PATENTS   
Patent EBC > Guide > Policy > Certificate Policy

Certificate Policy Patent Electronic Business Center
New Users 
Patent Application Information Retrieval
Electronic Filing System
About the Patent EBC
Users Guide
   You are here...Policy
   Security
   FAQ
   Sitemap
Downloads 
Back to Policy Index

This explains our policy regarding appropriate use of Digital Certificates and identifies pertinent facts concerning the life cycle and attributes of those certificates. USPTO Digital Certificates are for use only for USPTO-related business. The certificates are not intended to be used for non-USPTO business, nor should they be used to sign or secure third party business transactions. The USPTO is the only relying party for these certificates - the party that trusts the certificates. No other reliance is authorized.

RELYING USPTO Automated Information Systems (AISs)
The Digital Certificates granted by the USPTO shall be used to carry out the business of the USPTO by providing authentication and other security services for use in transactions with USPTO customers, business partners and in internal USPTO systems and transactions. USPTO Automated Information Systems (AISs) are authorized to trust USPTO-issued Digital Certificates that have not been revoked or expired.

Public Key Infrastructure (PKI) Security Services
The following Public Key Infrastructure (PKI) security services are authorized for use within USPTO:
Confidentiality - maintaining the privacy of data
Integrity - assuring that the data has not been modified
Authentication - determining the identity of the subscriber
Non-repudiation - preventing a subscriber from denying that he or she created the transaction

USPTO AISs are authorized to utilize these services to provide access control and time stamp services. The USPTO PKI supports these security services by providing authentication and integrity through digital signatures and encryption keys for confidentiality services.

Public Key Infrastructure Services Criteria
AISs that are intended to be used with the PKI system will, as a minimum, meet the following requirements:

1. Establish, transfer, store and use the public and private keys and cryptographic material in a secure manner
2. Perform the certificate validity and verification checking
3. Report appropriate information and warnings to the subscriber and the Information Technology Security Program Office (ITSPO).

The ITSPO will assure that the AIS uses the certificate for the purpose for which it was issued, as indicated in the certificate information (e.g., the key usage extension).

The ITSPO will assure that the AIS creates and maintains an audit trail of transactions related to the PKI service

The authorized source for information concerning the validity of a certificate shall be the revocation mechanism provided by the Certification Authority.

USPTO Certificate Life Policy
Patent Electronic Business Center PKI software provides automatic and transparent key management for users. Public and private key pairs are used with Patent Electronic Business Center client and server PKI software to provide authentication, integrity and confidentiality services.

The USPTO Certificate Policy states that user certificates will expire twelve months from the date first issued. The transition period for certificate renewal begins 100 days before certificates expire.

When users access their Patent Electronic Business Center client software during the transition period their certificate is automatically renewed.

If users do not access their Patent Electronic Business Center client software during the transition period then their certificates will expire and the user will have to follow the renewal procedure described in the Patent Electronic Business Center User Guide to renew their certificates.

For example, if your keys were issued on January 1, 1999 then the transition period would begin on September 22, 1999 and if you did not sign on to the Patent Electronic Business Center client software during the period starting 100 days prior to the expiration date, then your certificate will not be automatically renewed by the Patent Electronic Business Center.

In addition, you may request that your Digital Certificate be revoked at any time and, if desired, have a new one reissued. Reasons for this may include having no further use for the certificate, or suspicion of unauthorized use of the certificate by another.

Back to Policy Index
KEY: e Biz=online business system fees=fees forms=formshelp=help laws and regs=laws/regulations definition=definition (glossary)
Send questions about USPTO programs and services to USPTO Contact Center(UCC).

Have a suggestion for more material for this customer profile? E-mail suggestions to the webmaster@uspto.gov. While we cannot promise to accommodate all requests, your suggestions will be considered and may lead to other improvements to the web site.

|.HOME | SITE INDEX| SEARCH | eBUSINESS | HELP | PRIVACY POLICY