Slashdot Mirror
Amazon Awarded Cookie Patent
theodp writes "On Tuesday, the USPTO granted Amazon.com a patent for the Use of browser cookies to store structured data, which covers the storing of data structures and non-character data within browser cookies. In a February SEC filing (pdf), Amazon reiterated that they expect that they may license certain patents to third parties in the future."
I wanted to implement a cookie-driven Web site for a long time, but was clueless as for who I had to pay for using the technology.
Now I can finally download and install HTTP Cookie Library and send my license check to Amazon.
I think I'll go and patent a type of apple tree that grows apples.
I shall patent the method of respiration, and all shall pay me a $.07 license fee with every breath they take!!
Fortune Cookies with things in addition to fortunes with them.
However, I am going to patent the idea of storing non-obvious information in digital images for use in computer network transactions.
wouldn't something like storing comma seperated values count as "structured"??
The revolution will not be televised. It won't be on a friggin blog either
So the patent looks silly on the face, but the opening claims are easy to work around and make it hard for them to sue:
a method of incorporating at least one data structure from the database into a browser cookie to reduce accesses to the database
Okay, the stuff I'm storing in the cookie isn't the same as a structure in my database. FOAD. You think it is? I say it is half a structure from my database. Or one item from each of five structures in my database.
They could drown you in lawsuits, but they didn't need a patent to do that anyway.
.sig Karma out the wazoo, better to spend points elsewhere if this is above 2 or below 0
I don't know man, Cheech and Chong have been putting some pretty wild shit in their cookies for decades!
Of course the code has been legally buried by the crash of the company that I developer it for. I didn't even think for a second that this might be somehting that someone could patent.
Geez again? TIMING you idiots April fool starts on the 1st of april. Not on 31st of march. Geez. Is it that hard to read a calendar? And a good april fools joke is funny because people are tricked into thinking something that clearly couldn't be true. USPTO passing a silly patent does not qualify.
What kind of insect could possibly not see the bloody obviousness off this one. Use a cookie to store data. Well fucking duh. What next? Patent the use of an engine to power something? A trunk to carry luggage? A shovel to dig with? Outsourcing is bad enough but hiring lower lifeforms goes to far!
This story only goes to show patent reform is impossible. Nothing will help here anymore but the old "put them against the wall" at the revolution. Going to be really crowded too. What will all the lawyers, ceo's, outsources, alcohol free beer inventors and people who talk in caps on the web.
Anyone else find it slightly odd that all the idiot patent stories come from america? Wonder why the USPTO is unable to hire any smart people. Is the USPTO banned from hiring non-americans?
Come on you weren't expecting any serious response were you? Feeble jokes for a feeble joke of an institution.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I worked at a company doing cutting-edge stuff and we were always looking for stuff to patent. Our intent was to create a defensive portfolio that would also look enticing to VCs. But we never, ever thought of pursuing patents on the patently obvious (pun intended).
One-click could be argued as a novel business practice. But crap like this is ridiculous. It's like the old joke of adding "with a computer" to anything and calling it novel. I've already moved to Powells for books, but I'll have to intensify my efforts to get others to stop shopping with Amazon.com.
You know, the US Patent Office's website uses cookies that would violate this patent.
- - - - - - -
"All hail the glory of the Hypnotoad."
ok, I am stating this up front. I didn't read the entire patent article. My apologies.
That said, isn't the idea of a cookie, in fact, a structure? In this case, a key/value pair??
Blocklevel: Practical Information Architecture
That's right, just a few years of law school, and you can cash in on the corrupt patent system.
If being called a "lawyer" troubles you, just insist on being called "Esquire". If people won't, sue em. Sue everybody!
They'll be no reason to worry anymore -- you'll see politicians and doctors outsourced before the lawyers go.
No I am not up late. I am up early. You will learn about insomnia one day too young one :(
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Their method appears to be for storing a binary copy of the entire customer record, encoded (base64 or similar), encrypted, and checksummed, into a cookie. As prior-art as the title of the patent may appear, I haven't seen it done in exactly this fashion.
If you do it without encryption or without a checksum then you're probably not infringing. Same if you avoid binary encoding. If you save a textual representation of the record, and use a form of encryption that works on plain text, you can achieve the same effect without infringing.
And if someone tries to patent my idea, I'll make business very hard for them.
Morse (the telegraph guy) was awarded a patent claim for:
"electro magnetism, however developed for marking or printing intelligible characters, signs, or letters, at any distances."
Sound a little over-broad? The Supreme Court thought so too(1853). Broad claims get through the patent office sometimes. That's what courts are for. Will Amazon get some money out of this? Probably. Would I give them any money for it? No.
Ryan Kennedy opposes comm
Isn't it considered to be better practice (in terms of security and privacy and
all that jazz) to only use the cookie as a unique ID, an index into your DB
table(s) containing all the other information? What is the advantage to
storing more stuff on the client side?
Cut that out, or I will ship you to Norilsk in a box.
I've often thought it would be interesting to write a program that caused stored cookies to be returned with with slight changes. You could load the program, browse Amazon, and see what happened.
They can store cookies if you allow them to store them. However, what you return is entirely your decision. It's your computer.
Please download a sense of humor.
Why not take a page directly from the activist handbook. When environmental activists are trying to fight for an issue they have found it useful to attack a company that has particularly bad environmental policies (like the oil companies).
So let us attack a company that has particularly bad patent policies: Amazon. There are plenty of alternatives out there anyway. Let's band together and start giving amazon some bad press. I just posted something on my blog about it (which gets read by a bunch of non-technical people who have probably never heard of this).
Please do the same. It doesn't look like government is doing anything about this, so all that's left is you and me.
A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
Bad Amazon! No Cookie Patent!
so, let me get this straight...
if someone uses cookies, they'll have to pay to amazon right?
ok, let's see
www.sco.com,... bingo, I think I'll go and warn amazon about this, I'm sure they want to know someone is using their patented technology ]:) mwuhahaha
The second revision of the second generation of Ananova email alerts (anyone remember this?) had two such encrypted addresses, the From address and the Reply-To address, which included an encrypted checksummed version of the customers address-id and the story-id of the message that was sent.
This was so that we could tell in bounced OR replied messages which customer sent the message and for which story, and it would loosely authenticate the user for performing "safe" operations on their email alert account.
Around the same time we started using cookies to store the number of times users visited each section of the Ananova website for the last 7 days in which they visited the site at all. This was to give us a vague idea of where their interests lay but we never used this data, and it wasn't checksummed, but it was binary packed and then based 62 encoded (couldn't find 64 characters ALL of which would not be url encoded, wasting cookie space)
Plenty of other web based projects use encrypted password tokens to show a user has authenticated without having to store or repeatedy transmit the password in replay-able form over the web.
Sam
blog.sam.liddicott.com
You could return a cookie from a pool of cookies received by other people at other times. If you can guess the method of checksumming and encryption, you can make your own.
Surely checksumming and encryption cannot be patented, even by a patent office corrupted by allowing too little money to do a good job.
As the world moves to broadband, there begin to be new privacy issues. Often your IP identifies you.
Ask yourself, why does Amazon want to encrypt data about you? There are issues here that need to be explored.
You have to be extremely careful where you use this technique, as it's vulnerable to replay attacks (remember what cookie you had at time A, let Amazon change it at time B, and then set it back to the cookie you had at time A). If you use a scheme like this, you have to deal with people being able to revert all the state in the cookie back.
Also note that you want to be doubly-careful when dealing with a complex set of data (as Amazon does) and triply-careful when dealing with a system that deals with money.
Nothing to say that Amazon doesn't use this properly (or, really, that they even use this at all), but man oh man, even if they have some serious security and distributed developers, and don't make any mistakes, I could sure see some schmuck Amazon web developer a year down the road assuming that he has transaction semantics for all of his customer records (when in fact the remote client can cause partial arbitrary rollbacks) and do something that relies on the data in the customer's computer, or something that relies only on local data.
I dunno. One-Click generally seemed like a bad idea in practice too. Amazon is racking up an awful lot of dubiously useful and really-shouldn't-be-valid-anyway patents.
May we never see th
is the most lame and incompetent governmental body I have ever tought of. If I was USian, I would make a campaign to do a full restructure of it, because this is completely insane.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
You say: "Broad claims get through the patent office sometimes. That's what courts are for."
But, Thats what the freaking patent office is for (sweeping out the broad claims).
The process should be: apply for patent, too broad, denied, don't like it, go to court against PTO.
But instead, it is: apply for patent, granted, threaten to sue a lot of suckers, make some money, one non-sucker sues back, wins, patent cancelled.
Which one do you think misspends more taxpayers' money??
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
The HSBC Australia online trading platform publicly launched in Nov 1999 and implemented in Python, used cookies to pass serialised Python structures between client and server to avoid needless per request DB lookups (and to allow simple horizontal scaling, since instead of requiring a "session DB" one only required HTTP servers capable of decrypting the cookie data, i.e. the requests could go to any server). The serialised Python structures were strongly encrypted and contained internal session key info which was used to provide an additional check on the data consistency. This would appear to match exactly what this patent claims to be novel (it seemed pretty intuitive at the time). The system is still live, and the codebase is largely untouched. I would expect that a large amount of internal documentation exists on the history of this project (including at least one presentation to an Open Source conference).
This kind of stuff gets old. Someone reads a comment and thinks how it could be wrong, instead of trying to understand what was meant.
What I meant was that the idea of using checksumming and encryption in cookies cannot be patented.
Also, Amazon is not patenting the checksumming and encryption. If they use patented encryption, it would be someone else's. It seems unlikely they would be using complicated encryption, since that would not save CPU cycles over just storing the data on their own servers.
the only thing USians can do is write their congresspeople and ask for USPTO reform.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Now I don't have to worry about web sites tracking my every move with their cookies! All I have to do is avoid Amazon, and I can remove my tin foil hat!
Oh wait, that sounds a little too sarcastic to be probable... darn, just when I thought there was a little ying in this Evil Empire's yang.
Children in the backseats don't cause accidents. Accidents in the back seats cause children.
In the course of one of my contracts, I needed a nice way to impliment a next/previous page functionality without the use of a session table (long story as to why). I ended up using a cookie as a stack for that functionality.
The problem is that this code was written for a private, in-house data warehousing system, and I don't have the code.
Could I file a "friend of the court" or some other such brief on this matter describing how I implimented (for profit!) this technology before the patent date?
There's so little difference between politics and jihad lately...
Agriculture and Plant patents make up a huge portion of the whole patent operation. So, yes, there a many apple trees that bear apples that are indeed patented. Go to the uspto.gov site and search for "apple AND tree ANDNOT computer" and see how many hits there are.
h tml
"What is a plant patent?
A plant patent is granted by the Government to an inventor (or the inventor's hiers or assigns) who has invented or discovered and asexually reproduced a distinct and new variety of plant, other than a tuber propagated plant or a plant found in an uncultivated state. The grant, which lasts for 20 years from the date of filing the application, protects the inventor's right to exclude others from asexually reproducing, selling, or using the plant so reproduced. This protection is limited to a plant in its ordinary meaning:" http://www.uspto.gov/web/offices/pac/plant/index.
Here's one for an Apple tree named `Lynn`:
BACKGROUND OF THE INVENTION
Disclosed is a new and distinct variety of apple (Malus pumila, Mill) that was discovered in a cultivated area of the back yard of my residence off Washington State Highway 28, Rock Island, Wash. The seedling apparently germinated in about 1990 and was basically ignored until it fruited in 1999. I noticed the color and quality of this initial fruit. In the Spring of 2000, I grafted budwood from the seedling onto about 100 `Jonagold` (unpatented) trees growing on Malling 7 (unpatented) rootstock. This grafting took place in Rock Island, Wash. Approximately 10 of these grafts produced fruit in 2001. The fruit from these grafts and other characteristics of these grafts were identical to the fruit and other characteristics of the original seeding, thus confirming the stability of this new variety. I decided to call my new variety `LYNN`.
BRIEF SUMMARY OF THE INVENTION
My new variety is a seedling apple tree with a distinct pink-red blush over about 20 to 80 percent of the fruit surface, which has a glossy yellow ground color. In addition, the fruit size typically is large, the shape conic, and the flesh crisp, juicy, and sweet-tart in flavor. These characteristics make it a clearly distinct new variety.
This apple of my new variety is very distinctive, not sharing a number of external or internal characteristics with any other variety. The apple of my new variety has the pink on yellow coloring similar to `Winter Banana` (not patented), but is much different in shape. `Winter Banana` is more round in shape with a very shallow basin. `Winter Banana` apple ripens in mid-late October and `Lynn` ripens in mid-September.
I'm sorry -- I was being sarcastic, but the vitriol was really aimed at the PTO ("one would have to be innocent to assume that an incredibly idiotic patent wouldn't get through"), not you.
What I meant was that the idea of using checksumming and encryption in cookies cannot be patented.
That certainly could be true, but it's not what you wrote in your original post:
You could return a cookie from a pool of cookies received by other people at other times. If you can guess the method of checksumming and encryption, you can make your own.
If you're guessing the method, you're not concerned with just the idea -- you're concerned with the exact same mechanism that they're using.
May we never see th
"Whoa, Amazon's selling cookies now?"
I think I need to eat some breakfast...
"Righteous speed demon and trust fund party darling of justice"
What about legal action? There are at least a few lawyers out there that would sympathize with this madness (Lawrence Lessig comes to mind immediately, but he has other things on his plate).
Perhaps the most obvious person to initiate, organize, or fund a class-action suit would be the W3C itself. After all, what Amazon has done here is to basically patent what was an open-standard. One Click could be argued to be more like a trademark on the name. But this is potentially SO much broader, and seems to encompass much if not all of the cookie open-standard. (I haven't read the patent, and am not a lawyer and so couldn't see the most probably interpretations anyway)
If I were a person at the top of the W3C, I'd be hopping mad. What if someone tried to patent the "creation of multi-column" data presentation using tables in a markup language" Yes, this has reams of prior art, but so does this Amazon patent it seems.. Given this patent, perhaps the USPTO would grant such a patent...
Amazon is one suit-target. Another (I don't know if this is possible under US law) is the USPTO itself. Both of these would take truly stupendous amounts of money.
Another idea is to see if the EU or WTO could do something (or at least apply pressure). Remember, Amazon is a global company (at least of global reach), and while their US patent may not affect things in Germany (I don't know how international patent law works - but between the US and EU there may be broad-reaching patent treaties). And it could be a menace for the future if the WTO manages to standardize IP rules.
Doing anything serious at the international level would taken even *more* stupendous amounts of money (and given the exchange rate of the dollar - couldn't resist.). But perhaps a targeted dead-tree/fax/email flood to various foreign patent office people/sympathic foreign patent lawyers/WTO officials could at least try to raise the issue with people who (supposedly) would care.
Another idea would be to write not only to Congress on the issue, but push them to open a GAO or other congressional investigation into the issue. Also, write to people *in the PTO* itself.
I think a lot of what's going on here is that the PTO simply doesn't understand the new technology. People can whine about how we need new people, how we need to pay them more, but that doesn't change the (probably) reality that they just don't understand it. I am not sure they completely understand the fact that what Amazon applied to patent was already present as an open-standard by the W3C, and was not in effect a "novel" way of *using* the standard, but basically *the* standard itself.
Storing data according to a standard is not a "novel" use of the technology. It's like saying, "Writing an outline (as opposed to a letter) on a piece of paper" is a "novel" use of the technology of paper. It's absurd. If the "paper example" came before the PTO, it would be thrown out as absurd (I'd hope). But I think that's because paper and ink has been a technology that's been around for around for centuries. Web technology has not. That's the difference between the two.
And this is *not* restricted to just E-technology issues. It's also an issue in bio-tech: patenting not only of genes and naturally-occurring proteins (which is controversial), but patenting *biological pathways* themselves (and claiming partial ownership of any drug that makes use of any part of that pathway), and patenting *biological processes* that nature already do, and other researchers may already have done/found, such as stem-cell creation (bone marrow does it all the time)
It seems to me that what is needed is some way to challenge a patent short of going to court - a way to basically say to the PTO, "look, when you granted this patent, we weren't watching and so didn't look for prior art then. But we have prior art now, and proof that they are in fact prior to the granting. Reconsider the granting." No courts invo
I would expect that a large amount of internal documentation exists on the history of this project (including at least one presentation to an Open Source conference).
Would the author of this post please get in touch with me to discuss how to proceed with this information (though the Austraian courts if not US - is Australia in the WTO. See my other comment in this thread here