It is astonishing that even now, in August of 2015, despite many warnings and requests from users over the span of several years, USPTO has not scrapped its Java applet. By this I mean the Entrust Java applet which USPTO forces customers to use to authenticate their logins at Private PAIR and EFS-Web. The most recent reminder of all of this is USPTO’s oddly worded “Third Notice”, an email alert on August 18, 2015 from the USPTO warning customers that time is running out for users of Chrome browsers. In September of 2015 (that is, during the next month) Chrome will stop supporting Java, meaning that users of Chrome will no longer be able to log in at Private PAIR or EFS-Web.
Until now I had sort of thought of Chrome as a relative newcomer among web browsers, and I had sort of assumed that most people still use Firefox and Microsoft Internet Exploder. Which got me wondering, how many USPTO customers use Chrome anyway?
USPTO’s not saying how many of its customers use Chrome. But I’d guess that the mix of visitors to my firm’s web site (www.oppedahl.com) is a fairly good predictor of the mix of visitors to the USPTO’s web site. So today for the first time in many months, I took at look at the web browser statistics for our web site, and I was a bit surprised by what I saw. It turns out (see graph above) that 49% of the visitors to our web site use Chrome.
This shows what big trouble USPTO is in. Even if the percentage of Chome users among USPTO’s customers is not as high as our 49%, it is surely substantial. And all of these customers will run into trouble in September when they find they can no longer log in at Private PAIR or EFS-Web.
Did Google ambush the USPTO about this change to Chrome? No. Google announced two years ago (in 2013) that Chrome would stop supporting Java in 2015.
And it is not as though Chrome is the only browser to stop supporting Java. The newly released Microsoft Windows 10 has as its native web browser a browser called Edge that has never supported Java and presumably never will.
I have warned the USPTO about this problem many times over the past several years, most recently in this blog in May of 2014 (see A reminder that USPTO needs to scrap the Entrust java applet for PAIR and EFS-Web posted May 29, 2014). But it’s not just me. Others have also discussed USPTO’s dependency upon Java for access to Private PAIR and EFS-Web, for example in 2012 (Intelproplaw forum, Kaplan IP law blog) and in 2013 (PatentlyO). USPTO’s own Ideascale system (a sort of online bulletin board in which USPTO solicits suggestions from customers) shows that customers warned USPTO about this problem some six months ago.
It is only a matter of time, of course, before the remaining browsers with meaningful market share (Internet Exploder, Firefox, and Safari) will likewise drop support for Java, due to the security and stability risks that it presents.
What is USPTO’s response to this imminent demise of Java? You might think that USPTO would pick a new authentication mechanism and announce a date by which it would be rolled out. Instead, the present public position of USPTO as communicated on USPTO’s web site is:
- USPTO is “closely monitoring for any changes”
- USPTO is “committed to keep the IP Community informed accordingly”
- USPTO is “investigating if there are possible strategies to mitigate the impact”
- USPTO is “working on a longer term plan”
That’s just not good enough. “Closely monitoring” and “keeping the IP Community informed” is not good enough. There is no need to “investigate” to see if there are “possible strategies to mitigate the impact”. Of course there are possible strategies, like scrapping the Java applet. And it’s not good enough to “work on a longer term plan”. What is urgently needed is a present-day plan.
I agree that it is crazy the USPTO is still using this out-dated system. However, there is a present day plan. It was announced a couple of weeks ago on the USPTO Director’s Forum: http://www.uspto.gov/blog/director/entry/modernization_of_electronic_patent_application. You can find a little bit more information about it here: http://www.uspto.gov/patent/emod or submit feedback, ideas for implementation, etc. here: http://uspto-emod.ideascale.com/.
Interestingly, the Edge browser for the new Windows 10 cannot be used for current USPTO authentication. Firefox supports the Java NPAPI but calls it a legacy technology, and who knows how long it will still support it. The USPTO should really have been on top of this before getting so dangerously close to locking out all practitioners.
Wow what is described there is most definitely not a “present-day plan”. It says an “initial pilot program” is “anticipated to start” in the summer of 2016. Some time later a production system would be developed and would be “implemented in phases over the next few years”. Once the production system was “completed” it would “replace our current EFS-Web, Public PAIR, and Private PAIR.”
That’s not even remotely adequate. What needs to happen approximately tomorrow is USPTO scrapping the Entrust Java Applet and rolling out a simple off-the-shelf two-factor authentication system. I will blog about this soon.
Just a heads up–Firefox has announced it will drop support for NPAPI sometime before the end of 2016: https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
A number of other alternative browsers, such as Opera, Torch, etc. are based on Chromium, similar to Chrome, and are losing support as well. I’m not sure what the plans are for Internet Explorer, but Microsoft is clearly moving forward with Edge instead, at least for Windows 10, and Edge does not support NPAPI (IE is installed on W10, however).
We could be in a pickle long before even the limited private beta of the new filing system is available, let alone the public release which will be years from now.
Our firm is currently struggling to log in. Every day is different. A browser that worked yesterday, doesn’t work today. I’m thinking we need to keep a couple of legacy computers, one Mac, one PC, so that we can still log in. As a side note, the PC laptop that I loaded with Ubuntu graphical linux is blazing fast and connects with no problems. Maybe we should all switch to Ubuntu OS? This is nuts.
I agree, this is urgently needed. Can’t believe this is not more highly ranked on the USPTO eMod feedback page. PLEASE CLICK, register, and upvote this basic, basic request.
http://uspto-emod.ideascale.com/a/dtd/Eliminate-Digital-Certificates-Use-Modern-2-Factor-Auth/498276-31593#idea-tab-comments
Update: Firefox just dropped support for Java. On most of my computers, the new way to login doesn’t work either. Make sure not to let your Firefox update! I tried rolling it back, and it still says Java isn’t enabled.