METHODS AND SYSTEMS FOR SPILLOVER FROM COOKIE TO DATABASE

§101 §102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending for examination in instant application. Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/18/2025 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. As to claims 19-20, The claims are drawn to a "computer readable medium". The specification does not give a controlling definition that excludes signals from the claimed term "computer-readable medium". Thus, applying the broadest reasonable interpretation in light of the specification paragraph [0113], and taking into account the meaning of the words in their ordinary usage as they would be understood by one of the ordinary skilled in the art (MPEP 2111), the claim as a whole cover both transitory and non-transitory media. A transitory medium does not fall into any of the 4 categories of invention (process, machine, manufacture, or composition of matter). Means for “invoking 112 sixth paragraph acknowledgment The examiner is hereby acknowledging the applicant is invoking the 112th 6th paragraph, means for function. The Examiner is interpreting the “means for configuring said computer memory for storing a browser cookie…” in light of fig.4, HTTP Server and paragraph [0120], e.g., the means for performing the steps associated with the processes described above may include any of the hardware and/or software. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1, 9, 10, 18 and 19 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Reshadi et al. (Pub. No.: US 2017/0169100 A1), hereinafter “Resh”. As to claim 1. Resh discloses, a data storage and retrieval system for a computer memory associated with a web browser (Resh, [0063], The web browser 112 may include web cookie storage 122 (e.g., data structure) storing stored web cookies.), comprising: means for configuring said computer memory for storing a browser cookie, said browser cookie (Resh, [0063], cookie storage 122 in browser memory) including: session cookie information, the session cookie information being up to a threshold size (Resh, [0027], imposed cookie size limits “maximum total data size per cookie”. Also see [0158]); and overflow cookie information (Resh, [0027], describes exceeding cookie size limits and the need for virtualization), the overflow cookie information including an overflow indication and a database identifier pointing to a database on a server where additional cookie information is stored (Resh, [0066 – 0068], server-side cookie storage 152 maintains copies of cookies i.e. logs. Also see [0144] – [0147], mapping between encoded and original domains, including identifiers). As to claim 9. The data storage and retrieval system of claim 1, wherein the threshold size is set for all cookies within the computer memory for a domain (Resh, [0027], browsers limit the maximum number of cookies per domain, the maximum total data size per cookie, and/or maximum total data size of all cookies per domain). As to claim 10 is rejected for same rationale as applied to claim 1 above. As to claim 18 is rejected for same rationale as applied to claim 9 above. As to claim 19 is rejected for same rationale as applied to claim 1 above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 2, 11 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Reshadi et al. (Pub. No.: US 2017/0169100 A1), hereinafter “Resh” in view of Wang et al. (Patent No.: US 11,381,600 B1), hereinafter “Wang”. As to claim 2. Resh discloses the invention as cited above. Resh however is silent to disclose explicitly, wherein the session cookie information and overflow cookie information are encrypted, the browser cookie further comprising an unencrypted header providing a key identifier for a key used for decrypting the session cookie information and the overflow cookie information. Wang discloses a similar concept in the same field of endeavor, wherein the session cookie information and overflow cookie information are encrypted (Wang, col.6, the browser cookie further comprising an unencrypted header providing a key identifier for a key used for decrypting the session cookie information and the overflow cookie information (Wang, col.6, The cookies 115 can include a unique cookie identifier and the small amount of data (which can include a cookie value, attributes, etc.). col.7, lines 41-47, When the web browser 111 sends a request 120 over the network 105, the web browser 111 can generate and send an attestation token 122 with the request, or send a request in the form of an attestation token 122, and col.12, lines 54-67, decrypting process.). Therefore, before the effective fling date of the instant application it would have been obvious to one of the ordinary skilled in the art to incorporate the teachings of “Wang” into those of “Resh” to provide a method, for creating secure browser cookies. The method includes providing an encrypted cookie request that requests encryption of a cookie of the digital component provider and includes a digital component request identifier; receiving an encrypted cookie generated by encrypting the cookie using the digital component request identifier and an encryption key, wherein the encrypted cookie is configured for inclusion in a request for digital components from the digital component provider for presentation on the webpage; generating a digital component request for digital components that includes the encrypted cookie. As to claim 11 is rejected for same rationale as applied to claim 2 above. As to claim 20 is rejected for same rationale as applied to claim 2 above. Claim(s) 3-6, 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Reshadi et al. (Pub. No.: US 2017/0169100 A1), hereinafter “Resh” in view of Wang et al. (Patent No.: US 11,381,600 B1), hereinafter “Wang” and further in view of Tsai et al. (Pub. No.: US 2012/0089849 A1), hereinafter “Tsai”. As to claim 3. The combined system of Resh and Wong discloses the invention as applied above. Resh and Wong however are silent to disclose explicitly, wherein the unencrypted header further includes a database location for the key. Tsai discloses a similar concept in the same field of endeavor including, wherein the unencrypted header further includes a database location for the key (Tsai, [0017], The encryption module 104 may associate an encryption key with the cookie data and encrypt the cookie data using that key. The encryption key associated with the cookie data may be stored in the database 190.). Therefore, before the effective fling date of the instant application it would have been obvious to one of the ordinary skilled in the art to incorporate the teachings of “Tsai” into those of “Resh and Wong” to provide a system for managing cookies in a client device on a network includes a communication module, a cookie parser, an encryption module, and a storing module. The communication module sends an HTTP request to a web server on the network, and the cookie parser extracts any cookie data from the HTTP response by the web server. The encryption module encrypts the cookie data and the storing module stores the encrypted data in a memory area of the client device. As to claim 4. The combined system of Resh, Wong and Tsai disclose the invention as applied above including, wherein the browser cookie is compressed (Tsai, [0017]). As to claim 5. T The combined system of Resh, Wong and Tsai disclose the invention as applied above including, wherein the unencrypted header further comprises an indicator of a compression algorithm used for compression (Tsai, [0017], compression module). As to claim 6. The data storage and retrieval system of claim 1, wherein the overflow cookie information includes a decryption key for the additional cookie information stored at the database on the server (Tsai, [0017], The encryption module 104 may associate an encryption key with the cookie data and encrypt the cookie data using that key. The encryption key associated with the cookie data may be stored in the database 190.). As to claim 12 is rejected for same rationale as applied to claim 3 above. As to claim 13 is rejected for same rationale as applied to claim 4 above. As to claim 14 is rejected for same rationale as applied to claim 5 above. As to claim 15 is rejected for same rationale as applied to claim 6 above. Claim(s) 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over Reshadi et al. (Pub. No.: US 2017/0169100 A1), hereinafter “Resh” in view of Wang et al. (Patent No.: US 11,381,600 B1), hereinafter “Wang” and further in view of Spulak et al (Pub. No.: US 2020/0084285 A1), hereinafter “Spul”. As to claim 7. The combined system of Resh and Wong discloses the invention as applied above. Resh and Wong however are silent to disclose explicitly, wherein the overflow cookie information identifies a region for the database on the server. Spul discloses a similar concept in the same field of endeavor including, wherein the overflow cookie information identifies a region for the database on the server (Spul, [0079], all the cookie related information is saved on remote database server). Therefore, before the effective fling date of the instant application it would have been obvious to one of the ordinary skilled in the art to incorporate the teachings of “Tsai” into those of “Resh and Wong” to provide a method of daily or other periodic creation of a user-sponsored cookie-like packet of encoded and encrypted information containing personal identity details and information use rules which, when the packet is attached to a delivery mechanism such as a browser header record, it is delivered to network-based resource provider platforms. Upon receipt and recognition of the modified header record by a subscribing provider, the cookie-like information packet is decrypted and decoded by application programs revealing personal identity details as well as associated data rules. Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Reshadi et al. (Pub. No.: US 2017/0169100 A1), hereinafter “Resh” in view of Wang et al. (Patent No.: US 11,381,600 B1), hereinafter “Wang” and further in view of Kauffman et al (Pub. No.: US 2024/0236195 A1), hereinafter “Kauf”. As to claim 8. The combined system of Resh and Wong discloses the invention as applied above. Resh and Wong however are silent to disclose explicitly, wherein information within the browser cookie is prioritized, and wherein information stored in the session cookie information has a higher priority than information stored at the database on the server. Kauf discloses a similar concept in the same field of endeavor including, wherein information within the browser cookie is prioritized, and wherein information stored in the session cookie information has a higher priority than information stored at the database on the server (Kauf, [0034], client manager uses new generated cookie for the modified session as opposed to using the stored cookie). Therefore, before the effective fling date of the instant application it would have been obvious to one of the ordinary skilled in the art to incorporate the teachings of “Tsai” into those of “Resh and Wong” to provide a client cookie management system is disclosed that includes capabilities for securely managing a session between a web-based application and a user interacting with the web-based application using session cookies. The system receives a request from a user to access a resource provided by a web server and forwards the request to the web server. The web server generates a session cookie comprising a session identifier associated with a session created for the user. The system receives the session cookie from the web server and generates a new session cookie comprising a new session identifier and transmits the new session cookie to the client application. The system receives a second request to access a different resource from the client application. The second request comprises the new session cookie. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see the attached PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAUQIR HUSSAIN whose telephone number is (571)270-1247. The examiner can normally be reached M-F 7:00 - 8:00 with IFP. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian J Gillis can be reached at 571 272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Tauqir Hussain/Primary Examiner, Art Unit 2446