Security and Authentication

(@dblagent007)

Security and Authentication

Eliminate Digital Certificates - Use Modern 2-Factor Auth.

Eliminate the digital certificates and Entrust Java applets in favor of using modern two-factor authentication methods. Here is a good blog post explaining why. http://blog.oppedahl.com/?p=226 Another reason to get rid of the Entrust java system is that many browsers will stop supporting plugins like java that are required for the entrust system to work. For example, Chrome will disable support for the java plugin in ...more »

Voting

39 votes
42 up votes
3 down votes
Active
(@sonya.mazumdar)

Security and Authentication

Identity Authentication

The eMod team is looking into ways to update the authentication process, while still maintaining useful features (i.e. multiple users accessing a single account or one user accessing multiple accounts). What do you like/dislike about the current identity authentication process?

Voting

22 votes
22 up votes
0 down votes
Active
(@voconnor)

Security and Authentication

Staff login/easier way to swtich between certificate users?

At our firm, our staff is the one that logs in on behalf of the attorney (we do the certification thing) and they do the uploading and submitting of any filings. One of the biggest complaints among the staff is having to log in as one attorney, submit their filing, and then log out/in when they have a filing for another attorney so that they can submit it under the different attorney's certificate. I feel that there ...more »

Voting

45 votes
47 up votes
2 down votes
Active
(@eherring)

Security and Authentication

Assignment E-Filing

Currently when e-filing an Assignment you are only required to enter the Application #. This is a major flaw because there are instances where there was a typo in the Application # and the Assignment was uploaded to the wrong Application. The confirmation # should also be required for e-filing an Assignment to ensure accuracy. There should also be a better view of the uploaded documents, so that the documents can ...more »

Voting

37 votes
38 up votes
1 down votes
Active
(@rdowns)

Security and Authentication

Recommend removing reCAPTCHA for login scheme

Recommend removing reCAPTCHA and retain two factor authentication for new login scheme or EFS and PAIR. The new PTO login scheme requires dual factor authentication and a reCAPTCHA. The dual factor authentication provides unauthorized login protection, while the reCAPTCHA is intended to prevent automation. The current PTO login scheme that is being depreciated supports automation and the PTO has stated they plan to ...more »

Voting

18 votes
18 up votes
0 down votes
Active
(@david.boundy)

Security and Authentication

Turn off password expiration for MyUSPTO.gov

Get rid of the expiration on passwords on MyUSPTO -- a good password that isn't reused across multiple platforms can be permanent. Is this solving a genuine and identifiable problem? No. Is there any conceivable way that a bad guy could get into uspto.gov and, for example, expropriate money from one of the credit cards? NO!!! The only payee is the uspto! Nobody's going to hack into a MyUSPTO account to when he/she ...more »

Voting

21 votes
21 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Eliminate Two-Step Authentication for MyUSPTO

Two-step authentication was not always required in the past for logging into MyUSPTO. With the issue of not being able to retrieve code emails today, it seems smart for the Office to eliminate any requirement for two-step authentication at the MyUSPTO login stage. Instead, require the two-step authentication when the user attempts to access a secure system for the first time. For example, the first time someone clicks ...more »

Voting

6 votes
8 up votes
2 down votes
Active

Security and Authentication

Allow Users to Set a Timeout Period

Often, sometimes seemingly random, EFS or PAIR automatically logs the user out. It would be helpful to allow a user to set an inactivity period for automatic logout. When filing multiple papers in a single day, the time between submissions is often greater than the automatic time out period. This requires multiple logins and two-factor authentications (as selecting the checkbox for a trusted computer does nothing). ...more »

Voting

13 votes
13 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Create Designated Administrators by Domain Address

Now more than before we need the ability to identify at least three (3) administrators that can conduct additions and removal by domain address. Since USPTO.gov accounts are used to access secure USPTO systems, this seems a valid possibility when a specific domain is used for account names. For example, our practitioners and employees all have accounts under their firm email address so the domain is the same for everyone. ...more »

Voting

14 votes
14 up votes
0 down votes
Active
(@reneeo)

Security and Authentication

Notification of pending sponsorship request

I sent 3 sponsorship requests to my practitioner today. She received no notification that she had pending requests to review. It wasn't until we went to the sponsorship tool logged in as her that she saw that she had 3 pending requests. I believe the practitioners have no reason to access the sponsorship tool on a regular basis so they'd have no way of knowing they have pending requests. I suggest that a notification ...more »

Voting

15 votes
15 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Certified Copy Center - Entitlement Document?

Kudos for converting the system for ordering certified copies. There is a major flaw in the system when you require users to log in using their USPTO.gov account. The flaw is that the system requires one or more entitlement documents before a user can proceed. This is a flaw because practitioners associated with customer numbers have access to unpublished applications, and the staff the sponsor do as well. Why require ...more »

Voting

4 votes
4 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Allow Password Change for USPTO.gov Accounts

Restricting the ability of users to change the email address associated with their USPTO.gov account is not optimal. People move from company to company, firm to firm, and will need to use their business email address as their account address. It is not practical to require users to contact the Office to make a change that should be allowed electronically. The Office already requires users to change their password ...more »

Voting

13 votes
13 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Add Role Permissions to Sponsorship Tool

Removing sponsored staff when they leave a firm is an urgent task and cannot always wait for practitioners to have time to complete the process. Alleviate this burden by including in the Sponsorship Tool a feature to allow for assigning different levels of security like in Financial Manager. A practitioner would designate one or more sponsored staff as administrators to manage sponsorship changes from the staff's own ...more »

Voting

10 votes
10 up votes
0 down votes
Active
(@dphipps)

Security and Authentication

Back-up Access for USPTO.gov Urgently Needed

The ability to log in to Private PAIR and EFS-Web using a PKI was unavailable on May 30 and 31. On May 31 the USPTO.gov login suddenly failed. Yes, filings can be made through other means such as the EFS-Web contingency system, fax (not applications), mail, and hand delivery (for those with direct PTO access). What cannot be done is any other function that the USPTO.gov account provides access to such as sponsorship ...more »

Voting

3 votes
3 up votes
0 down votes
Active