Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Awarded Cookie Patent

Posted by timothy on from the making-unfriendly-behavior-rational dept.

theodp writes "On Tuesday, the USPTO granted Amazon.com a patent for the Use of browser cookies to store structured data, which covers the storing of data structures and non-character data within browser cookies. In a February SEC filing (pdf), Amazon reiterated that they expect that they may license certain patents to third parties in the future."

6 of 79 comments (clear)

  1. Bogus, but specific by spRed · · Score: 5, Insightful

    So the patent looks silly on the face, but the opening claims are easy to work around and make it hard for them to sue:

    a method of incorporating at least one data structure from the database into a browser cookie to reduce accesses to the database

    Okay, the stuff I'm storing in the cookie isn't the same as a structure in my database. FOAD. You think it is? I say it is half a structure from my database. Or one item from each of five structures in my database.

    They could drown you in lawsuits, but they didn't need a patent to do that anyway.

    --
    .sig Karma out the wazoo, better to spend points elsewhere if this is above 2 or below 0
  2. Re:CSV, etc? by FFFish · · Score: 3, Insightful

    Better yet would be Python's pickle serialization library, which stores anything from strings to classes, all in printable ASCII... ie. a freakin' cookie.

    --

    --
    Don't like it? Respond with words, not karma.
  3. key value by Visigothe · · Score: 2, Insightful

    ok, I am stating this up front. I didn't read the entire patent article. My apologies.

    That said, isn't the idea of a cookie, in fact, a structure? In this case, a key/value pair??

    --
    Blocklevel: Practical Information Architecture
  4. So by dtfinch · · Score: 4, Insightful

    Their method appears to be for storing a binary copy of the entire customer record, encoded (base64 or similar), encrypted, and checksummed, into a cookie. As prior-art as the title of the patent may appear, I haven't seen it done in exactly this fashion.

    If you do it without encryption or without a checksum then you're probably not infringing. Same if you avoid binary encoding. If you save a textual representation of the record, and use a form of encryption that works on plain text, you can achieve the same effect without infringing.

    And if someone tries to patent my idea, I'll make business very hard for them.

  5. *WHY*? by jonadab · · Score: 2, Insightful


    Isn't it considered to be better practice (in terms of security and privacy and
    all that jazz) to only use the cookie as a unique ID, an index into your DB
    table(s) containing all the other information? What is the advantage to
    storing more stuff on the client side?

    --
    Cut that out, or I will ship you to Norilsk in a box.
  6. Re:Cookie madness, anyone? by HalfFlat · · Score: 3, Insightful
    I'm wondering how it is faster to pull a cookie from the browser, compute its checksum, compair, if they match, decrypt, then decode. Surely that can't be faster than a properly cached local database query.


    Given that the limiting resource is server resources as opposed to customer waiting time or network bandwidth, and given how much seriously faster CPU is over disk access, it looks like a win to me.

    Once your data gets larger than 8k or so, you begin to seriously annoy people on modem connections, so I'm assuming the cookie is smaller than this. Checksumming and decrypting 8kbytes of data on a modern machine really ought to be very quick indeed. For order of magnitude estimates, I'd guess the process takes about 15 clock cycles per byte of cookie as an upper bound, coming to significantly less than a milisecond on a modern CPU. This is much less than the cost of a disk access.