Security and Authentication

Campaign: Security and Authentication

Turn off password expiration for MyUSPTO.gov

Get rid of the expiration on passwords on MyUSPTO -- a good password that isn't reused across multiple platforms can be permanent. Is this solving a genuine and identifiable problem? No. Is there any conceivable way that a bad guy could get into uspto.gov and, for example, expropriate money from one of the credit cards? NO!!! The only payee is the uspto! Nobody's going to hack into a MyUSPTO account to when he/she ...more »

Submitted by (@david.boundy)

Voting

15 votes
15 up votes
0 down votes
Active

Campaign: Security and Authentication

Establish Patent Center inactivity timeout to 30 minutes

Due to updated NIST guidelines, the USPTO plans to set the user inactivity timeout to 30 minutes in Patent Center. After 25 minutes of user inactivity, Patent Center will prompt you to continue with the authenticated session. If you do not confirm that that you want to continue, your session will terminate in order to protect your patent application data. In most cases, to sign back in after a timeout, you would only ...more »

Submitted by (@amy.stevens)

Voting

-13 votes
1 up votes
14 down votes
Active

Campaign: Security and Authentication

Portal to send password to open an encrypted file before meeting

Perhaps a secure portal could be added through which an applicant or applicant's representative can send an examiner a password to open an encrypted file containing claim drafts or other material before an interview meeting. The portal would not burden an examiner with any messages or e-mail, but would contain only a password and would indicate the type of file that would later arrive by e-mail or file-sharing platform. ...more »

Submitted by (@communitymember)

Voting

-6 votes
0 up votes
6 down votes
Active

Campaign: Security and Authentication

Administration and Authentication

We should be able to appoint administrators of the customer number, who would be able to make changes to the staff associated with the attorneys/agents sign-ins.

Submitted by (@bkorte)

Voting

4 votes
5 up votes
1 down votes
Active

Campaign: Security and Authentication

Administration for authentication

If attorneys/agents must add the paralegals authorized to sign-in to their account, they should also be able to appoint a non-attorney/agent administrator or administrators, who can remove paralegals for them.

Submitted by (@bkorte)

Voting

3 votes
4 up votes
1 down votes
Active

Campaign: Security and Authentication

Assignment E-Filing

Currently when e-filing an Assignment you are only required to enter the Application #. This is a major flaw because there are instances where there was a typo in the Application # and the Assignment was uploaded to the wrong Application. The confirmation # should also be required for e-filing an Assignment to ensure accuracy. There should also be a better view of the uploaded documents, so that the documents can ...more »

Submitted by (@eherring)

Voting

37 votes
38 up votes
1 down votes
Active

Campaign: Security and Authentication

Eliminate Digital Certificates - Use Modern 2-Factor Auth.

Eliminate the digital certificates and Entrust Java applets in favor of using modern two-factor authentication methods. Here is a good blog post explaining why. http://blog.oppedahl.com/?p=226 Another reason to get rid of the Entrust java system is that many browsers will stop supporting plugins like java that are required for the entrust system to work. For example, Chrome will disable support for the java plugin in ...more »

Submitted by

Voting

35 votes
38 up votes
3 down votes
Active

Campaign: Security and Authentication

Cryptographic Public Private Key in lieu of JAVA enabled EFS

Java EFS file seems problematic and regularly crashes. Updating JAVA for other web applications can impair EFS authentication. Could switching to a private pubic key system, with unique keys generated for each unique user solve this problem? Is there a better way to get around the refs file?

Submitted by (@ben000)

Voting

16 votes
17 up votes
1 down votes
Active

Campaign: Security and Authentication

Identity Authentication

The eMod team is looking into ways to update the authentication process, while still maintaining useful features (i.e. multiple users accessing a single account or one user accessing multiple accounts). What do you like/dislike about the current identity authentication process?

Submitted by (@sonya.mazumdar)

Voting

22 votes
22 up votes
0 down votes
Active

Campaign: Security and Authentication

Staff login/easier way to swtich between certificate users?

At our firm, our staff is the one that logs in on behalf of the attorney (we do the certification thing) and they do the uploading and submitting of any filings. One of the biggest complaints among the staff is having to log in as one attorney, submit their filing, and then log out/in when they have a filing for another attorney so that they can submit it under the different attorney's certificate. I feel that there ...more »

Submitted by

Voting

44 votes
46 up votes
2 down votes
Active