Remember The Story About The Secret Cookie Recipe? Looks Like It’s Been Patented

  • Written By: D. Geller
  • Published On: January 1 2003



Event Summary

U.S. Patent Number 6,073,241 has been issued to CNET for "Apparatus and method for tracking world wide browser requests across distinct domains using persistent client-side state." The patent application was filed in August 1996, which suggests that inventors Jonathan Rosenberg, Munish Gandhi and Andrew Werth were among the earliest to think about this problem.

The problem they address is that of allowing a user's identity to be shared between websites. In this context "identity" doesn't necessarily refer to personally identifiable information, of the kind that got DoubleClick in trouble. It could be as simple as a user id. Suppose that a publisher runs a family of related websites, say www.goldflutes.com and www.silverflutes.com, devoted to collectors of musical instruments. (Neither site exists as of the writing of this article.) It is in the publisher's interest, and arguably in the users' as well, that if a person registers on, or even visits, goldflutes.com then that person be automatically recognized by silverflutes.com. Since there is a large dropout rate from registration pages, this increases the chance that the person will visit both sites, adding to the publisher's page counts and revenues. The catch is that the cookie mechanism allows cookies to have only three kinds of access rights:

  • private to a server

  • private to a domain

  • open to all servers

None of these matches the publisher's need in this case.

The inventors' patent covers a procedure that, in essence, has the first site force the user's browser to send a page request to the second server. Part of this page request, using normal CGI protocols, would be the identification code stored in the cookie that is dropped by the first site. The second site can drop its own cookie, and then can relate this cookie to the one dropped by the first site. Some pictures might help. Figure 1 shows the situation after the user has visited the first site, goldflutes.com. The site has dropped a cookie with value "G1" on the user's machine.

At this point, goldflutes.com can begin compiling information about how the user interacts with the site. If the site collected any personally identifying information then that information is now associated with the identification "G1" in a database at goldflutes.com.

The patent addresses the problem that silverflutes.com would normally have no access to the information stored at goldflutes.com. For example, if the user will almost always respond to an ad for sheet music when at goldflutes.com, silverflutes.com would like to know this so as to present similar ads on the very first time the user visits. The method of the patent is for goldflutes.com to cause the user's browser to access the silverflutes.com site; including a link of some kind in the page can do this; this would not be a link that the user clicks but, for example, an image link that retrieves an empty image. Figure 2 shows this.

Whatever the exact form of the link that causes the user's browser to send a request to silverflutes.com Figure 3 shows that the request would contain the identification number as data.

Finally, as a result of the request silverflutes.com would plant its own cookie on the user's computer (here with identification "S1") and would keep a record of the fact that its identification "S1" identifies the same user as goldflutes.com's "G1;" this is shown in Figure 4. At this point the two sites can exchange information about the user at will.

It's no denigration of the inventors' achievement to point out that their solution is not unobvious, and has been rediscovered more than once in the four years since they filed. However, once again the IT world has to face the question of what is appropriate to patent, and what a patent holder should do.

Market Impact

Clearly, the market effect here will depend on whether CNET decides to enforce its patent. In theory, the company could require any website that uses the same kind of methodology to pay it a license fee, on more or less any terms it chooses. This is the traditional reason for taking out patents. While it clearly made sense when Edison was lighting up Menlo Park, many in Internet-related businesses question the relevance of patents and patent enforcement. Not everyone takes this position, of course. Unisys enforces its patent on the compression technology behind GIF images. Amazon.com has had no reticence about enforcing its patents, especially against rival Barnes and Noble.

CNET's official statement on the enforcement is "CNET holds a number of patents related to Internet technology. While we have not offensively asserted any of these patents in the past, we continue a process of identifying and filing patent applications to protect significant contributions to Internet technology." In other words, there are no immediate plans to enforce the patent, but neither has the company relinquished the right to act in the future. In short, CNET chooses to keep its options open and not reveal its cards.

User Recommendations

Clearly, any users that employ a mechanism like the one patented by CNET need to consider whether the patent should affect their technology plans; this would of course not be an issue if CNET makes the license freely available.

Why would a company bother with the expensive and time-consuming patent process if they don't plan to enforce it? One reason of course is the honor - especially for the employees who did the work. Another would be to protect themselves against someone else taking out a patent and enforcing it. That does appear to be CNET's approach now.

It is obviously not possible to determine, by some algorithmic statement, which kinds of things should be patented and which shouldn't. But many technology professionals believe that while they can't define precisely which ideas shouldn't be patented, like pornography they know them when they see them.

These musings suggest to us that the solons who make patent policy consider the creation of a system that for certain kinds of "invention" - especially those that are software implementations of algorithms - would allow for a company to gain the glory and protection but not permit them to exact license fees. Such a category of "patent" would, we believe, have to be a voluntary choice, with the incentives being at least a lower cost and a speedier process.

For all parties, the more general issue is whether the current patent process is serving the needs of technology. We encourage you, through professional associations and other venues, to think about and discuss this issue, and make your conclusions known to your representatives.

 
comments powered by Disqus