Privacy Act of 1974; System of Records

AGENCY:

Department of Commerce.

ACTION:

Notice of New Privacy Act System of Records: Commerce/Patent and Trademark System 16.

SUMMARY:

The Department of Commerce is creating a new systems of records listed under Commerce/Patent and Trademark System: PKI Registration and Maintenance System. This action has been taken to comply with the Privacy Act notice requirements. We invite public comments on the system announced in this publication.

DATES:

Effective Date: The system will become effective as proposed without further notice on Mary 25, 2000 unless comments dictate otherwise.

Comment Date: To be considered, written comments must be submitted on or before May 25, 2000.

ADDRESSES:

Comments may be sent via United States Mail delivery to Raymond Chen, Office of the Solicitor, United States Patent and Trademark Office, Box 8, Washington, DC 20231; via facsimile at 703-305-9373. All comments received will be available for public inspection at the Public Search Facilities, Crystal Plaza 3, 2021 South Clark Place, Arlington, VA 22202. For further information contact: Raymond Chen, Office of the Solicitor, Box 8, Washington, DC 20231, or by phone at 703-305-9035.

SUPPLEMENTARY INFORMATION:

Pursuant to the implementation of a Public Key Infrastructure (PKI) by the Patent and Trademark Office (PTO), a new system of records is being created to maintain the records of the application for, the grant of, and the revocation of digital certificates issued by the PTO, as well as key recovery services provided in reference to digital certificates. This notice describes the current practices of the PTO.

The PKI is a program that the PTO has implemented to support secure electronic communications between the PTO and its customers. The information collected by the PTO through the Certificate Action Form (PTO Form PTO-2042) is used to authorize the creation and revocation of a digital certificate or to perform key recovery. The digital certificate enables the PTO to provide the customer with a digital identity and to support encrypted communication between the customer and the PTO.

Using PKI enables the PTO to offer the option to applicants to review their patent application information, to send their patent applications, and to communicate with the PTO electronically, while preserving the integrity and confidentiality of these various actions.

Both the Patent Statute (35 U.S.C. § 122) and the Patent Cooperation Treaty established between the United States and the international community require that patent applications be preserved in confidence. Using PKI ensures that the patent applications are preserved in confidence because it permits the PTO to authenticate a customer's identity and encrypt the information exchanged between the PTO and the customer.

The PTO will use PKI to support secure communications and electronic commerce with its applicant community, international business partners, the Patent and Trademark Depository Libraries, its own employees, and support contractors. In implementing PKI, the PTO is indicating to its customers that the agency is making a major commitment to preserve the confidentiality and integrity of the electronic transactions.

In addition to the notice of routine uses, the notice includes the categories of individuals covered by the system, categories of records in the system, location of records, authority for maintenance of the system, policy and practices for storing records, and the title and business address of the agency official responsible for the records. A more detailed explanation of the notice follows.

The below-referenced Prefatory Statement of General Routine uses is found at 46 FR 63501-63502 (December 31, 1981).

The Department of Commerce finds no probable or potential effect of the proposal on the privacy of individuals. To minimize the risk of unauthorized access to the system of records, the PTO has located paper records in lockable file cabinets or in metal file cabinets in secured rooms or secured premises with access limited to those whose official duties require access. Electronic files are stored in secured premises with electronic access limited to those whose official duties require access.

Classification

Administrative Procedure Act: This notice is not subject to the notice and comment requirements of the Administrative Procedure Act, 5 U.S.C. 553(a)(2).

Executive Order 12866: This notice is exempt from review under Executive Order 12866.

Commerce/PAT-TM-16

System name:

USPTO PKI Registration and Maintenance System.

System location:

Office of Enrollment and Discipline, U.S. Patent and Trademark Office, 2011 Crystal Drive, Arlington, VA 22202; and Office of Information Systems Security, U.S. Patent and Trademark Office, 2121 Crystal Drive, Arlington, VA 22202.

Categories of individuals covered by the system:

Registered Attorneys and Agents; Employees of Registered Attorneys and Agents designated to hold a certificate; Independent Inventors; an Employees of the Patent and Trademark Office and other individuals who apply for the use of a digital certificate including Patent and Trademark Depository Library personnel, employees of other Intellectual Property Offices, and World Intellectual Property Organization.

Categories of records in the system:

Requester status, signature, name, address, registration number, telephone, facsimile, electronic mail, associated customer numbers, action requested (certificate application, certificate revocation or key recovery), reason for the request, sponsoring Attorney/Agency signature, Notary Public signature, trusted party signature, distinguished name, date of issuance, and expiration.

Authority for maintenance of the system:

5 U.S.C. 301 and 35 U.S.C. 6, 42(c).

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

See Prefatory Statement of General Routine Uses Nos. 1-5 and 9-13.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Paper records in file folder and electronic storage media.

Retrievability:

Filed by organizations; cross referenced for access by name, and where appropriate, customer number, employee number, issue, activity, or other unique variable information field.

Safeguards:

Building employ security systems. Records are maintained in areas accessible only to authorized personnel who are properly screened, cleared, and trained. Where information is retrievable electronically, all safeguards appropriate to secure the ADP telecommunications system (hardware and software) are utilized.

Retention and disposal:

Records retention and disposal is in accordance with the Office of Enrollment and Discipline Records Control Schedule.

System manager(s) and address:

Director, Office of Enrollment and Discipline, U.S. Patent and Trademark Office, Washington, DC 20231; Manager, Information Systems Security Division, U.S. Patent and Trademark Office, Washington, DC 20231.

Notification procedure:

Information may be obtained from: Director, Office of Enrollment and Discipline, U.S. Patent and Trademark Office, Washington, DC 20231; Chief Information Officer, U.S. Patent and Trademark Office, Washington, DC 20231. Requester should provide employee name and number, in accordance with the inquiry provisions of the Department's rules which appear in 15 CFR Part 4b.

Record access procedures:

Requests from individuals should be addressed to: Same address as stated in the notification section above.

Contesting record procedures:

The Department's rules for access, for contesting contents, and appealing initial determinations by the individual concerned appear in 15 CFR Part 4b. Use above address.

Record source categories:

Subject individual, those authorized by the individual to furnish information, and the individual's supervisors.