WARNING: Although the information which follows was correct at the time of original publication in the PCT Newsletter, some information may no longer be applicable; for example, amendments may have been made to the PCT Regulations and Administrative Instructions, as well as to PCT Forms, since the PCT Newsletter concerned was published; changes to certain fees and references to certain publications may no longer be valid. Wherever there is a reference to a PCT Rule, please check carefully whether the Rule in force at the date of publication of the advice has since been amended.
The use of strong authentication methods for filing and managing PCT applications using ePCT
Q: When logging into ePCT with strong authentication, I use a WIPO digital certificate. However, I have just been notified that my digital certificate will expire soon and that I need to request a new one as the certificate cannot be renewed. It seems that there are other ways to log into ePCT with strong authentication. Are they easier to use than digital certificates, as I remember experiencing issues when trying to enroll and pick up my certificate in the past?
A: Strong authentication is required on your WIPO Account to access confidential data and documents in ePCT and to prepare and file new international applications. In addition to your username and password, we recommend that you set up at least two strong authentication methods for your WIPO Account in order to sign in securely to ePCT. If you lose access to one strong authentication method, you can still log into your account using the existing one and subsequently set up additional strong authentication options or, if necessary, remove any other strong authentication method that is no longer valid, for example, a phone number recorded for text messages that is no longer operational.
You are not obliged to log into ePCT using a WIPO digital certificate. In fact, the best practice for logging into ePCT with strong authentication is to register a standard authenticator application (app) for generating one‑time passwords, installed on your mobile device (such as “Google Authenticator”) or on your desktop (such as “WinAuth”), and to register a mobile or landline phone number for the receipt of one-time passwords by text message (SMS) or voice message, rather than using a digital certificate. Using a standard authenticator application to generate a one‑time password or receiving a one‑time password in a message is easier and more efficient than using digital certificates. This also helps to avoid common issues that some ePCT users have experienced when retrieving and installing their digital certificates (for instance, due to the failure to note down the enrolment code and/or default password which are usually required in order to install the certificate).
The use of authenticator apps for one-time passwords
As a main type of strong authentication, we recommend the use of an authenticator app whenever possible, rather than receiving codes via text message. Apps are usually more reliable and efficient because, once installed they continue to function, even when you do not have access to the internet. On the other hand, there may be times when you are unable to receive a text message, for example, if the mobile signal is weak or non-existent, or if you are using a different SIM card while traveling. Another advantage of a one-time password generated by an app is that it is usually instantaneous, whereas a password sent via a text message can take several minutes.
Information about the recommended apps for one‑time passwords, as well as instructions on how to set them up in ePCT, can be found at:
https://www.wipo.int/pct/en/epct/learnmore.html?N=614
The use of one-time passwords via SMS
As we recommend that you set up at least two strong authentication methods to ensure ePCT access in all circumstances, you should also register a mobile phone number with your WIPO account, in order to be able to receive one-time passwords via SMS. You can also use this authentication option with a landline telephone and receive a one‑time password by voice message. Instructions on how to register a phone number are available at:
https://www.wipo.int/pct/en/epct/learnmore.html?N=489
The use of WIPO digital certificates
The use of digital certificates is less convenient than using an authenticator app or the SMS, and may take longer to set up as WIPO certificate requests are manually processed only during WIPO’s office hours. Note also that WIPO digital certificates are issued to individuals only and not in the name of companies. Moreover, enrollment and pick-up must be done using the same computer and browser and WIPO digital certificates can be used only for PCT services and not for other WIPO IP Portal services that might require strong authentication.
Please note that, although the one-time password methods are recommended, WIPO digital certificates will remain in parallel as an option for strong authentication for the foreseeable future. If you are going to continue using a digital certificate, please note that if the browser that you are currently using is Internet Explorer, the use of that browser will be discontinued shortly. You will, however, be able to enroll using one of the following browsers: Google Chrome, Mozilla Firefox or Microsoft Edge (for further information, please refer to “Electronic Filing and Processing of International Applications”). Please note that, regardless of which of the three compatible browsers you use, you must always take note of the default password during the certificate installation process in order to be able to import the certificate to the browser afterwards. If you fail to do this, the installation of the certificate cannot be completed and WIPO will have to revoke the certificate.