The U.S. Patent and Trademark Office (USPTO) began issuing digitally signed electronic registration certificates in lieu of the traditional paper (printed) ones starting May 24. Here’s how PKI streamlines the traditional trademark process and protects certificate integrity
Did you know that as of December 2021, the U.S. Patent and Trademark Office issued upwards of 468,000 printed trademark certificates each year (i.e., up to 9,000 per week)? As you can imagine, this was a time-consuming and costly process that resulted in a lot of paper being used in a time of paper shortages. And those paper copies were only accessible to people who were in the physical location where the certificates were stored.
To streamline this process and move the federal agency closer to its goal of implementing end-to-end electronic processing, the USPTO office decided to take the plunge and move toward an electronic issuance system. Starting May 24, 2022, the trademark office took it a step further and made it so that all new trademark certificates are not only issued electronically, they’re also digitally signed using public key cryptography.
But what does this change mean for trademark applicants, holders, and attorneys, particularly with regard to digital security?
Let’s hash it out.
Why This Change Matters to You (Or, Perhaps, Doesn’t)
If you’re not sure why we’ve written an article regarding changes to the trademark certificate issuance processes on Hashed Out, the answer is two-fold:
- We like to keep you abreast of new, important, and interesting changes relating to data security, digital cryptography, and cyber security. Any time a large organization like the USPTO takes a big leap and switches from a legacy system to a modern PKI-based system, it’s a big deal… and there are lessons we can all learn and apply in our own organizations and industries.
- Trademarked logos are a requirement of verified mark certificates (VMCs). These are PKI-based digital certificates that companies use to display their verified, trademarked logos in recipients’ email inboxes.
The first reason is pretty obvious and will be covered more throughout the article. But allow me a moment to explain the latter:
VMCs work hand-in-hand with brand indicators for message identity (BIMI), which is an open standard that allows you to display your verified logo. Several big players — including Gmail — require organizations to have VMCs to display their trademarked, verified BIMI logos. This digital certificate for your trademarked logo proves that you own it and that the logo in question hasn’t been altered in any way.
Displaying a verified logo in customers’ inboxes looks like this:
To learn more about how VMCs and BIMI help brand your mail, be sure to check out our article that dives into all of that at length.
Now that we have that information out of the way, let’s get back to the main topic at hand: what the change means and why beneficial to your trademark security and brand reputation.
A Quick Look at What This Change in Certificate Issuance Entails
The U.S. Patent and Trademark Office officially rolled out its new process of automatically issuing electronic versions of their trademark registration certificates in lieu of paper ones starting May 24. (These are the certificates you receive whenever you register an approved trademark, such as your company’s official logo.) But what makes these different from the electronic certificates they’ve already been keeping on file in the database is that they are digitally signed using public key infrastructure, or PKI (more on that later).
Historically, when trademark applicants filed their applications, they received physical copies of their trademark certificates. The agency created the Trademark Electronic Application System (TEAS) to help bring the agency into the modern age by allowing applicants to file their applications electronically. The Trademark Status and Document Retrieval (TSDR) system soon followed, and this database has since served as a means for trademark owners (and the general public) to access issued certificates electronically.
But since the certificates were available to everyone as PDFs, which could be downloaded and altered (more on that in a moment), it means that trademark infringers could use a modified version of your legitimate trademark certificate to carry out illegal activities.
Back in December 2021, the USPTO issued a notice (86 FR 71249) in the Federal Register (the U.S. federal government’s daily journal). This release shared that the change would be coming in late spring 2022 and provided some contextual information about what it entails.
We asked Angela Langlotz, a trademark and copyright attorney based in Dallas, Texas, what this change means for trademark practitioners and owners and how she feels about it. Langlotz has been working as an attorney since 1999, starting out in family wealth planning before moving into copyright and trademark law in 2006. She runs trademarkdoctor.net and has a YouTube channel where she publishes videos on trademark and copyright law.
“Yeah, I am excited about the opportunity for people to better police their trademarks and better enforce their trademarks,” says Langlotz, who adds that it’s important to not only register your brand but also to police your trademark once registration is complete.
“Sometimes, it’s really difficult to get an infringer to stop who’s hosting on someplace like eBay or Etsy or Amazon, even. Because those platforms make money when people sell stuff. And it doesn’t matter if the infringer is selling or the real trademark owner is selling, they still make money. So, there’s zero incentive for them to take down any infringing products. And I think there needs to be greater penalties for these platforms that do that.”
What It Looks Like When You View an Unsigned Trademark Certificate PDF
Let’s do a quick check of what it looks like when you download a USPTO Trademark Certificate for a trademarked logo. Let’s use Disney+ as a quick example:
As you can see in the screenshot above, the PDF displays the trademark certificate’s information, but it doesn’t include any cryptographic elements that verify the certificate is legitimate, or that it hasn’t been altered since it was created. This means that anyone could have created or modified the PDF and you’d never know it. That’s why the new USPTO PDFs use digital signatures (we’ll show an example below).
“The fact that the digital certificate is authenticated makes a big difference because, otherwise, all I have is this PDF […], and a PDF can be altered,” says Langlotz. “But if it’s a digitally authenticated certificate, then that’s different because my understanding is that the PDF can’t be altered if it’s got the Adobe authentication digital stamp on it.”
Here’s a quick side-by-side comparison of an unsigned trademark certificate to show you how easy it is to modify unsigned PDFs. On the left is a screenshot of the altered company information. On the right is a screenshot of the original, unaltered company information:
As you see, I was able to change Disney’s company information to the address of my choice because it is an unsigned certificate. This means that if I was a bad guy, I could download the certificate from the USPTO database, alter the information, and pretend that the trademark is owned by my company. If I then sent the certificate to you, you might never realize that anything is hinky.
Obviously, trying to impersonate Disney might be harder than other smaller, lesser-known brands, but you get the point of what we’re trying to convey here. If a PDF is signed using a document signing certificate (like the USPTO is now doing will all new trademark certificate PDFs), it’s locked to prevent unauthorized users (i.e., anyone other than the original signer) from making changes to the document after it’s signed. That’s because it uses hashing to help protect the integrity of the file data.
If you try opening the file in Adobe Acrobat and hit Edit PDF, you’ll see the following message display:
What It Looks Like When You See a Digitally Signed Trademark Certificate PDF
Langlotz describes digital signatures as being the digital version of a notary stamp: you can bring it to the notary and ask them to authenticate the document. They’ll be able to look at the document you provide and tell you whether it’s genuine.
“There are ways to authenticate documents, and this is a way to authenticate documents that makes it a lot easier for people to know that this is the authentic document and it hasn’t been altered,” she says.
Now, let’s compare the Disney+ certificate you saw earlier to one that’s digitally signed using public key cryptography:
See the difference? In the AQUASHIELD screenshot above, you have a slew of other options available in a Signature Panel. This panel showcases information relating to the organization that created and digitally signed the certificate. For example, when you right-click on the top option (Rev. 1: Signed By United States…) and select Validate Certificate, you’ll see the following message appear:
Now, if you select Show Signature Properties in the drop-down menu that appears, you’ll see the following information:
This screenshot shows:
- Certificate has been digitally signed and timestamped by the United States Patent and Trademark Office on May 19, 2022 at 11:05:28.
- The digital signature of the document signer is valid
- The signer’s digital certificate hasn’t been revoked.
- The certificate itself hasn’t been altered since it was digitally signed (i.e., your device confirms that the hash digest matches on the back end).
To view additional, more technical information, select Show Signer’s Certificate. This will bring up the Certificate Viewer window, where you can flip through various tabs of information to learn more about the certificate, its issuer (the certificate authority that issued it), the subject it as issued to (USPTO), and what cryptographic processes were used to create and verify the digital signature.
The Disney+ trademarked logo certificate we showed you earlier didn’t provide any of these cryptographic security or identity verification elements.
Does This Mean That Issued Paper Trademark Certificates Are Gone for Good?
No, absolutely not. The change in the process just means that the go-to format for issuing certificates will be electronic instead of paper, and that the certificates will be digitally signed. You’ll still have the option of getting a paper copy of your trademark certificate:
- Trademark owners who filed their initial applications prior to the change’s implementation date can request free paper presentation copies of their certificates. (This first registration page is printed on stock paper, features the organization’s official gold foil seal, and includes information about the trademark, its owner, and other essential information.)
- Those who filed on or after that same date will have to purchase physical presentation copies of the documents for $25 apiece through the TEAS.
How the New Electronic Trademark Certificate Issuance Process Will Work
Under the new system, trademark registration applicants file their applications and registrations online via the TEAS. The applications undergo their individual review processes and, once approved, the certificate is digitally signed by USPTO using a digital signature algorithm and cryptographic key pair.
After this point, once the certificate is digitally signed and uploaded to the USPTO TSDR database, trademark owners can access their PDF certificates online. Or, in the case of a copyright and trademark attorney like Langlotz, she’ll send the digitally signed certificate to you via email once the registration process is complete.
According to the USPTO, which issued an official notice about its move to issuing electronic trademark certificates (87 FR 25623) on May 2:
“[…] the USPTO will issue the registrations electronically under the electronic signature of the Director and with a digital seal, which will authenticate the registration. The USPTO will upload the official registration certificate to the TSDR database, and an electronic notice will be emailed to the trademark owner and all email addresses of record with a link to access the certificate upon issuance. Posted with the electronic registration certificate will be information regarding registration maintenance requirements pursuant to sections 8 and 71 of the Trademark Act of 1946. 15 U.S.C. 1058, 1141(k).”
Why the Change Came About in the First Place
In its May 2 notice, the USPTO stated that the change was a response to public comments and customer requests for digital alternatives to traditional paper certificates. Basically, trademark applicants and holders were looking for ways to make the process more efficient and gain access to their certificates more quickly.
Issuing cryptographically signed PDFs (in lieu of traditional paper certificates) offers several key benefits both for the issuing agency and trademark holders:
- Provides trademark owners (and the general public) greater accessibility to certificates.
- Reduces waiting periods for trademark owners to receive their certificates since they can access them electronically through the TSDR. This means they no longer have to wait for a physical document to arrive in the mail.
- Moves the federal agency a step closer to being more environmentally friendly in their operations.
- Provides a way for users to verify that the certificate is authentic (i.e., was issued by the USPTO).
- Offers a way to electronically verify the certificates’ integrity to know it hasn’t been modified since the USPTO signed it.
The USPTO published a piece in the U.S. federal government’s daily journal (Federal Register) on May 2, 2022, stating that the change in the trademark registration certificate issuance process would take place Jun 7, 2022. However, the deadline moved ahead of schedule due to “a nationwide shortage of specialized paper” and issues relating to disruptions with vendors.
But this move from paper to digitally signed PDF certificate issuance also has some positive effects for trademark pros like Langlotz.
“It’s actually kind of a relief for me,” says Langlotz, who describes herself as having a love-hate relationship with paper. She receives a notification that her client’s cryptographically signed trademark certificate has been issued, and she can send the certificate to the client via email. This means she doesn’t have to worry about managing a bunch of paper certificates for clients or having to try to track down clients who may have moved sometime after the trademark application process started.
“For practitioners, it makes it a lot easier. And then for the trademark owner, it makes it a lot easier as well. Because you know where you can find it, right?” Whether you store it in Google Drive or another cloud platform, you’ll always have rapid access to it without having to hunt it down in an online database.
Of course, changing from paper-based processes to electronic is part of the natural evolution of practices in the modern digital age. Such a move should be expected in a time when we have near-instantaneous communications and the ability to transmit data globally — so long, of course, as there are processes in place that ensure the integrity and security of the transmitted data. This is where public key infrastructure (PKI) comes into play.
The Role of PKI In These New Electronic Trademark Certificates
Public key infrastructure is the framework of technologies, processes and policies that makes security in insecure channels possible. The idea here is that a publicly trusted third party (known as a certificate authority, or CA) issues digital certificates as a way to authenticate websites, organizations or individuals (depending on the type of certificate in question).
For document signing certs, which is what these USPTO changes would rely on, a third party first has to verify the authenticity of the organization requesting the certificate. To do this, they verify information via official third-party sources and provided documentation. Once the requestor’s identity is verified, they can issue the certificate, which has the requestor’s information contained within the certificate (and that info is also tied to the certificate’s public-private key pair).
This way, when someone downloads your trademark certificate from the USPTO’s database, they can verify the certificate’s digital signature (in the same way I showed you earlier) and verify its authenticity. If someone tries to modify the certificate in any way once it’s signed, it’ll change the certificate’s hash value. If the hash doesn’t match, a warning message will display that indicates there’s an issue.
Final Thoughts on the USPTO’s Trademark Cert Issuance Changes
The U.S. Patent and Trademark Office’s move to using PKI-based digital signatures for the trademark certificate PDFs they issue is wise (so long as the organization’s signing certificates and their private keys are properly managed). We’re operating in a time when people want to have access to important documents and resources as quickly as possible. That rapid access also provides several security controls and benefits, so long as the new system is securely managed.
If organizations and government agencies like USPTO don’t have the appropriate security measures in place to validate the authenticity of their digital assets and files, then it can spell disaster. By using cryptographic processes (hashing and encryption to form a digital signature) and adding identity to the equation, the USPTO is helping trademark owners and other users verify their certificates’ authenticity. This way, there’s no question about whether your trademark’s registration certificate is genuine.