When EUIPO will join DAS for designs

· · Leave a comment

Well, folks, as I blogged here, the Offices that constitute the ID5 have one by one slowly made plans to become Depositing Offices and Accessing Offices in the DAS system.  And for some time now, the sole remaining ID5 Office that had not made any public statement about plans to join the DAS system was EUIPO.  The EUIPO has an Information Centre and every few months I make an inquiry to the Information Centre about this.  In February of 2019, this was EUIPO’s official answer:

Your question is being taken into consideration by the EUIPO. We’ll contact you as soon as we have a definitive answer.

Not having heard back, last week I made inquiry again at the the Information Centre.  And now I have received EUIPO’s official answer as to when it will join the DAS system for designs.  

Continue reading

How to get a decent PDF of a US design patent that is in color or grayscale

· · 3 Comments

As US patent practitioners know very well, the chief database used by USPTO personnel to carry out most patent prosecution (including design patent prosecution) is called IFW (image file wrapper).  Some nameless person at the USPTO made a decision back when IFW was being designed a decade ago, to make this a database in which no color or grayscale drawing would be displayed clearly.  Instead any color or grayscale drawing will get blurred, often to the point of unrecognizability.

Which then raises the question, how may a member of the public obtain a PDF copy of an issued US design patent that shows the actual color or grayscale drawings instead of the blurred non-color drawings of IFW? Continue reading

Better to use an RCE or a continuation?

· · 12 Comments

(Revised to include many excellent thoughts from readers.)

One of the nicest things about working with sophisticated patent firms in other countries is that they will ask questions about US practice that make me try to collect my thoughts about particular points of US practice.  I have a pending US case that has received an Advisory Action.  Instructing counsel, located in Europe, asked just now whether I thought it would be better to file an RCE or a continuation application in that case.  In this blog article I will try to list some of the factors that I think might nudge an applicant one way or the other on such a judgment call.

Continue reading

Followup on “why the check box doesn’t work”

· · 4 Comments

click to enlarge

Last week I posted a blog article in which I explained that I had figured out why the check box doesn’t work.  What USPTO says is that if you check the box, then for the next 24 hours you won’t have to do the two-step authentication.  What really happens is that this almost never works.  My explanation, as detailed in that blog article, is that there is a sneeze sensor in the software and if you have the bad luck to sneeze before your next login, this negates the effect of checking the box.

What is very sad about this situation with this poorly designed USPTO software is that judging from the reader comments and from other comments that I received privately, my explanation, which was intended to be humorous, was apparently no less plausible than whatever the (unknown to anyone outside of the USPTO) true explanation is.  Many people were taken in.

Yes that previous blog article was meant like a sort of April Fool’s Day article.

I dug around in my cookies and I found what I am confident is the cookie that supposedly protects the user from having to do two-factor authentication for 24 hours.  Here is an example of such a cookie:

Name: TwoFactorToken
Content:
LhRlmjFejO7oXhVAsL0ALTLakL0uoSU6EfdQF4vUl+VK+++CkALV+TY8/QuRgPUKmcphLj2KU1xKk+qPK6uvJXGVRLyRmF8UmY0CzjKGR7VJeamcI484moLcci/pqI41RVk4fdCJ5BjomIgoidqUP1n7n3XOd7/zhMXPlS1V0kzagVru9JSHfdSZVwUQDf6jDX4oEbDHDSCiaqACeUyxsGEwnY4Kjvv0egb6Wf7Rdq1uGGE8l4co+5EYlaPLBCt18L3ieisrgwMkRLo5pgJu8HQ3XTB+3+VSKU5F0iaYXsrkn5emalQXzqAVr2Ql+YWwyf3s5jaIac1rXngcFxcMXTm0sfsPHUOPKHPTUmbI0=
Domain: .uspto.gov
Path: /
Send for: Secure connections only
Accessible to script: Yes
Created: Monday, November 4, 2019 at 11:06:24 AM
Expires: Tuesday, November 5, 2019 at 11:06:24 AM

The cookie is called “TwoFactorToken”.  It expires 24 hours after being set.  Any second-level domain within “.uspto.gov” is able to retrieve the cookie.   Clearly USPTO encrypts the “content” field.  I consider it very likely that the way it works is this.

At the time the user checks the box, the USPTO script interrogates the user’s web browser asking for every possible piece of information that it can extract from the browser.   It turns out that any web site can ask your browser for quite a few things:

  • your operating system
  • your browser
  • what browser plugins you have installed
  • your display resolution
  • your battery level of charge
  • whether it is charging or not right now
  • your public IP address

The USPTO script might collect all of these things, combine it with the MyUSPTO user ID, generate a nonce, and assemble this into a data bundle.  The USPTO script would then encrypt the bundle, or extract a hash of the bundle, or encrypt a hash of the bundle, something like that.  And the result is put it into the cookie such as the one quoted above.  

Then of course you get a forced logout after 30 minutes.  So now it is time to log in again.  The USPTO system asks for your user ID and password, and then the USPTO system has to decide whether or not it will force you to go through the two-factor authentication again.  So it looks for the TwoFactorToken cookie.  If there is no such cookie, then you have to do the two-factor authentication.  If there is such a cookie, but it has expired, then you have to do the two-factor authentication.  If there is such a cookie and it has not yet expired, then the USPTO system asks your browser for all of these things:

  • your operating system
  • your browser and browser version
  • what browser plugins you have installed
  • your display resolution
  • your battery level of charge
  • whether it is charging or not right now
  • your public IP address

The USPTO system also looks to see what your user ID is that you are using to log in, and looks up the nonce that it stored in its local database relating to your user ID.  The USPTO then  then compares the answer that your web browser gave an hour ago with the answer that your web browser is giving right now.  

Common sense tells you that many of these things are very unlikely to have changed during the past hour.  Your operating system has probably not been upgraded during that time.  Probably you have not updated your browser during that time.  Maybe your list of installed plugins has not changed.

But your public IP address might well have changed.  This might be because you logged into or out of a VPN.  Or you physically moved from a Starbucks to your office.  Maybe just moving from one location in your office to another location in your office could lead to your having a different public IP address.  Moving from the secure network in your office to a guest network might well lead to a different public IP address.

And common sense tells you, the state of charge of your notebook computer battery is very likely to have changed during that hour.  You may have plugged in your charger, or you may have unplugged your charger.

Also consider that you might have changed your screen resolution during that hour.  By this we mean the screen resolution for the active window in your browser where the USPTO login was taking place.  You might have resized a browser window for example.

Worse yet, suppose the USPTO local database containing your nonce is flaky.  Suppose it often fails to respond promptly to a query from the login authentication software?  Suppose it sometimes forgets the nonce?

Depending on how poorly the USPTO selected what to load into the cookie, any change to any of the things just mentioned could conceivably make the poorly designed USPTO software decide that you need to log in the hard way again.  Maybe your battery ran down a bit during the past hour.  Maybe you resized a browser window.  Maybe you moved from your office to a Starbucks.  

Or depending on how poorly the USPTO designed the local database that stores the nonces, maybe that by itself would explain why the checkbox often fails to work.

e-filing at WIPO — back to normal

· · Leave a comment

For the past week the situation for e-filing at WIPO, for most people in the US, has been that the local time to e-file so as to get a same-day filing date in Switzerland has been different from usual.  (The reason for this is that a week ago, people in Switzerland turned their clocks back.) But as of today, people in the US have turned their clocks back.  So things are back to normal.

For example if you are in the Mountain time zone, once again as of today you will be counting toward 4PM local time to get a same-day filing date in Switzerland.  (For the past week the answer was 5PM.)

why the MyUSPTO check box doesn’t work

· · 10 Comments

click to enlarge

(I have posted a followup article.)

Hello readers who are in the US.  We all are familiar with this checkbox “this is a computer that I trust and use regularly”.  USPTO tells us that supposedly if we check this box, then for the next 24 hours we will be saved from the time-waste of having to do the two-step authentication.  This check box is super important given that a year or so ago the USPTO went against user wishes and shortened the forced-logout time interval from 60 minutes to a mere 30 minutes.  Anyway as readers know, this check box almost never actually works.  Finally today I figured out why it almost never works. Continue reading

Update: Status of ID5 Offices in DAS

· · 1 Comment

Let’s remind ourselves how the five biggest Offices for industrial design protection (called “ID5”) are coming along in terms of participation in the DAS system.  It is recalled that the DAS system permits the exchange and retrieval of electronic certified copies of priority documents.  So which Offices are trendy, modern, and up-to-date?  Which of the ID5 Offices have not yet joined DAS for designs?  Continue reading