If you wish to use PAIR or ePave, you need to be able to use USPTO/Direct. Potential users of USPTO/Direct may, however, find that they are unable to get it to work, beause the designers of USPTO/Direct use obscure port numbers that are closed in many security firewalls.

Here is the latest word on USPTO/Direct port numbers, from USPTO Today, September/October 2001. You can see the original at http://www.uspto.gov/web/offices/ac/ahrpa/opa/ptotoday/sept-oct2001.pdf, page 12.

Of course the real problem here is that the USPTO selected obscure port numbers for these functions. The USPTO should have used everyday port numbers such as port 80 (the port used by all normal web sites). All firewalls, and all proxy servers, permit data to pass over port 80, since everybody needs to be able to reach normal web sites. There is simply no good reason why the USPTO had to use such obscure port numbers.

If you are unable to get USPTO/Direct because your firewall or proxy server blocks port 443, this documentation from the USPTO will help only if (a) your firewall or proxy server happens not to block ports 389 and 709, or (b) you are able to persuade your system administrator to remove the block on ports 389 and 709. But (a) is unlikely to happen -- if your system administrator blocks port 443, then your system administrator probably blocks almost all ports except a small handful such as the highly standardized port 80, and the blocking is going to include blocking of ports 389 and 709. Likewise (b) isn't really very helpful -- if you somehow have the ability to persuade your system administrator to open the blocking of ports 389 and 709, then you probably likewise have the ability to persuade your system administrator to open the blocking of port 443.

Nonetheless, if you aren't able to use USPTO/Direct because of a firewall or proxy server issue, it is conceiveable that changing the port numbers might help, so here is what the USPTO says:


The USPTO/Direct client requires the ability to directly communicate with special USPTO Internet servers using TCP/IP port 443 at each login and during the creation, recovery,or update of a profile. These servers are part of the USPTO’s Public Key Infrastructure,or PKI, that manages the digital certificates issued by the USPTO. It is important to note that for these operations, the USPTO/Direct client does not use the proxy settings of your browser. If direct access to servers (through a firewall or proxy) using port 443 is prohibited in your environment, see TCP/IP port requirements for USPTO/Direct below.

Alternate ports supported by USPTO/Direct

By default, the USPTO/Direct client is configured to use TCP/ IP port 443 for communications with the USPTO ’s PKI servers. TCP/IP port 443 was chosen as the default because in network environments where firewalls are in use,client workstations are normally allowed to access servers on the Internet using this port. However,in environments where proxy servers are used, or a combination of firewall and proxy server, it is often undesirable to enable direct communication on port 443 through the firewall. For this reason, the USPTO Direct client may be configured to use an alternate set of ports for communicating with the USPTO’s PKI servers. These alternate ports are port 389 for communicating with the USPTO’s Directory servers, and port 709 for the Certificate Authority. To configure USPTO/Direct to use these ports, make the following changes to the entrust.ini file located in the C:\Program Files\USPTO directory:

Change: To:
[Entrust Settings] [Entrust Settings]
ClientType=Heavy ClientType=Heavy
Server=dir-01.uspto.gov+443 Server=dir-01.usptogov+389
Manager=ca-01.uspto.gov+443 Manager=ca-01.uspto.gov+709

After saving the changes to the entrust.ini file,restart the USPTO Direct client to use the new configuration.