the holder to maintain control of the PKI 
certificate usage and ensure compliance with the rules and policies of 
the USPTO by a person located outside of the United States. In 
addition, accessing an application before the applicant has received a 
foreign filing license by a person located outside of the United 
States, or by a foreign national inside the United States, constitutes 
an export. The holder cannot permit the use of the PKI certificate in a 
manner that would violate or circumvent the Export Administration 
Regulations. See section 6 of the PKI subscriber agreement for more 
information.
    11. Can a PKI certificate holder or a designated employee file a 
third party submission or a protest via EFS-Web using the PKI 
certificate?
    Answer: No, the EFS-Web Legal Framework (section B2) specifically 
prohibits the filing of third party submissions and protests in patent 
applications via EFS-Web. The USPTO has a special screening procedure 
to ensure such documents are filed in compliance with 37 CFR 1.99 or 
1.291 (in paper) before being entered into the application. See also 35 
U.S.C. 122(c) and Manual of Patent Examining Procedure (MPEP) 
Sec. Sec.  1134, 1134.01 and 1901.05. Filing such documents 
electronically via EFS-Web would be circumventing these rules and 
procedures and be a violation of the Legal Framework for EFS-Web and 
the revised PKI subscriber agreement. Such violation may cause the 
USPTO to revoke the PKI certificate and/or refer the PKI certificate 
holder to the Office of Enrollment and Discipline for appropriate 
action. Therefore, PKI certificate holders should take reasonable steps 
to ensure that their designated employees do not file third party 
submissions and protests via EFS-Web.
    12. Can a designated employee continue to use the PKI certificate 
of a deceased holder?
    Answer: No, all of the designated employees must stop using the PKI 
certificate of a deceased holder because designated employees only have 
the authority to use the PKI certificate under the direction and 
control of the holder. The USPTO will revoke the PKI certificate once 
the USPTO becomes aware that the holder is deceased.
    13. Can a PKI certificate holder or his or her designated employees 
continue to use the PKI certificate after the holder is suspended from 
practice before the USPTO?
    Answer: No, the PKI certificate holder and all of his or her 
designated employees must stop using the PKI certificate once the 
holder is suspended from practice before the USPTO. The USPTO will 
revoke the PKI certificate once the appropriate official in the USPTO 
becomes aware of the suspension.
    II. Revised PKI Subscriber Agreement (November 2009): The following 
is the PKI Subscriber Agreement in effect as of December 17, 2009:

    I request that the United States Patent and Trademark Office 
(USPTO) issue me a set of public key certificates (a digital signing 
certificate and an encryption) in accordance with conditions stated 
herein and as explained and governed by the EFS-Web Legal Framework. 
See e.g., Legal Framework for Electronic Filing System-Web (EFS-
Web), 74 FR 55200 (October 27, 2009) (notice)). I have read and 
signed the Certificate Action Form [PTO Form-2042] requesting 
issuance of public key certificates to me for doing business with 
the USPTO.
    I agree that my use and reliance on the USPTO public key 
certificates is subject to the terms and conditions set out below. 
By signing the Certificate Action Form [PTO Form-2042], I agree to 
the terms of this Subscriber Agreement and to the rules and policies 
of the USPTO including the EFS-Web Legal Framework.
    1. Identification Information: I warrant that the information I 
submit, as corrected or updated by me periodically, is true and 
complete.
    If any of the information contained in the Certificate Action 
Form [PTO Form-2042], changes, I agree to update my information 
within 10 working days via written communication sent to Mail Stop 
EBC, Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-
1450. This includes loss of right to access a given customer number.
    2. Protection of Keys: The USPTO will not have a copy of my 
private key corresponding to the public key contained in the digital 
signing certificate. I understand that the password I establish in 
the client software is my responsibility and that the password is 
unknown to the USPTO. Further, there is no mechanism for the USPTO 
to find the password. In the event of a lost password, as in the 
event of the loss of my private key, the USPTO can, at my request, 
recover only the private key corresponding to the public key 
contained in the confidentiality certificate and authorize the 
generation of a new digital signing public/private key pair.
    (a) I agree to keep my password and private key confidential, 
and to take all reasonable measures to prevent the loss, 
unauthorized disclosure, modification or use of my password, and 
private key. I agree that I will be responsible for these items and 
that no unauthorized person will have access to them.
    (b) I agree and acknowledge that, when the USPTO issues me the 
information permitting me to generate a certificate, the USPTO will 
keep a copy of my private key corresponding to the public key of my 
confidentiality certificate, and the USPTO will not disclose this 
key except with my consent, or where required by law.
    (c) I agree to promptly notify the USPTO if my password or 
private key is lost, compromised or rendered insecure, or if the 
information contained in my certificate request, including address, 
e-mail address, or telephone number, has changed, or becomes 
otherwise incorrect or incomplete.
    Each public key certificate includes the public key of a public/
private key pair. The digital signing key pair is generated by the 
subscriber's personal computer when completing a certificate 
creation or recovery action via the Digital Certificate Management 
Web site and the public key becomes part of the digital signing 
certificate. Only the subscriber holds the private key corresponding 
to the public key contained in the digital signing certificate. Both 
the public and private keys of the confidentiality certificate will 
be generated by the USPTO Certificate Authority and sent via a 
secure channel to the subscriber. The USPTO Certificate Authority 
will hold a copy of the subscriber's private key corresponding to 
the public key contained in the confidentiality certificate in order 
to provide key recovery capability.
    3. Acceptable Use or Reliance/Designation of Supervised 
Employee: I will use my USPTO certificates only for electronic 
communication with the USPTO (e.g., Private Patent Application 
Information Retrieval (Private PAIR) status inquiry, electronic 
filing, etc.) in compliance with the rules and policies of the USPTO 
(e.g., EFS-Web Legal Framework). I will use or rely on USPTO 
certificates only for securing communication with the USPTO, and 
will not encourage or permit anyone to use or rely on the 
certificates (other than the USPTO).
    I may designate more than one employee to use my USPTO 
certificates under my direction and control in accordance with this 
subscriber agreement and the rules and policies of the USPTO 
including the EFS-Web Legal Framework. Each designated employee must 
only be either an employee of my organization or an employee of a 
contractor. Each designated employee will use or rely on granted 
USPTO certificates only for communication with the USPTO in

[[Page 66958]]

compliance with the rules and policies of the USPTO and will not 
encourage or permit anyone to use or rely on the certificates (other 
than the USPTO).
    I understand that I am responsible for each designated 
employee's use of the USPTO certificates. I will take reasonable 
steps to ensure compliance of the requirements set forth in this 
agreement by each designated employee, including the restrictions on 
the software use in section 5 and the restrictions on the export 
(including deemed export) of technology and software included in 
patent applications in section 6. If a designated employee is not a 
U.S. citizen, I understand that the designated employee's access to 
the technology and software constitutes an export. See section 6 of 
this agreement.
    I agree not to use or permit the use of my USPTO certificates in 
connection with the unauthorized practice of law. For example, I 
will not grant permission to an invention promotion company or an 
invention promoter to use my USPTO certificates. I also understand 
that if I am a practitioner, violations of the USPTO ethics rules 
set forth in Parts 10 and 11 of 37 CFR may subject me to 
disciplinary action. If I have been granted limited recognition by 
the Office, I agree not to use the digital certificate beyond the 
limits of the rights I have been granted.
    I understand that my USPTO certificates will be used to access 
records and systems on a U.S. Government computer system and that 
unauthorized use or use beyond the purpose authorized may subject me 
to criminal penalties under U.S. Law and/or disciplinary action.
    4. Revocation of Certificates: The USPTO may revoke my 
certificates at any time without prior notice if:
    (a) Any of the information I supply in my certificate request 
changes;
    (b) The USPTO knows or suspects that my private key has been 
compromised;
    (c) The private key of the issuing USPTO Certificate Authority 
has been compromised;
    (d) The signing certificate of the issuing USPTO Certificate 
Authority is revoked;
    (e) I fail to comply with my obligations under this Agreement or 
the rules or policies of the USPTO, including the EFS-Web Legal 
Framework; or
    (f) For any other reason the USPTO deems necessary.
    The USPTO will promptly notify me of the revocation. Such 
revocation does not affect the authenticity of a transmission made 
or a message I digitally signed before certificate revocation.
    I may surrender my certificates at any time by written 
submission to the USPTO at:

Certificate Services Request, U.S. Patent and Trademark Office, Mail 
Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.

    5. Software use: I agree to honor (and to make sure that each 
designated employee will honor) any applicable copyright, patent, or 
license agreements with respect to any software provided to me by 
the USPTO, and will not (and will make sure that each designated 
employee will not) tamper with, alter, destroy, modify, reverse 
engineer, or decompile such software in any way. I agree not to use 
(and agree to make sure that each designated employee will not use) 
the software for any purpose other than communication with the 
USPTO.
    6. Restrictions on the Export (Including Deemed Export) of 
Technology and Software Included in Patent Applications: I 
understand that technology and software included in unpublished 
patent applications may be subject to export controls set out in the 
Export Administration Regulations (15 CFR parts 730-774). Access to 
such technology and software by any person located outside the 
United States or by a foreign national inside the United States 
constitutes an export that may require a license from the U.S. 
Commerce Department's Bureau of Industry and Security (``BIS''). I 
agree not to use (and to make sure that each designated employee 
will not use) or permit the use of the USPTO certificate in a manner 
that would violate or circumvent the Export Administration 
Regulations.
    Information regarding U.S. export controls and their application 
to technology and software included in patent applications is 
available from BIS. Please see BIS's Web site, available at https://www.bis.doc.gov, or contact BIS's Office of Exporter Services at 
202-482-4811.
    7. Availability: I understand that the USPTO does not warrant or 
represent 100% availability of the USPTO Public Key Infrastructure 
services due to system maintenance, repair, or events outside the 
control of the USPTO. Information regarding scheduled downtime, if 
known, will appear on the USPTO Electronic Business Center Web site. 
Any delays caused by downtime must be addressed through the ordinary 
petition process.
    8. Term of Agreement: This Agreement may be terminated by either 
party upon proper notice. In the case of a termination by the USPTO, 
notice may be provided by any reasonable means, including a posting 
on the USPTO Web site.
    9. General: If any provision of this Agreement is declared by a 
court to be invalid, illegal, or unenforceable, all other provisions 
shall remain in full force and effect.
    The USPTO reserves the right to refuse to issue certificates. 
The USPTO reserves the right to cancel this program at any time. 
Modifications to this agreement will be posted on the USPTO Web site 
at https://www.uspto.gov/ebc/efs. Continued use of the system after 
posting will constitute agreement to the updated terms.
    10. Requests: Requests for issuance of certificates, revocation 
of certificates or key recovery shall be sent to the USPTO 
Registration Authority at:

Certificate Services Request, U.S. Patent and Trademark Office, Mail 
Stop EBC, PO Box 1450, Alexandria, VA 22313-1450.

    11. Dispute Resolution and Governing Law: This Agreement shall 
be governed by and construed in accordance with the laws of the 
United States of America.

    III. Additional Information: The USPTO appreciates the suggestions 
and inquiries from users. The USPTO will continue to provide 
clarifications, answers to frequently asked questions, and other 
helpful information on the USPTO Web site. Users are encouraged to 
check the USPTO Web site for more information and contact the Patent 
Electronic Business Center for questions related to the usage of PKI 
certificates or USPTO electronic systems.

    Dated: December 11, 2009.
David J. Kappos,
Under Secretary of Commerce for Intellectual Property and Director of 
the United States Patent and Trademark Office.
[FR Doc. E9-30026 Filed 12-16-09; 8:45 am]
BILLING CODE 3510-16-P