PTO lets fly with a PKI for handling patent apps
PTO lets fly with a PKI for handling patent apps
By William Jackson
The Patent and Trademark Office has created a public-key infrastructure that lets inventors and lawyers file applications via the Internet and then track the progress of those applications electronically.
The PKI system, one of the first to be implemented by an agency beyond the pilot stage, issues digital certificates and public-private key pairs for encrypting and signing digital documents.
'It was based on business needs,' PTO chief information officer Dennis Shaw said. 'We have pursued electronic communication with our customers, and that is achievable with the advent of the Internet, but we need confidentiality. We need to know who is on the other end, and we need nonrepudiation.'
After evaluating available products, PTO chose Entrust/PKI from Entrust Technologies Inc. of Plano, Texas. 'Our primary concern was user-friendliness,' Shaw said.No obstacle
Once a user has registered and installed the PKI client software, use is almost transparent, said Richard D. Wescott, senior account executive for Entrust's federal systems division.
PKI's usefulness to the patent office is not limited to filing and tracking applications, project specialist Arthur F. Purcell said.
'That was just low-hanging fruit,' he said. 'We provided the service to be used with all the applications that need it.'
Internally, it secures e-mail and digitizes paperwork. The first external application, the Patent Application Information Retrieval System, began a limited rollout in late October after a three-month pilot. By late last month it had about 100 users.
'We assume a lot of the 17,000 registered practitioners will get it,' Purcell said.
PTO runs the Entrust/PKI software under SunSoft Solaris. The system creates digital certificates for registered users, maintains public keys for encrypting documents and verifying signatures, and issues private keys for decrypting and signing documents. Entrust supports leading encryption algorithms.
Currently, the client software is mailed on disks to users who register online, but PTO has an export license from the Bureau of Export Administration that lets it make the software downloadable from an Internet registration site.
In a transaction, the digital certificate establishes the identity of the person using the client software, much like presenting a physical identification card. Encryption secures the document, and the digital signature guarantees that the document is genuine, the same as an ink-on-paper signature.
A key element in establishing a PKI is deciding whether to outsource the job of issuing and maintaining certificates and keys. Shaw said deciding to keep the function in-house was a no-brainer.
'We need a system of records that we can take to court to defend the authenticity of electronic documents,' he said.
PTO, however, is considering having the Postal Service act as a certifying agent and expects to cross-recognize certificates issued by foreign patent offices.
A digital certificate is only as good as the policy used to verify the identity of registrants. PTO's Office of Enrollment and Discipline, which certifies patent attorneys and agents to practice with the agency, must verify to the Office of Information Assurance the identity of practitioners who register online.
Independent inventors must supply a notarized statement supported by two pieces of identification.Higher status
PTO began implementing the PKI early this year and started an application-tracking pilot in late July. Shaw said speeding up the status reports was a high priority.
'We have a very low satisfaction rating on that,' he said. Applicants now can get information almost immediately online, rather than waiting a month for a reply to a written query, he said.
In October, the agency's Electronic Filing System began accepting Internet filings for some biotechnology applications. Users of the service get automated assistance in preparing transmittal information and real-time acknowledgment.
|How PTO's public-key infrastructure works|
- A user registers with a certificate authority (CA) online or by mail, verifying identity according to agency policy.
- The CA stores a digital certificate in its database and creates public- and private-key pairs for digital signature and encryption. The user chooses a password.
- The public key remains in CA's database; the private key is sent to the user in client software.
- To secure an e-mail or document, the user clicks on the PKI icon and is prompted to enter a password. The sender's private signing key automatically affixes a digital signature; the recipient's public encryption key is obtained from the CA's database to encrypt the document before it is sent.
- To open the secured document, the recipient clicks on the PKI icon and enters a password. The recipient's private encryption key decrypts the document.
- To validate the signature, the recipient clicks on it and gets the sender's public signing key. The private encryption key can be recovered from the CA if necessary. The private signing key is not recoverable.