Randomizing server-side addresses
US-2023179579-A1 · Jun 8, 2023 · US
Anonymizing client-side addresses
US12445407B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12445407-B2 |
| Application number | US-202318237578-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 24, 2023 |
| Priority date | Aug 24, 2023 |
| Publication date | Oct 14, 2025 |
| Grant date | Oct 14, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for using Prefix Address Translation (PAT), Mobile Internet Protocol (MIP), and/or other techniques to anonymize server-side addresses in data communications. Rather than allowing a server and/or endpoint have visibility of a client IP address of a client device accessing the server and/or endpoint, a virtual network service instead returns a PAT IP address that is mapped to the client device and/or the endpoint device. In this way, IP addresses of clients devices are obfuscated by the virtual network. The client device may then communicate data packets to the server and/or endpoint using the PAT IP address as the source address, and the virtual network service that works in conjunction with the server and/or endpoints can convert the PAT IP address to the actual IP address of the client for return packets using PAT and forward the return packet onto the client device.
First claim
Opening claim text (preview).
What is claimed is: 1. A system that runs a virtual service that anonymizes Internet Protocol (IP) addresses of client devices using a prefix address translation (PAT) service, the system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: generating a PAT Virtual IP (VIP) address based at least in part on an IP address of a client device; mapping the IP address of the client device to the PAT VIP address; storing a first association between a client identifier (ID) of the client device and the PAT IP address; receiving a first packet having a destination address that is an IP address of an endpoint; determining that a destination address of the first packet is a VIP address associated with the endpoint; determining that a source device is the client device to which the VIP address associated with the endpoint was provided; performing Prefix Address Translation (PAT) by changing a source address of the first packet from the IP address of the client device to the PAT VIP address; sending the first packet to a next hop associated with the IP address of the endpoint in response to determining that the source device is the client device to which the VIP address associated with the endpoint was provided; receiving a second packet from the endpoint; determining that a destination address of the second packet is the PAT VIP address; based at least in part on the mapping of the PAT VIP address to the IP address of the client device, performing PAT by changing the destination address of the second packet from the PAT VIP address to the IP address of the client device; and sending the second packet to the client device. 2. The system of claim 1 , the operations further comprising: mapping another IP address of another client device to another PAT IP address; determining the other client device requested another IP address of another endpoint; and storing a second association between another client identifier (ID) of the other client device and the other PAT IP address. 3. The system of claim 1 , the operations further comprising: mapping at least one server IP address of the endpoint to the VIP address associated with the endpoint; receiving a domain name system (DNS) request to resolve a domain name on behalf of the client device; converting the domain name into the VIP address associated with the endpoint; and providing the VIP address associated with the endpoint for use by the client device to contact the endpoint. 4. The system of claim 3 , the operations further comprising: determining that a destination address of a second packet is the VIP address associated with the endpoint; determining that the source device is not the client device to which the VIP address associated with the endpoint was provided; and dropping the second packet. 5. The system of claim 3 , the operations further comprising: determining that a destination address of a second packet is the VIP address associated with the endpoint; determining that the source device is the client device to which the VIP address associated with the endpoint was provided; and forwarding the second packet to the next hop associated with the endpoint. 6. The system of claim 1 , wherein the system includes a Network Address Translation (NAT) service and the PAT service. 7. The system of claim 1 , wherein the system includes a Domain Name System (DNS) service and the PAT service. 8. The system of claim 1 , wherein both the PAT VIP address and the IP address of the client device comprises an IPV6 address. 9. The system of claim 1 , wherein both the PAT VIP address and the IP address of the client device comprises an IPV4 address. 10. The system of claim 1 , wherein the IP address of the client device comprises a first portion including a prefix and a second portion including bits, the performing the PAT including translating the prefix in the first portion and maintaining the bits in the second portion. 11. A method performed at least partly by a computing system that anonymizes Internet Protocol (IP) addresses of client devices using prefix address translation (PAT) IP addresses, the method comprising: generating a PAT Virtual IP (VIP) address based at least in part on an IP address of a client device; mapping the IP address of the client device to the PAT VIP address; storing a first association between a client identifier (ID) of the client device and the PAT VIP address; receiving a first packet having a destination address that is an IP address of an endpoint; determining that a destination address of the first packet is a VIP address associated with the endpoint; determining that a source device is the client device to which the VIP address associated with the endpoint was provided; performing PAT by changing a source address of the first packet from the IP address of the client device to the PAT VIP address; sending the first packet to a next hop associated with the IP address of the endpoint in response to determining that the source device is the client device to which the VIP address associated with the endpoint was provided; receiving a second packet from the endpoint; determining that a destination address of the second packet is the PAT VIP address; based at least in part on the mapping of the PAT VIP address to the IP address of the client device, performing PAT by changing the destination address of the second packet from the PAT VIP address to the IP address of the client device; and sending the second packet to the client device. 12. The method of claim 11 , further comprising: mapping another IP address of another client device to another PAT IP address; determining the other client device requested another IP address of another endpoint; and storing a second association between another client identifier (ID) of the other client device and the other PAT IP address. 13. The method of claim 11 , further comprising: mapping at least one server IP address of the endpoint to the VIP address associated with the endpoint; receiving a domain name system (DNS) request to resolve a domain name on behalf of the client device; converting the domain name into the VIP address associated with the endpoint; and providing the VIP address associated with the endpoint for use by the client device to contact the endpoint. 14. The method of claim 13 , further comprising: determining that a destination address of a second packet is the VIP address associated with the endpoint; determining that the source device is not the client device to which the VIP address associated with the endpoint was provided; and dropping the second packet. 15. The method of claim 13 , further comprising: determining that a destination address of a second packet is the VIP address associated with the endpoint; determining that the source device is the client device to which the VIP address associated with the endpoint was provided; and forwarding the second packet to the next hop associated with the endpoint. 16. The method of claim 11 , wherein the system includes a Network Address Translation (NAT) service and a PAT service. 17. The method of claim 11 , wherein the system includes a Domain Name System (DNS) service and a PAT service. 18. One or more non-transitory computer-readable media storing computer executable instructions that, when executed by one or more
Assignees
Inventors
Classifications
Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer · CPC title
using domain name system [DNS] · CPC title
Internet protocol [IP] address subnets · CPC title
Internet protocol [IP] addresses · CPC title
between local and global IP addresses · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12445407B2 cover?
- Techniques for using Prefix Address Translation (PAT), Mobile Internet Protocol (MIP), and/or other techniques to anonymize server-side addresses in data communications. Rather than allowing a server and/or endpoint have visibility of a client IP address of a client device accessing the server and/or endpoint, a virtual network service instead returns a PAT IP address that is mapped to the clie…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L61/2503. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).