Certificate Action Form (and Subscriber Agreement)

United States Patent and Trademark Office

Public Key Infrastructure Subscriber Agreement

I request that the United States Patent and Trademark Office (USPTO) issue me a set of public
key certificates (a digital signing certificate and an encryption) in accordance with conditions
stated herein and as explained and governed by the EFS-Web Legal Framework. See e.g., Legal
Framework for Electronic Filing System – Web (EFS-Web), 74 FR 55200 (October 27, 2009)
(notice)). I have read and signed the Certificate Action Form [PTO Form-2042] requesting
issuance of public key certificates to me for doing business with the USPTO.
I agree that my use and reliance on the USPTO public key certificates is subject to the terms and
conditions set out below. By signing the Certificate Action Form [PTO Form-2042], I agree to
the terms of this Subscriber Agreement and to the rules and policies of the USPTO including the
EFS-Web Legal Framework.
1. Identification Information
I warrant that the information I submit, as corrected or updated by me periodically, is true and
complete.
If any of the information contained in the Certificate Action Form [PTO Form-2042], changes, I
agree to update my information within 10 working days via written communication sent to Mail
Stop EBC, Commissioner for Patents, PO Box 1450, Alexandria, VA 22313-1450. This includes
loss of right to access a given customer number.
2. Protection of Keys1
The USPTO will not have a copy of my private key corresponding to the public key contained in
the digital signing certificate. I understand that the password I establish in the client software is
my responsibility and that the password is unknown to the USPTO. Further, there is no
mechanism for the USPTO to find the password. In the event of a lost password, as in the event
of the loss of my private key, the USPTO can, at my request, recover only the private key
corresponding to the public key contained in the confidentiality certificate and authorize the
generation of a new digital signing public/private key pair.

Each public key certificate includes the public key of a public/private key pair. The digital
signing key pair is generated by the subscriber’s personal computer when completing a
certificate creation or recovery action via the Digital Certificate Management Web site and the
public key becomes part of the digital signing certificate. Only the subscriber holds the private
key corresponding to the public key contained in the digital signing certificate. Both the public
and private keys of the confidentiality certificate will be generated by the USPTO Certificate
Authority and sent via a secure channel to the subscriber. The USPTO Certificate Authority will
hold a copy of the subscriber’s private key corresponding to the public key contained in the
confidentiality certificate in order to provide key recovery capability.
1

December 2009

1

a) I agree to keep my password and private key confidential, and to take all reasonable
measures to prevent the loss, unauthorized disclosure, modification or use of my password,
and private key. I agree that I will be responsible for these items and that no unauthorized
person will have access to them.
b) I agree and acknowledge that, when the USPTO issues me the information permitting me to
generate a certificate, the USPTO will keep a copy of my private key corresponding to the
public key of my confidentiality certificate, and the USPTO will not disclose this key except
with my consent, or where required by law.
c) I agree to promptly notify the USPTO if my password or private key is lost, compromised or
rendered insecure, or if the information contained in my certificate request, including
address, e-mail address, or telephone number, has changed, or becomes otherwise incorrect
or incomplete.
3. Acceptable Use or Reliance/Designation of Supervised Employee
I will use my USPTO certificates only for electronic communication with the USPTO (e.g.,
Private Patent Application Information Retrieval (Private PAIR) status inquiry, electronic filing,
etc.) in compliance with the rules and policies of the USPTO (e.g., EFS-Web Legal Framework).
I will use or rely on USPTO certificates only for securing communication with the USPTO, and
will not encourage or permit anyone to use or rely on the certificates (other than the USPTO).
I may designate more than one employee to use my USPTO certificates under my direction and
control in accordance with this subscriber agreement and the rules and policies of the USPTO
including the EFS-Web Legal Framework. Each designated employee must only be either an
employee of my organization or an employee of a contractor. Each designated employee will
use or rely on granted USPTO certificates only for communication with the USPTO in
compliance with the rules and policies of the USPTO and will not encourage or permit anyone to
use or rely on the certificates (other than the USPTO).
I understand that I am responsible for each designated employee’s use of the USPTO certificates.
I will take reasonable steps to ensure compliance of the requirements set forth in this agreement
by each designated employee, including the restrictions on the software use in section 5 and the
restrictions on the export (including deemed export) of technology and software included in
patent applications in section 6. If a designated employee is not a U.S. citizen, I understand that
the designated employee’s access to the technology and software constitutes an export. See
section 6 of this agreement.
I agree not to use or permit the use of my USPTO certificates in connection with the
unauthorized practice of law. For example, I will not grant permission to an invention promotion
company or an invention promoter to use my USPTO certificates. I also understand that if I am
a practitioner, violations of the USPTO ethics rules set forth in Parts 10 and 11 of 37 CFR may
subject me to disciplinary action. If I have been granted limited recognition by the Office, I
agree not to use the digital certificate beyond the limits of the rights I have been granted.

December 2009

2

I understand that my USPTO certificates will be used to access records and systems on a U.S.
Government computer system and that unauthorized use or use beyond the purpose authorized
may subject me to criminal penalties under U.S. Law and/or disciplinary action.
4. Revocation of Certificates
The USPTO may revoke my certificates at any time without prior notice if:
a) any of the information I supply in my certificate request changes;
b) the USPTO knows or suspects that my private key has been compromised;
c) the private key of the issuing USPTO Certificate Authority has been compromised;
d) the signing certificate of the issuing USPTO Certificate Authority is revoked;
e) I fail to comply with my obligations under this Agreement or the rules or policies of the
USPTO, including the EFS-Web Legal Framework; or
f) for any other reason the USPTO deems necessary.
The USPTO will promptly notify me of the revocation. Such revocation does not affect the
authenticity of a transmission made or a message I digitally signed before certificate revocation.
I may surrender my certificates at any time by written submission to the USPTO at:
Certificate Services Request
U.S. Patent and Trademark Office
Mail Stop EBC
PO Box 1450
Alexandria, VA 22313-1450
5. Software use
I agree to honor (and to make sure that each designated employee will honor) any applicable
copyright, patent, or license agreements with respect to any software provided to me by the
USPTO, and will not (and will make sure that each designated employee will not) tamper with,
alter, destroy, modify, reverse engineer, or decompile such software in any way. I agree not to
use (and agree to make sure that each designated employee will not use) the software for any
purpose other than communication with the USPTO.
6. Restrictions on the Export (Including Deemed Export) of Technology and Software
Included in Patent Applications
I understand that technology and software included in unpublished patent applications may be
subject to export controls set out in the Export Administration Regulations (15 C.F.R. parts 730774). Access to such technology and software by any person located outside the United States or
by a foreign national inside the United States constitutes an export that may require a license
from the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”). I agree not to
use (and to make sure that each designated employee will not use) or permit the use of the
USPTO certificate in a manner that would violate or circumvent the Export Administration
Regulations.

December 2009

3

Information regarding U.S. export controls and their application to technology and software
included in patent applications is available from BIS. Please see BIS’s Web site, available at
www.bis.doc.gov, or contact BIS’s Office of Exporter Services at 202-482-4811.
7. Availability
I understand that the USPTO does not warrant or represent 100% availability of the USPTO
Public Key Infrastructure services due to system maintenance, repair, or events outside the
control of the USPTO. Information regarding scheduled downtime, if known, will appear on the
USPTO Electronic Business Center Web site. Any delays caused by downtime must be
addressed through the ordinary petition process.
8. Term of Agreement
This Agreement may be terminated by either party upon proper notice. In the case of a
termination by the USPTO, notice may be provided by any reasonable means, including a
posting on the USPTO Web site.
9. General
If any provision of this Agreement is declared by a court to be invalid, illegal, or unenforceable,
all other provisions shall remain in full force and effect.
The USPTO reserves the right to refuse to issue certificates. The USPTO reserves the right to
cancel this program at any time. Modifications to this agreement will be posted on the USPTO
Web site at www.uspto.gov/ebc/efs. Continued use of the system after posting will constitute
agreement to the updated terms.
10. Requests
Requests for issuance of certificates, revocation of certificates or key recovery shall be sent to
the USPTO Registration Authority at:
Certificate Services Request
U.S. Patent and Trademark Office
Mail Stop EBC
PO Box 1450
Alexandria, VA 22313-1450
11. Dispute Resolution and Governing Law
This Agreement shall be governed by and construed in accordance with the laws of the United
States of America.

December 2009

4