EXAMINER’S AMENDMENT
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Brian Arment on 19 October 2021.
The application has been amended as follows: 
In the claims:

1. (Currently Amended) A method of passing information about a user into a network environment from a gateway to the network environment, the method comprising:
	in the gateway:
receiving first user information from a first connection endpoint outside of the network environment;
in response to authorizing the user based on the first user information, establishing a first virtual private network (VPN) connection between the gateway and the first connection endpoint;
removing encapsulation of one or more first packets received from the first connection endpoint over the first VPN connection;
adding the first user information to a packet header of the one or more first packets 
transferring the one or more first packets into the network environment.

2. (Original) The method of claim 1, wherein the one or more first packets comply with Internet Protocol version 4 and wherein adding the first user information to the packet header comprises:
	including the first user information to an option type field of the packet header.

3. (Original) The method of claim 1, wherein the one or more first packets comply with Internet Protocol version 6 and wherein adding the first user information to the packet header comprises:
	including the first user information to an extension header of the packet header.

4. (Original) The method of claim 1, further comprising:
	in the gateway, establishing a second connection within the network environment using a transport protocol.

5. (Original) The method of claim 4, wherein the one or more first packets comprise handshake packets exchanged during a handshake procedure for the transport protocol.

6. (Currently Amended) The method of claim 1, wherein the one or more first packets comprise packets received via the first VPN connection.

7-8. (Canceled)

9. (Original) The method of claim 1, further comprising:
	implementing microsegmentation within the network environment based on the first user information in the packet header.

10. (Original) The method of claim 9, wherein implementing the microsegmentation comprises:
	enforcing policies at one or more packet network interfaces within the network environment.

11. (Currently Amended) An apparatus for passing information about a user into a network environment from a gateway to the network environment, the apparatus comprising:
	one or more computer readable storage media;
	a processing system operatively coupled with the one or more computer readable storage media; and
	program instructions stored on the one or more computer readable storage media for a network traffic optimizer that, when read and executed by the processing system, direct the processing system to:
receive first user information from a first connection endpoint outside of the network environment;
in response to authorizing the user based on the first user information, establish a first virtual private network (VPN) connection between the gateway and the first connection endpoint;
removing encapsulation of one or more first packets received from the first connection endpoint over the first VPN connection;
add the first user information to a packet header of the one or more first packets 
transfer the one or more first packets into the network environment.

12. (Original) The apparatus of claim 11, wherein the one or more first packets comply with Internet Protocol version 4 and wherein to add the first user information to the packet header, the program instructions direct the processing system to:
	include the first user information to an option type field of the packet header.

13. (Original) The apparatus of claim 11, wherein the one or more first packets comply with Internet Protocol version 6 and wherein to add the first user information to the packet header, the program instructions direct the processing system to:
	include the first user information to an extension header of the packet header.

14. (Original) The apparatus of claim 11, wherein the program instructions further direct the processing system to:
	establish a second connection within the network environment using a transport protocol.

15. (Original) The apparatus of claim 14, wherein the one or more first packets comprise handshake packets exchanged during a handshake procedure for the transport protocol.

16. (Currently Amended) The apparatus of claim 11, wherein the one or more first packets comprise packets received via the first VPN connection.

17-18. (Canceled)

19. (Original) The apparatus of claim 11, wherein the program instructions further direct the processing system to:
	implement microsegmentation within the network environment based on the first user information in the packet header, wherein the microsegmentation includes enforcing policies at one or more packet network interfaces within the network environment.

20. (Currently Amended) One or more computer readable storage media having program instructions stored thereon for passing information about a user into a network environment from a gateway to the network environment, the program instructions, when read and executed by a processing system, direct the processing system to:
receive first user information from a first connection endpoint outside of the network environment;
in response to authorizing the user based on the first user information, establish a first virtual private network (VPN) connection between the gateway and the first connection endpoint;
removing encapsulation of one or more first packets received from the first connection endpoint over the first VPN connection;
add the first user information to a packet header of the one or more first packets 
transfer the one or more first packets into the network environment.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTINE T DUONG whose telephone number is (571)270-1664. The examiner can normally be reached Monday - Friday 8 AM - 6 PM EST with every other Friday off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yemane Mesfin can be reached on (571)272-3927. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
	


/CHRISTINE T DUONG/
Primary Examiner, Art Unit 2462                                                                                                                                                                                                        
10/19/2021