Amazon Awarded Cookie Patent 79
theodp writes "On Tuesday, the USPTO granted Amazon.com a patent for the Use of browser cookies to store structured data, which covers the storing of data structures and non-character data within browser cookies. In a February SEC filing (pdf), Amazon reiterated that they expect that they may license certain patents to third parties in the future."
That's good news (Score:5, Funny)
Now I can finally download and install HTTP Cookie Library [scriptarchive.com] and send my license check to Amazon.
Sadly, I found prior art. (Score:1, Funny)
However, I am going to patent the idea of storing non-obvious information in digital images for use in computer network transactions.
Re:Sadly, I found prior art. (Score:1)
Patent the function of an object 'eh? (Score:3, Funny)
Re:Patent the function of an object 'eh? (Score:1)
just patent the DNA, same thing really..
Re:Well, actually - they do! (Score:2)
"What is a plant patent?
A plant patent is granted by the Government to an inventor (or the inventor's hiers or assigns) who has invented or discovered and asexually reproduced a distinct and new variety of plant, other than a tuber propag
Re:Patent Everything!! (Score:3, Funny)
Clever, but can be taken further. How about getting a patent on every move you make, every bond you break and every step you take?
Although, somehow I sense that there's a prior art somewhere...
Re:Patent Everything!! (Score:1)
Re:Patent Everything!! (Score:1)
Actually I think that some activists patenting several completely ridiculuous parents would be a good way of bringing some attention to this issue.
Of another note, I hope it doesn't come to this, but it would be great if someone like the FSF could get the resources to patent some ideas that come up in open source software. (could be difficult as most open source ideas are published as soon as they are thought of)
Re:Patent Everything!! (Score:1)
Why? Is there some requirement that something that's published cannot be patented?
Jim
CSV, etc? (Score:4, Interesting)
Re:CSV, etc? (Score:4, Insightful)
Re:CSV, etc? (Score:3, Informative)
TBH you can put anything you like in a cookie, binary or not; you just base64 encode it or so. After that, well, people have been making file formats like this for years, and Amazon get a patent just for putting one in a cookie? Lame.
Re:CSV, etc? (Score:1)
Just be extremely paranoid when deserializing from client.
evJ00l Hax0r: "Hey, this guy stores complete data structures in cookies. Wonder if he minds if I stick system("cat /etc/apache/htpasswd");' in the end?"
Bogus, but specific (Score:5, Insightful)
a method of incorporating at least one data structure from the database into a browser cookie to reduce accesses to the database
Okay, the stuff I'm storing in the cookie isn't the same as a structure in my database. FOAD. You think it is? I say it is half a structure from my database. Or one item from each of five structures in my database.
They could drown you in lawsuits, but they didn't need a patent to do that anyway.
Give Amazon.com the finger (Score:5, Interesting)
One-click could be argued as a novel business practice. But crap like this is ridiculous. It's like the old joke of adding "with a computer" to anything and calling it novel. I've already moved to Powells [powells.com] for books, but I'll have to intensify my efforts to get others to stop shopping with Amazon.com.
Re:Give Amazon.com the finger (Score:2)
Here is the definition of data:
1. Factual information, especially information organized for analysis or used to reason or make decisions.
2. Computer Science. Numerical or other information represented in a form suitable for processing by computer.
I would be ashamed to have my name on a patent like this. It just makes you look really dumb!!!
Re:Give Amazon.com the finger (Score:1)
Re:Give Amazon.com the finger (Score:1)
Re:Give Amazon.com the finger (Score:2)
see, you missed a trick there, these days one takes all those patents wiht 'on a computer' in them and add 'on the internet' and viola, one patent portfolio.
Re:Bogus, but specific (Score:2)
Re:Bogus, but specific (Score:1)
Re:Bogus, but specific (Score:2)
The USPTO (Score:1)
Re:The USPTO (Score:2)
Re:The USPTO (Score:1)
Prior Art (Score:5, Funny)
I know I personally participated in prior art.... (Score:2)
Multiple reactions, pick the one you like. (Score:5, Funny)
Geez again? TIMING you idiots April fool starts on the 1st of april. Not on 31st of march. Geez. Is it that hard to read a calendar? And a good april fools joke is funny because people are tricked into thinking something that clearly couldn't be true. USPTO passing a silly patent does not qualify.
What kind of insect could possibly not see the bloody obviousness off this one. Use a cookie to store data. Well fucking duh. What next? Patent the use of an engine to power something? A trunk to carry luggage? A shovel to dig with? Outsourcing is bad enough but hiring lower lifeforms goes to far!
This story only goes to show patent reform is impossible. Nothing will help here anymore but the old "put them against the wall" at the revolution. Going to be really crowded too. What will all the lawyers, ceo's, outsources, alcohol free beer inventors and people who talk in caps on the web.
Anyone else find it slightly odd that all the idiot patent stories come from america? Wonder why the USPTO is unable to hire any smart people. Is the USPTO banned from hiring non-americans?
Come on you weren't expecting any serious response were you? Feeble jokes for a feeble joke of an institution.
Re:Multiple reactions, pick the one you like. (Score:1)
LOL. I guess it must be since according to Slashdot time, your post is on the 30th of March. =)
Curses! Timezone killed my joke! (Score:2)
No I am not up late. I am up early. You will learn about insomnia one day too young one :(
Re:Multiple reactions, pick the one you like. (Score:2)
Re:Multiple reactions, pick the one you like. (Score:2)
Why would Europeans be concerned with US patents?
Because some US firms would love the European Union to adopt US patent policy to cover the EU states. This is what MicroSoft are trying to encourage as a workaround to the recent EU anti-monopoly ruling. The ill-informed EU representatives in Brussels have already voted through some appalling legislation in relation to patents and the like, so MicroSoft are possibly going to get their way.
Chris
Shot in the foot. (Score:5, Funny)
key value (Score:3, Insightful)
That said, isn't the idea of a cookie, in fact, a structure? In this case, a key/value pair??
Worried about I.T. outsourcing? ... (Score:1, Troll)
That's right, just a few years of law school, and you can cash in on the corrupt patent system.
If being called a "lawyer" troubles you, just insist on being called "Esquire". If people won't, sue em. Sue everybody!
They'll be no reason to worry anymore -- you'll see politicians and doctors outsourced before the lawyers go.
So (Score:5, Insightful)
If you do it without encryption or without a checksum then you're probably not infringing. Same if you avoid binary encoding. If you save a textual representation of the record, and use a form of encryption that works on plain text, you can achieve the same effect without infringing.
And if someone tries to patent my idea, I'll make business very hard for them.
I did this too (Score:3, Informative)
This was so that we could tell in bounced OR replied messages which customer sent the message and for which story, and it would loosely authenticate the user for performing "safe" operations on their email alert account
Re:So (Score:5, Informative)
That's not how I read the claims. The basic claims are 1, 10, 18, 26, 35, 40. Adding encryption or checksums to storing the data structures as cookies are covered by separate claims, always listed in addition to the basic claims.
The whole point of this patent is IMO what they call "schema data". By this they mean having a separate file that describes the data structure used in the cookies, so that the way the data structures can be changed without changing the code en/de-crypting the cookie. (Claim 1.) Unless someone is using such a metafile describing the data structure, and has written a generic cookie parser that is controlled by this metafile, I am pretty sure he will not be infringing the patent. This is, of course, not revolutionary, but it's definitely much better software design than the typical PHP/MySQL web site.
Adding versioning of the data structures is claim 7. Claim 26 is then about using this data to generate personalized web pages from the cookie data without any database lookups.
So, IMHO this patent isn't that silly. You most likely don't have to "work around" it just because you are storing some structured user data in cookies, it is to the contrary very unlikely that you are infringing it. Definitely, all posts here have missed the "schema data" aspect so far. Maybe there is prior art for this, but if there is, noone has pointed out any so far.
I think the only good reason to be against this patent is to be against software patents in general. Which I am, btw:)
Re:So (Score:2)
Re:So (Score:2)
What's required for this to be prior art? Anyone skilled in the art looking at the cookies from that site would be able to work out what was going on, so is that enough?
Courts didn't like all of Morse's claims either (Score:4, Interesting)
"electro magnetism, however developed for marking or printing intelligible characters, signs, or letters, at any distances."
Sound a little over-broad? The Supreme Court thought so too(1853). Broad claims get through the patent office sometimes. That's what courts are for. Will Amazon get some money out of this? Probably. Would I give them any money for it? No.
I'm sorry, but you are wrong. (Score:1)
But, Thats what the freaking patent office is for (sweeping out the broad claims).
The process should be: apply for patent, too broad, denied, don't like it, go to court against PTO.
But instead, it is: apply for patent, granted, threaten to sue a lot of suckers, make some money, one non-sucker sues back, wins, patent cancelled.
Which one do you think misspends more taxpayers' money??
*WHY*? (Score:2, Insightful)
Isn't it considered to be better practice (in terms of security and privacy and
all that jazz) to only use the cookie as a unique ID, an index into your DB
table(s) containing all the other information? What is the advantage to
storing more stuff on the client side?
Re:*WHY*? (Score:2)
Re:*WHY*? (Score:1)
Except you're going to have to do a db lookup anyway, to check for session
expiration if nothing else.
> Of course if you stuff too much data in there it's gonna be slower (the
> end user has to upload that fat cookie on every page request and your
> server has to decrypt it).
I'd be more concerned about the other issues. If the cookie is just a
unique number, you can tie it to a specific IP address much more easily.
I suppose you could cryptographically sign the
Cookie madness, anyone? (Score:3, Interesting)
I've often thought it would be interesting to write a program that caused stored cookies to be returned with with slight changes. You could load the program, browse Amazon, and see what happened.
They can store cookies if you allow them to store them. However, what you return is entirely your decision. It's your computer.
Re:Cookie madness, anyone? (Score:2)
I'm wondering how it is faster to pull a cookie from the browser, compute its checksum, compair, if they match, decrypt, then decode. Surely that can't be faster than a properly cached local database query.
Re:Cookie madness, anyone? (Score:4, Insightful)
Given that the limiting resource is server resources as opposed to customer waiting time or network bandwidth, and given how much seriously faster CPU is over disk access, it looks like a win to me.
Once your data gets larger than 8k or so, you begin to seriously annoy people on modem connections, so I'm assuming the cookie is smaller than this. Checksumming and decrypting 8kbytes of data on a modern machine really ought to be very quick indeed. For order of magnitude estimates, I'd guess the process takes about 15 clock cycles per byte of cookie as an upper bound, coming to significantly less than a milisecond on a modern CPU. This is much less than the cost of a disk access.
Re:Cookie madness, anyone? (Score:1)
I'm betting it's 100 times easier to scale your web farm than it is to scale your database cluster. (Actually betting isn't the right word, I know that for a fact.)
Re:Cookie madness, anyone? (Score:2)
Not to mention cheaper. Fast CPU's (for a web server) are dirt cheap. Large/fast raid arrays (for a DB server) are expensive. And that's just assuming they are running a free/inexpensive DB. An Oracle license could be more than the hardware costs of the server.
Why does Amazon want to encrypt data about you? (Score:2)
You could return a cookie from a pool of cookies received by other people at other times. If you can guess the method of checksumming and encryption, you can make your own.
Surely checksumming and encryption cannot be patented, even by a patent office corrupted by allowing too little money to do a good job.
As the world moves to broadband, there begin to be new privacy issues. Often your IP identifies you.
Ask yourself, why does Amazon want to encrypt data about you? There are issues here that nee
Re:Why does Amazon want to encrypt data about you? (Score:2)
Oh, such fresh, fresh innocence.
Off the cuff, I can think of three patents in this realm alone. RSA patented RSA encryption, the (extremely obvious, done by everyone) table lookup optimization in CRC32 is patented, and IBM has certain tables of bit encodings (simple checksums that are particularly resistant to common hard-drive errors) patented.
The idea of using encryption in cookies cannot... (Score:2)
This kind of stuff gets old. Someone reads a comment and thinks how it could be wrong, instead of trying to understand what was meant.
What I meant was that the idea of using checksumming and encryption in cookies cannot be patented.
Also, Amazon is not patenting the checksumming and encryption. If they use patented encryption, it would be someone else's. It seems unlikely they would be using complicated encryption, since that would not save CPU cycles over just storing the data on their own servers.
Re:The idea of using encryption in cookies cannot. (Score:2)
What I meant was that the idea of using checksumming and encryption in cookies cannot be patented.
That certainly could be true, but it's not what you wrote in your original post:
You could return a cookie from a pool of cookies received by other people at other times. If you can guess the method of checksumming and e
Re:Why does Amazon want to encrypt data about you? (Score:1)
You're assuming that Amazon's storing anything interesting about you. More likely they're storing relatively trivial info like your name and interests (i.e. a list of stores to display)
Ask yourself, why does Amazon want to encrypt data about you?
Assuming Amazon is sending anything more than trivial information, do you want them to se
Re:Cookie madness, anyone? (Score:2)
You have to be extremely careful where you use this technique, as it's vulnerable to replay attacks (remember what cookie you had at time A, let Amazon change it at time B, and then set it back to the cookie you had at time A). If you use a scheme like this, you have to deal with people being able to r
Attack on Amazon's customer record system (Score:2)
Also note that you want to be doubly-careful when dealing with a complex set of data (as Amazon does) and triply-careful when dealing with a system that deals with mone
Re:Cookie madness, anyone? (Score:2)
I had a similar thought, except that making random changes would probably currupt the cookie and it would be detected/rejected/ignored.
My idea was to send valid cookies. You would return cookies from other random people running the same software
-
Let's do something about it (Score:2)
Why not take a page directly from the activist handbook. When environmental activists are trying to fight for an issue they have found it useful to attack a company that has particularly bad environmental policies (like the oil companies).
So let us attack a company that has particularly bad patent policies: Amazon. There are plenty of alternatives out there anyway. Let's band together and start giving amazon some bad press. I just pos [sillytech.com]
Re:Let's do something about it (Score:2)
Yes, I'm sorry to say, but... (Score:1)
Re:Let's do something about it (long) (Score:1)
Perhaps the most obvious person to initiate, organize, or fund a class-action suit would be the W3C itself. After all, what Amazon has done here is to basically patent what was an open-standard. One Click could be argued to be more like a trademark on the name. But this is potentially SO much broader, and seems
Bad Amazon (Score:2)
Prior Art (Score:2, Informative)
The HSBC Australia online trading platform publicly launched in Nov 1999 and implemented in Python, used cookies to pass serialised Python structures between client and server to avoid needless per request DB lookups (and to allow simple horizontal scaling, since instead of requiring a "session DB" one only required HTTP servers capable of de
Re:Prior Art - author contact please.. (Score:1)
Would the author of this post please get in touch with me to discuss how to proceed with this information (though the Austraian courts if not US - is Australia in the WTO. See my other comment in this thread here [slashdot.org]
great day for privacy! (Score:1)
Oh wait, that sounds a little too sarcastic to be probable... darn, just when I thought there was a little ying in this Evil Empire's yang.
What do I do if *I* made Prior Art? (Score:3, Interesting)
In the course of one of my contracts, I needed a nice way to impliment a next/previous page functionality without the use of a session table (long story as to why). I ended up using a cookie as a stack for that functionality.
The problem is that this code was written for a private, in-house data warehousing system, and I don't have the code.
Could I file a "friend of the court" or some other such brief on this matter describing how I implimented (for profit!) this technology before the patent date?
Re:What do I do if *I* made Prior Art? (Score:1)
If there was ever a lawsuit contesting the patent, then you would be able to file a friend of the court brief. I'm not sure exactly what documentation you'd need to show. Probably it would need to be the data company and not you that files the brief.
Until then, there isn't really much that can be done.
IANALRe:What do I do if *I* made Prior Art? (Score:1)
Did anyone else see this and think (Score:1)
I think I need to eat some breakfast...