DONALD S COHEN, MD
Radiology at Beverly Blvd, Los Angeles, CA

6789190, Sep 7, 2004

Nov 16, 2000

09/715813

Donald N. Cohen - Los Angeles CA

Computing Services Support Solutions, Inc. - Los Angeles CA

G06F 1130

713160, 709238

The invention prevents “packet flooding”, where an attacker uses up all available bandwidth to a victim with useless data. It can also be used to prevent some other related denial of service attacks. The defense is distributed among cooperating sites and routers. The sites identify data they dont want. The routers help sites to determine which routers forward that data. The sites then ask these routers to reduce the rate at which such data is forwarded. Variations of the defense protect against packet flooding attacks on routers and attacks in which an attacker tries to use up some service offered by a site.

2006022, Oct 5, 2006

Apr 5, 2005

11/099181

Donald Cohen - Los Angeles CA, US
Krishnamurthy Narayanaswamy - Los Angeles CA, US

H04L 9/00

713154000

The invention computes approximate origins of data packets transmitted over the Internet. Law enforcement agencies and network operators can use it to assign responsibility for observed Internet activities. The invention uses a small number of cooperative locations (incoming links on routers or switches) to provide link identification data: whether a packet or did or did not traverse that location. The system uses these cooperative places to generate the link signature of a data packet—which places observed and did not observe the packet. Potential origin locations are divided into blocks that have the same link signatures to given destination locations. The blocks are used to generate reverse routing data, potential source addresses for different link signatures. Variations of the invention store relevant link identification and reverse routing data to find the origins of past packets or to compute the origins of packets from partial information about packets of interest.

2013002, Jan 31, 2013

Jan 27, 2012

13/360153

Donald N. Cohen - Los Angeles CA, US
Krishnamurthy Narayanaswamy - Los Angeles CA, US

H04L 12/56

370392

The invention computes approximate origins of data packets transmitted over the Internet. Law enforcement agencies and network operators can use it to assign responsibility for observed Internet activities. The invention uses a small number of cooperative locations (incoming links on routers or switches) to provide link identification data: whether a packet or did or did not traverse that location. The system uses these cooperative places to generate the link signature of a data packet—which cooperative locations observed and did not observe the packet. Potential origin locations are divided into pre-computed blocks that have the same link signatures to given destination locations. The blocks are used to generate reverse routing data, potential source addresses for different link signatures. Variations of the invention store relevant link identification and reverse routing data to find the origins of past packets or to compute the origins of packets from partial information about packets of interest.

7047564, May 16, 2006

Oct 31, 2001

10/001349

Donald M. Cohen - Los Angeles CA, US

Computing Services Support Solutions, Inc. - Los Angeles CA

G06F 11/30, G06F 15/16

726 23, 726 13, 709233

The invention is designed to eliminate or minimize the liability associated with “packet flooding” attacks originating from within a local area network connected to an external network such as one controlled by a university or governmental organization. In these attacks, an attacker uses up all available bandwidth to a victim with useless data. The invention performs its function by identifying and classifying data packets arriving at a “Reverse Firewall” for transmission to the external network using various techniques. For example, data packets that are sent in response to data packets received from the external network will receive a different classification and thus allocation of resources than data packets not sent in response to previously received packets. The invention also serves to maximize use of data packet handling resources within the local area network by identifying those data packets that are requests for service, measuring the amount of service required by those packets, storing and recalling past service measurements and thus determining an appropriate allocation of resources.

7523497, Apr 21, 2009

May 7, 2004

10/841064

Donald N. Cohen - Los Angeles CA, US

G06F 11/30

726 22, 726 25, 709235, 709238, 709239, 709240, 370229, 370231, 370235, 370237

The invention prevents “packet flooding”, where an attacker uses up all available bandwidth to a victim with useless data. It can also be used to prevent some other related denial of service attacks. The defense is distributed among cooperating sites and routers. The sites identify data they don't want. The routers help sites to determine which routers forward that data. The sites then ask these routers to reduce the rate at which such data is forwarded. Variations of the defense protect against packet flooding attacks on routers and attacks in which an attacker tries to use up some service offered by a site.

2011028, Nov 17, 2011

May 11, 2010

12/778051

Donald Cohen - Los Angeles CA, US
Krishnamurthy Narayanaswamy - Los Angeles CA, US

G06F 17/30

707711, 707769, 707E17108, 707E17002

This invention discloses how Virtual Database Technology can be used to make disparate data appear to be (or act as) the sort of uniform data one expects to find within a single relational database. In particular, we show how to process queries similar to those one might use in a database, even though the underlying data may be missing some of the capabilities that are required by normal databases. Whereas traditional databases require that all the tuples in a table be stored, our approach allows queries over tables where the tuples are generated as required from the data sources, and may not be stored anywhere. We show how such facilities can be used as a new foundation for Internet search.