EXAMINER'S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Mr. David Judson, on 07/06/2022.
The application has been amended as follows: 

1.	(currently amended) An apparatus, comprising:
a processor; 
computer memory storing an operating system (OS) kernel and an associated kernel virtual network device, and computer program instructions configured to forward traffic in association with one or more enterprise applications, the one or more enterprise applications having associated therewith a set of hostnames, the computer program instructions comprising:
	program code instantiated as a Domain Name System (DNS) server and configured to remap a hostname of the set from its true IP address to an alternate IP address, the alternate IP address being an address within a defined address range; and
program code comprising a local proxy configured (a) to recognize, via the kernel virtual network device, traffic directed to the alternate IP address and that is destined for the one or more enterprise applications, and (b) to receive and route the traffic over a unique application hostname connection to an external proxy instead of to the one or more enterprise applications;
the local proxy being further configured to multiplex two or more application hostname connections to the external proxy, wherein each application hostname connection is uniquely associated with one of the set of hostnames; 
wherein the local proxy also is configured to annotate at least one application hostname connection prior to sending the traffic to the external proxy to enable the external proxy to disambiguate the two or more application hostname connections.

6.	(currently amended) The apparatus as described in claim 1, wherein the local proxy annotates each application hostname connection prior to sending the traffic to the external proxy

7.	(currently amended) The apparatus as described in claim [[6]] 1 further including the local proxy tunneling the traffic as annotated from the local proxy to the external proxy. 

14.	(currently amended) An access control system, comprising:
a secure computing environment comprising one or more machines that host access to one or more enterprise applications, the one or more enterprise applications having 
an application that executes on a computing device, the computing device having an operating system (OS) kernel and an associated kernel virtual network device, the application comprising:
	program code instantiated as a Domain Name System (DNS) server configured to remap a hostname of the set from its true IP address to an alternate IP address, the alternate IP address being an address within a defined address range, and 
	program code comprising a local proxy configured (a) to recognize, via the kernel virtual network device, traffic directed to the alternate IP address and that is destined for the one or more enterprise applications, and (b) to receive and route the traffic over a unique application hostname connection to the secure computing environment instead of the enterprise application;
the local proxy being further configured to multiplex two or more application hostname connections to the secure computing environment, wherein each application hostname connection is uniquely associated with one of the set of hostnames;
wherein the local proxy also is configured to annotate at least one application hostname connection prior to sending the traffic to the external proxy to enable the external proxy to disambiguate the two or more application hostname connections. 

21.	(currently amended)	The access control system as described in claim 14 wherein the local proxy annotates each application hostname connection prior to sending the traffic to the secure computing environment

22.	(currently amended) The access control system as described in claim [[21]] 14 wherein the local proxy is further configured to tunnel the traffic as annotated to the secure computing environment. 

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971. The examiner can normally be reached Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446