Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Arguments
Applicant's arguments filed 3/9/2021 have been fully considered. When considered in light of the present claim amendments, Applicant’s arguments are persuasive. While maintaining relevance to Applicant’s present claims, the amendments illustrate differences with respect to Callaghan’s approach. For example, in Callaghan, the interaction between the first and second content publishers is facilitated via a proxy, and this proxy handles cookie manipulations and commands to write cookies. The claims require, on the other hand, the cookie set directive to be sent by the second content publisher. 	In response, after further search and consideration, a new grounds of rejection has been made in view of Putthacharoen (R. Putthacharoen and P. Bunyatnoparat, "Protecting cookies from Cross Site Script attacks using Dynamic Cookies Rewriting technique," 13th International Conference on Advanced Communication Technology (ICACT2011), Gangwon, Korea (South), 2011, pp. 1090-1094) and Zhang (US-20100198911-A1).

Double Patenting
	The Double Patenting rejections initially made on pages 2 – 4 of the 1/21/2020 Non-Final Rejection remain pending.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3, 5 – 8, 10 – 12, 14 - 17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Putthacharoen (R. Putthacharoen and P. Bunyatnoparat, "Protecting cookies from Cross Site Script attacks using Dynamic Cookies Rewriting technique," 13th International Conference on Advanced Communication Technology (ICACT2011), Gangwon, Korea (South), 2011, pp. 1090-1094) in view of Zhang (US-20100198911-A1), Peter (Peter O. at Stackoverflow.com. "How to set multiple values in a single cookie using a delimiter?". May 27-28, 2013. pgs. 1-5) , and Knouse (US-20030074580-A1).

Regarding claim 1, Putthacharoen shows a method comprising:	receiving at a second content publisher (pg. 1091, left column, “attacksite.com”) from a client device (pg. 1091, left column, “executed on the victim’s browser, the cookies . . . will then be sent”), a web message that includes data representing name-value pairs (pg. 1091, right column, showing “Cookie: name = value” and the example name/value of “SID = ‘123abc’”; these are examples of the content of cookies which pg. 1091, left column, shows being sent to “attacksite.com”) of a plurality of first cookies (pg. 1091, left column, the “cookies” being sent (emphasis added)) previously set on the client device under a first domain name associated with a first content publisher (“bank.com”, pg. 1090 right column – pg. 1091 left column), the name-value pairs of the plurality of first cookies corresponding to user interaction data with the content first content publisher (pg. 1090, left column, showing where cookies “maintain authentication state” via storing session IDs “after [users] have been authenticated”; a user authenticating themselves is an example of a user interaction data with, e.g., “bank.com”);	extracting the data representing the name-value pairs of the plurality of first cookies from the web message (pg. 1091, left column, where attacksite.com will “read the cookies”).	Putthacharoen does not show where the cookies are transmitted via a web object request; and	sending, by the second content publisher, a directive to the client device to set, under a  second domain name associated with the second content publisher, a second cookie comprising a name value-pair, the value being a representation corresponding to the user interaction data with the content of the first content publisher.	Zhang shows where the cookies are transmitted via a web object request ([29,32], 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the cookie content exchange techniques of Putthacharoen with the cookie setting techniques of Zhang in order to allow the second domain to more easily access the newly obtained cookie data in future transactions (Zhang, [44]).	Putthacharoen in view of Zhang do not show a second cookie comprising a name-value pair wherein a value of name-value pair is an encoded representation of the name-value pairs of the plurality of first cookies.	Peter further discusses extracting the data representing the name-value pairs of the cookies (pg. 1, discussing “three different cookies” that contain “name”, “age”, and “membership number” name-value pairs); and also shows 	a second cookie comprising a name-value pair wherein a value of name-value pair is an encoded representation of the name-value pairs of the plurality of first cookies (pg. 1 and pg. 3, where content from 3 cookies, is combined into a single cookie via concatenation into the 
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the cookie delivery techniques of Putthacharoen in view of Zhang with the cookie data consolidation techniques of Peter in order to improve transmission and storage efficiency by utilizing fewer cookies (Peter, pg. 1 see “so I can use fewer cookies”).
Putthacharoen in view of Zhang and Peter do not show where the cookie comprises a hash encoded representation of content.	Knouse shows forming cookies containing a hash encoded representations of content (Fig. 37, item 1462 and [226]).	It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the cookie generation techniques of Putthacharoen in view of Zhang and Peter with the hash encoding of Knouse in order to utilize a well-understood mechanism for ensuring reliable and verifiable data transmission (content hashes are well-known types of checksums, and enable a content recipient to verify they have received the intended content).	Regarding claim 2, Putthacharoen in view of Zhang, Peter, and Knouse further show wherein the data representing the name-value pairs of the plurality of first cookies is the encoded representation (Peter, pg. 3, bottom, showing encoding “name”, “job”, and “age” as “Joe;31;athlete”).
Regarding claim 3, Putthacharoen in view of Zhang, Peter, and Knouse show wherein extracting the data representing the name-value pairs of the plurality of first cookies comprises converting the name-value pairs from the encoded representation to a usable form (Peter, pg. 3, where extraction is performed via the “getCookie” function).
Regarding claim 5, Putthacharoen in view of Zhang, Peter, and Knouse show claim 1, including wherein one of the name-value pairs of the plurality of first cookies represents a user name (Peter, see “name=Joe” on pg. 3) used to track user interactions with content published under the first domain name (Putthacharoen, discussing where a user’s authentication state tracked, and is based on interaction with the first domain “bank.com”, and Zhang, [4,8] discussing the value of one domain tracking a user’s activity in another domain).
Regarding claim 6, Putthacharoen in view of Zhang, Peter, and Knouse further show wherein the web object request is sent by the client device (Zhang, [29] discussing a client’s access request) responsive to a redirecting resource locator that comprises a URL (Putthacharoen, pg. 1090 left column – pg. 1091 right column showing where a request sent originally to “bank.com” results in a redirection to “attacksite.com”) including a query string containing the data representing the name-value pairs of the plurality of first cookies (Putthacharoen, pg. 1091, left column, showing a script that will send the content of the cookies, and Peter, pg. 3, showing where content from multiple cookies and multiple name-value pairs can be embedded within a single cookie name-value pair).
Regarding claim 7, Putthacharoen in view of Zhang, Peter, and Knouse further show wherein the data representing the name-value pairs of the plurality of first cookies is extracted from the query string using a server-side script (Peter, pg. 3, the “getCookie” script) executed 
Regarding claim 8, Putthacharoen in view of Zhang, Peter, and Knouse show by the second content publisher, sending a directive to the client device to set, under the second domain name (Zhang, [44]) one or more additional cookies specifying user interactions with content published by the second content publisher (Zhang, [4,8,44-45] where user interaction data is continually tracked via cookies, and thus updated).
Regarding claims 10 and 19, the limitations of said claims are addressed in the analysis of claim 1.
Regarding claim 11, the limitations of said claims are addressed in the analysis of claim 2.
Regarding claim 12 the limitations of said claims are addressed in the analysis of claim 3.
Regarding claim 14, the limitations of said claims are addressed in the analysis of claim 5.
Regarding claim 15, the limitations of said claims are addressed in the analysis of claim 6.
Regarding claim 16, the limitations of said claims are addressed in the analysis of claim 7.
Regarding claim 17, the limitations of said claims are addressed in the analysis of claim 8.
Regarding claim 20, Putthacharoen in view of Zhang, Peter, and Knouse further show wherein the data representing the name-value pairs of the plurality of first cookies is an encoded representation (Peter, pg. 3, bottom, where name, age, and job are encoded as “Joe;31;athelete”), and wherein extracting the data representing the name-value pairs of the plurality of first cookies comprises converting the name-value pairs from the encoded representation to a usable form (Peter, pg. 3, where extraction is performed via the “getCookie” function).

		
Claim 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Putthacharoen in view of Zhang, Peter, and Knouse, further in view of Kuo (EP 1 346 548 B1).
	Regarding claim 4, Putthacharoen in view of Zhang, Peter, and Knouse show claim 2.
Putthacharoen in view of Zhang, Peter, and Knouse do not show wherein the data representing the name-value pairs of the plurality of first cookies are left in their encoded form.	Kuo shows wherein the data representing the name-value pairs of the plurality of first cookies are left in their encoded form to preserve privacy data ([49], showing a “one way” MD5 hash) to preserve privacy data (inherently achieved as a result of performing the previously recited claim language).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the cookie management teachings of Putthacharoen in view of Zhang, Peter, and Knouse with those of Kuo in order to better protect the user data contained within the cookie.
Regarding claim 13, the limitations of said claims are addressed in the analysis of claim 4.

Claim 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Putthacharoen in view of Zhang, Peter, and Knouse, further in view of Berry (Berry, Wayne. “15 Sections: Sharing Cookies Across Domains”. 11/08/1997. Pgs. 1 – 4.).
	Regarding claim 9, Putthacharoen in view of Zhang, Peter, and Knouse show by a content publisher, sending a redirecting resource locator to the client device to redirect the client device to another content publisher having a domain name associated therewith (Putthacharoen, showing redirection from “bank.com” to “attacksite.com”) the redirecting resource locator comprising a representation of the cookies stored under the domain name, including the second cookie and the one or more additional cookies (Zhang, showing [40] showing where a redirection request can include content types found in cookies).
Putthacharoen in view of Zhang, Peter, and Knouse thus show the redirection-based exchange of cookies, but do not explicitly show use of the redirected cookies from a second to a  third domain.	Berry shows use of the redirected cookies to a third domain (pg. 1, see support for “three domains” in the section “Sharing Cookies Between Domains”).
	It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the cookie management teachings of Putthacharoen in view of Zhang, Peter, and Knouse with those of Berry in order to further enhance the reach of the cookie sharing functionality, allowing more extensive use of the tracking data, thus furthering the suggestions Regarding claim 18, the limitations of said claims are addressed in the analysis of claim 9.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN M MACILWINEN whose telephone number is (571)272-9686.  The examiner can normally be reached on Monday - Friday, 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WILLIAM TROST can be reached on (571)272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-


JOHN MACILWINEN
Primary Examiner
Art Unit 2442



/JOHN M MACILWINEN/Primary Examiner, Art Unit 2442