Effective Date: January 13, 2005

SYSTEM NAME:

USPTO Security Access Control and Certificate Systems.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATIONS:

IT Security Program Office, United States Patent and Trademark Office, Madison Building West-Room 5A29, 600 Dulany Street, Alexandria, VA 22314.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

USPTO employees, contractors, and other affiliates requiring PKI-authenticated access to USPTO electronic assets including the network, desktops, and laptops.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system contains information needed to establish identity, accountability, and audit control of digital certificates issued by the new USPTO internal PKI that have been assigned to personnel who require access to USPTO electronic assets, including the USPTO network, as well as those who transmit electronic data that requires the protection of PKI security services. The records are created and maintained to provide assurance that the digital certificates are issued and delivered to the correct individual, who typically has been issued a smart card by the USPTO Office of Security.

Records may include the individual's name; organization; work telephone number; social security number; driver's license number; passport number; date of birth; employee number; smart card serial number; work e-mail address; status as an employee, contractor or other affiliation with the USPTO; title; home address and phone number.

Records also include information on the creation, renewal, replacement or revocation of digital certificates, including evidence provided by applicants for proof of identity and authority, sources used to verify an applicant's identity and authority, and the certificates issued, denied and revoked, including reasons for denial and revocation.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301; 35 U.S.C. 2; the Electronic Signatures in Global and National Commerce Act, Pub. L. 106-229; and E.O. 9397.

PURPOSES:

To improve security for USPTO electronic assets; to maintain accountability for issuance and disposition of security access; to maintain an electronic system to facilitate secure on-line communication between Federal automated systems, between Federal employees or contractors, and with the public, using digital signature technologies to authenticate and verify identity; to provide a means of access to USPTO electronic assets including the USPTO network, desktops, and laptops; and to provide mechanisms for non-repudiation of personal identification and access to sensitive electronic systems, including but not limited to human resource, financial, procurement, travel and property systems, as well as systems containing information on intellectual property and other mission critical systems. The system also maintains records relating to the issuance of digital certificates utilizing public key cryptography to employees and contractors for the transmission of sensitive electronic material that requires protection.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

See Prefatory Statement of General Routine Uses Nos. 1-13, as found at 46 FR 63501-63502 (December 31, 1981):

1. In the event that a system or records maintained by the Department to carry out its functions indicates a violation or potential violation of law or contract, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute or contract, or rule, regulation, or order issued pursuant thereto, or the necessity to protect an interest of the Department, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, state, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute or contract, or rule, regulation or order issued pursuant thereto, or protecting the interest of the Department.

2. A record from this system of records may be disclosed, as a routine use, to a Federal, state or local agency maintaining civil, criminal or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to a Department decision concerning the assignment, hiring or retention of an individual, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit.

3. A record from this system of records may be disclosed, as a routine use, to a Federal, state, local, or international agency, in response to its request, in connection with the assignment, hiring or retention of an individual, the issuance of a security clearance, the reporting of an investigation of an individual, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

4. A record from this system of records may be disclosed, as a routine use, in the course of presenting evidence to a court, magistrate or administrative tribunal, including disclosures to opposing counsel in the course of settlement negotiations.

5. A record in this system of records may be disclosed, as a routine use, to a Member of Congress submitting a request involving an individual when the individual has requested assistance from the Member with respect to the subject matter of the record.

6. A record in this system of records which contains medical information may be disclosed, as a routine use, to the medical advisor of any individual submitting a request for access to the record under the Act and 15 CFR Part 4b if, in the sole judgment of the Department, disclosure could have an adverse effect upon the individual, under the provision of 5 U.S.C. 552a(f)(3) and implementing regulations at 15 CFR 4b.26.

8. A record in this system of records may be disclosed, as a routine use, to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A-19 at any stage of the legislative coordination and clearance process as set forth in that Circular.

9. A record in this system of records may be disclosed, as a routine use, to the Department of Justice in connection with determining whether disclosure thereof is required by the Freedom of Information Act (5 U.S.C. 552).

10. A record in this system of records may be disclosed, as a routine use, to a contractor of the Department having need for the information in the performance of the contract, but not operating a system of records within the meaning of 5 U.S.C. 552a(m).

12. A record in this system may be transferred, as a routine use, to the Office of Personnel Management: for personnel research purposes; as a data source for management information; for the production of summary descriptive statistics and analytical studies in support of the function for which the records are collected and maintained; or for related manpower studies.

13. A record from this system of records may be disclosed, as a routine use, to the Administrator, General Services Administration (GSA), or his designee, during an inspection of records conducted by GSA as part of that agency's responsibility to recommend improvements in records management practices and programs, under authority of 44 U.S.C. 2904 and 2906. Such disclosure shall be made in accordance with the GSA regulations governing inspection of records for this purpose, and any other relevant (i.e. GSA or Commerce) directive. Such disclosure shall not be used to make determinations about individuals.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Not applicable.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Records are stored as electronic media and paper records.

RETRIEVABILITY:

Records are retrieved by individual's name, social security number, employment status, organization and/or security access badge number.

SAFEGUARDS:

Entrance to data centers and support organization offices is restricted to those employees whose work requires them to be there for the system to operate. Identification cards are verified to ensure that records are in areas accessible only to authorized personnel who are properly screened, cleared, and trained. Disclosure of electronic information through remote terminals is restricted through the use of passwords and sign-on protocols that are periodically changed. Reports produced from the remote printers are in the custody of personnel and financial management officers and are subject to the same privacy controls as other documents of like sensitivity.

Digital certificates ensure secure local and remote access and allow only authorized employees, contractor employees, or other affiliated individuals to gain access to federal information assets available through secured systems access.

Access to sensitive records is available only to authorized employees and contractor employees responsible for the management of the system and/or employees of program offices who have a need for such information. Paper records are maintained in locked safes and/or file cabinets. Electronic records are password-protected or PKI-protected. During non-work hours, records are stored in locked safes and/or cabinets in locked rooms.

RETENTION AND DISPOSAL:

The records on government employees and contractor employees are retained for the duration of their employment at the USPTO. Other individuals' records are kept for the duration of their affiliation with the USPTO and then treated as employee records. The records on separated employees are destroyed or sent to the Federal Records Center in accordance with General Records Schedule 18.

SYSTEM MANAGER(S) AND ADDRESS:

Director, IT Security Program Office, United States Patent and Trademark Office, Madison Building West-Room 5A05, 600 Dulany Street, Alexandria, VA 22314.

NOTIFICATION PROCEDURE:

Information may be obtained from either the Director, IT Security Program Office, United States Patent and Trademark Office, Madison Building West-Room 5A05, 600 Dulany Street, Alexandria, VA 22314; or the Chief Information Officer, United States Patent and Trademark Office, P.O. Box 1450, Alexandria, VA 22313-1450. Requesters should provide the appropriate information in accordance with the inquiry provisions appearing at 37 CFR Part 102 Subpart B.

RECORD ACCESS PROCEDURES:

USPTO employees wishing to inquire whether this system of records contains information about them should contact the system manager indicated. Individuals must furnish their full names for their records to be located and identified. See "Notification procedure" above.

CONTESTING RECORD PROCEDURES:

USPTO employees wishing to request amendment of their records should contact the system manager indicated. Individuals must furnish their full names for their records to be located and identified. See "Notification procedure" above.

RECORD SOURCE CATEGORIES:

The information contained in these records is provided by or verified by the subject individual of the record, supervisors, other personnel documents, and non-Federal sources such as private employers.

SYSTEM EXEMPTIONS FROM CERTAIN PROVISIONS OF THE ACT:

None.

FEDERAL REGISTER HISTORY:
69 FR 74500	December 14, 2004	Notice of Proposed New Privacy Act System of Records

Return to top