Slashdot Mirror
Patent On 'Private' URLs
An anonymous reader writes: "Tumbleweed, 'secure' email via http with SSL, so, not really end-to-end secure, just got the patent on private URLs; "Tumbleweed IME generates a private URL for each secure delivery. The private URL that IME creates is unique, tied to the sender of the package or transaction, to the content being sent, and to the intended recipient." I guess I can't tell my buds to surf to a non-public directory on my website to download stuff anymore." Many web applications generate these private URLs. Like the cheesy insecure bookmarkable login URL that Slash uses for example (which is just your name and password plain text in the URL which you should never use unless you're on acid, lazy, and/or realize that losing your slashdot user account will in no way affect your life because you are not a moron and use a unique password so bring on the packet sniffers ;)
If they bother trying to press charges against someone for royalties they'll be shot down within a month. I believe just about every semi-secure web based email or online transaction site uses something like that. I even found an old password protection cgi two YEARS ago that did that. Why must common sense be so rare?
I am !amused.
OK, so it's another stupid patent. So? These things have to be tested to stand up, it's obvious that the US Patent Office just hands them out like Everlasting Gobstoppers at the Willy Wonka factory, so let's stop getting our knickers in an uproar every time this happens.
So, I'd suggest we just let them be patent-happy idiots, and maybe amass some prior art citations for the time when they sue Cmdr. Taco for Slash's infringement of their American right to innovate.
It's a strange world -- let's keep it that way
> The private URL that IME creates is unique, tied to the sender of the package or transaction, to the content being sent, and to the intended recipient. I guess I can't tell my buds to surf to a non-public directory on my website to download stuff anymore.
Well yes. That's not the same thing.
This is talking about unique URL identifying URL.
A directory on a harddrive is not the same thing.
> Many web applications generate these private URLs.
Possibly. But Tumbleweed have patented it - they got there first - way back in 1997 according to the story, so it's tumbleweed that gets the patent. I don't see what the big deal is here. There's always been a rush to be the first to do thing - it encourages innovation, and the one who gets their first gets to exploit the invention. It's always happened, and just because it's now happening on the net is no different. I guess people aren't used to dealing with patents, but the news is that everyone else has been dealing with them for three centuries.
> Like the cheesy insecure bookmkarkable login URL that Slash uses for example
Well no, not really. That's just a URL with a password and username. That's not this. You might as well say that the diesel engine is 'like' the 4-stroke petrol engine. Sure there are certain similarities, but they aren't the same - and they can both be protected accordingly.
--
Hi!
Hey, mirko : Check your spelling : CosomosBay
Sometimes I think that RMS is right and that all forms of patents are worthless, but then I realise that he's actually pretty damn wrong and we don't live in his world of so-called "freedom".
The trouble with patents is not what they're for, it's how they're used. By definition patents increase freedom because they allow others to benefit from research and innovation done by people and companies, which would otherwise be held secret. They "open source" knowledge to the betterment of all. Of course, unlike the GPL they let the originator make a profit, but that's good in a capitalist society.
However when patents are awarded for anything and everything then we end up with problems like this one, where a company gets a patent on something with obvious prior art that is already ubiquitous. It's partly the underfunded USPTO's fault and partly greedy corporate lawyers fault, but the end result is a mess of litigation and demands for licensing fees.
Thankfully, this one is way too obvious to stick.
I think personally that we need more government control over corporate IP, to prevent such abuses from happening. Then when a company starts throwing its weight around because it's got some dumb patent, the government can step in and ensure that it doesn't go any further. It'll save a hell of a lot of time and money for everyone, which will benefit smaller businesses and private citizens the most, and get rid of a major source of income for those fatcat corporate lawyers :)
Jon Erikson, IT guru
Well, someone already beat me to it in pointing out that the patent was filed in 1997 (A suggestion to rob et al: on future stupid-patent stories, please give the filing date of the patent - it's not as if delphion makes it hard to look up.)
Oh, and here's the blatant kharma whoring: the patent (all seven claims) at delphion.
If you just do a search on for patents on google, there's a link to a place that supposedly contains "the only large database in the galaxy, with information on over: 15,000 computer programs available in source code form, 50,000 software patents, and 800,000 abstracts to algorithms and software technology reports and articles. These software resources are the output of hundreds of government, academic and corporate facilities, not only in the United States, but also from foreign facilities. Our database has been under private development for eight years."
Not that it's needed in this case, but apparently for $400 bucks, they'll do a search for prior art.
"In these sources, many forms of prior art/reusable software components are searched for: source code listings to a program, pointer to where source code can be obtained, a pointer to where object libraries are located, moderately decomposed structural configuration for a computer program, pseudo-code description of a computer algorithm, and the claims to a software patent." It looks like they look through a lot of different kinds of material: "We check many sources, including government/university/corporate technical reports, journal articles, university theses, published books, commercial products (source code and object libraries), programs posted to/announced on the Internet, programs posted to standalone bulletin board systems, collections of software distributed as libraries on CDROMs, and existing software patents. Over 150 government/university/corporate facilities and over 240 journals are tracked." As I say, it's probably not need in this case, considering just how much prior art there is for these URLs, but in the future, someone should really make use of this database if stuff like this is ever in question.
Speaking of prior art... did any of you notice that URL I used to link to google?
I mean, come on. *ANY* web-based mail isn't going to be secure unless it's already encrypted with a real security product like PGP - in which case, who needs their sorry asses anyway? I mean, SSL? Come on. And what, exactly, do they do that's better than some combination of PGP, a good VPN, and good firewalls?
I wouldn't expect this company to be around all that much longer...
OK,
- B
--
http://www.bradheintz.com/
- updated
This patent is incredibly broad, covering any URL which identifies the document to be delivered, the intended recipient, and "other parameters". Everyone who handled user login using querystring data (remember the good ol' days before cookies?) has prior art on this. I've got sites dating back to '95 and '96 that do this, and I certainly got the idea from someone who came before.
O'Reilly's _CGI Programming_ is copyright 1996 and I believe it describes this kind of use for querystring data. In any case, I'm sure we all have CGI books on our shelves which show exactly this use of URLs and pre-date the 04/97 filing date of this so-called patent.
Seriously though, the patent shows a specific example
All patents do. It's called a "preferred embodiment." All the legal force of a patent resides in the claims. Here's the first claim of the patent in question:
Translation: If your web database uses a session_id in the GET URL, you infringe. Even Google DejaNews infringes.All your hallucinogen are belong to us.
Will I retire or break 10K?
I remember using warez FTP sites way back when, 1994 or earlier, and this was common practice. You can't have a secondary password on a anon-FTP site, so you make a directory with a name like dot-space-^h-tab-space-space-space-^m that is secret, then you only tell the person who you want to access the site the name of the secret directory.
I also seem to remember that PGP was distributed this way in the early years. You had to send an email to a bot at MIT, and they would tell you the name of some screwy FTP directory on their server to get it from. If you tried again a week later, it would be gone.
I even make a system like this myself in 1995. Someone would fill out a web form (forms were new!) and an image would be generated for them to download. It would get stuck on the FTP site, as img12345.jpg or something, for them to download. Then it would get deleted after a while. The ftp path was provided as a URL, the URL identified the document, the server stored it temporarily, and logged the transfer. Seems to satisify all their claims.
Yeah, I was laughing at them when I saw them on the Nasdaq in the start of the year. They went from like $15 a share to $2 a share in only a few hours.
They are rebounding I guess and grabbing at stupid patents is a good way to get the investors happy again..
They had a URL with a session ID the @ signs surrounding them, so
pathfinder.com/somestory/ expanding to pathfinder.com/@344656654645@/somestory/
pathfinder.com was registered in 1993. It was where Time-Warner gathered all of their print publication stories at. It's now defunct.
And yet I have yet to actually see someone come up with evidence of prior art. There have been some claiming existence of evidence as early as August '97. But that doesn't predate the patent application.
IIRC, once a patent has been granted there is a period of a year in which if the same idea is reimplemented then it is taken as proof that the idea is obvious and the patent is invalid. So these claims, whilst not prior art, do show that the patent isn't nonobvious. See here for more info.
Jon Erikson, IT guru
If you read the claims, it seems like a generally limited scope stupid patent. The problem is that this fails the non-obvious requirement and the Constitutional advancedment arguement.
:)...
Trade Secret laws are the problems, not patents. Anything that SHOULD be patented (monopoly for releasing information the society wouldn't get) is now protected under Trade Secret laws. As a result, the company gets rediculous protection... there is no societal reason for Trade Secret laws, it simply allows corporations to make more money.
This sort of system needs to be revealed to be used. Therefore, the patent is silly. Furthermore, the decision to put up a system like this is NOT related to the ability to patent it, so society is not advanced by the patent, the system would be released anyway and society would gain the knowledge.
HOWEVER, this system is pretty unique, so the patent is less of an issue. Read the claims, the logs portion of it is REALLY significant. They didn't patent GETs
To fall under the patent's claims, all 7 of them, you pretty much need to have a system that does the following:
1. Accept submissions to your server
AND
2. Create a custom URL for EACH receipient of the data (meaning, if I send 1 URL to 5 people, I don't fall under the patent)
AND
3. The server logs all accesses (it would seem to reason that these aren't web logs, but database logs with specific access information)
4. Transmits the logs to the sender (there are multiple ways of this, on request, automatically, without confirmed requiest, etc., etc., etc.)
I mean, that is a relatively specific approach to things.
Additionally, it becomes questionable if the GET string qualifies as a unique URL.
For example, if I send the same URL (script access) with a different set of variables, I should potentially be able to escape the claims.
If you are doing something like this, it isn't THAT hard to work around the patent.
The problem with these patents, however, is that by merely reading the claims, one could design the system trivially with a mastery of the skill. I have no need to read the patent and gain knowledge (that I can put to use in 20 years).
OTOH: when they came up with this in 97, this was pretty unique. Now it seems very commonplace, and there probably is prior art for some of this. I also doubt that they would try to enforce these claims anyways, given how sketchy the patent seems today.
Alex
Open Market Web Server was using URL rewriting at least as far back as 1996, and this technique was in use at PathFinder at the time.
Critical Path's web mail was using URL rewriting for exactly the same thing that TumbleWeed got their patent on since ever. I'm not sure exactly when their first web mail revision hit the wire, but it was in 1997 sometime.
On the modperl mailing list, the debate used to flare up between people who preferred URL rewriting and people who preferred cookies, all through 1997 and 1998. So, in 1997, there were at least enough people using both techniques to field an argument. Fertile ground for prior art there.
Go read the stupid patent announcement. It says, "The patent application was filed in April 1997." In other words, we have to find prior art from before this!
Admittedly it's out there, and this truly is a stupid, dumb, brainless, fucked patent; but please quit citing "I was doing this in 199[89]" sources, folks!
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I am a newbie at CGI scripting. I wrote a script a while back that takes login data, and uses a session-key in the URL to keep the user validated as they move around pages in the said cgi script.
Using a session key was the first thought that popped into my head to keep this state information (I didn't want to use cookies). I was below the "ordinary skill in the art" because I was a newbie, yet it was the first thing that I thought of: therefore I'd be quite willing to testify under oath that this technique is obvious to anyone with ordinary skills in the art.
Oolite: Elite-like game. For Mac, Linux and Windows