DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on February 5, 2021 has been entered.
Response to Amendments
	This office action responds to the amendments filed on February 5, 2021 for application 15/543,724.  Claims 1-2, 6-7, and 10-13 were amended, claim 17 was cancelled, and claims 21-23 were added as new claims.  Claims 1-16 and 18-23 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on February 5, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 10 of the Remarks that concerns the § 112(b) rejection of claim 17, the cancellation of the claim renders the rejection moot.
	Regarding the Applicant’s response at pages 10-13 of the Remarks that concerns the § 103 rejection of independent claim 1, and thus independent claims 6 and 
	Regarding the Applicant’s response at pages 13-14 of the Remarks that concerns the § 103 rejection of the pending dependent claims, the arguments for patentability rest upon the allowance of independent claims 1, 6, and 10.  Because the independent claims are not patentable over the prior art of record, the dependent claims are similarly not allowable.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-2, 6-7, 10-11, 14-15, 18, 20 and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Hikichi (US 2016/0269232, “Hikichi”) in view of Combellas et al. (US 10,078,535, “Combellas”), and further in view of Connor et al. (US 2016/0182684, “Connor”).
Regarding Claim 1
Hikichi discloses
A machine readable non-transitory storage medium (Fig. 4, ¶ [0046], “read only memory (ROM) 103”) storing machine readable instructions corresponding to control logic (Fig. 4, ¶ [0046], “program 106”) for …1,  
wherein by executing the machine readable instructions, a hardware processor (Fig. 4, ¶ [0046], “processor 101”) is caused to: 
receive a service request (Fig. 5, ¶ [0047], “D1 of FIG. 5 is an example of the service chain that is generated when a user of the terminal 10a requests, to an operator, setting of a path that reaches from the terminal 10a to the terminal 10 b through a firewall and a cache server.”) for requesting the set of security services (Fig. 5, ¶ [0047], i.e., the “user” requests a service for a flow from “IPa” to “IPb” that includes only the security service of a “firewall;” see also Combellas (Fig. 1, Col. 2:66-3:6) and Connor (¶ [0018]) discloses additional security features, such as an “intrusion detection devices” and “load balancers” to create the set of security services) with respect to a target flow (Fig. 5, ¶ [0047], i.e., the flow path from “IPa” to “IPb;” see also Connor (Figs. target flow), wherein:
2 …,
the target flow defining an order for executing the set of security services…3 (Fig. 5, ¶¶ [0047]-[0050], i.e., the path “A” that travels from “IPa” to “IPb” and passes through FW1 and CACHE3 is a target flow that defines an order for executing the set of … services, with the a path for a set of security services being disclosed by Fig. 1, Col. 2:66-3:6 of Combellas; see also Connor Figs. 6-9), and 
4…; 
5 …for providing the set of security services to the target flow (Fig. 5, ¶ [0048], “When the service chain is generated, a virtual machine that [acts as a security device] is operated as a VNF 60 included in a new service chain is generated in a physical server that is selected from physical servers in a communication system, and…,” i.e., the security device is the “VNF” of Fig. 5), first service configuration information of the security service configuration, and next-hop information of the security device (Fig. 5, ¶ [0050], i.e., within “the routing table” that is determine[d] upon “the service chain [being] generated,” the routing table includes first service configuration information that delivers a data packet first to “FW1,” and the routing table includes next-hop information that delivers the data packet next to “Cache 3”); and 
configure the first service configuration information of the security service configuration and the next-hop information onto the security device (Fig. 5, ¶ [0050], “A routing table held [,and thus configure[d] … onto the security device,] by … VNFs 60 (FW 1, Cache 3) is illustrated so as to easily view transfer processing in D2.”), 
so that the security device provides the set of security services to the target flow according to the first service configuration information and forwards the target flow according to the next-hop information (Fig. 5, ¶¶ [0047]-[0050], i.e., the VNF, which acts as the security device and includes “FW1” and “CACHE3” (and the other security services as disclosed in Combellas), provides the set security services to the target flow as illustrated by the path “A” and according to the “routing table” that includes the first service configuration information and the next-hop information).  
Hikichi doesn’t disclose
	1 … providing a set of security services,
	2 implementing the target flow executes the set of security services in accordance with a security service configuration and executes the set of security services as different service levels, including throughput, concurrency value, or number of policies,
3 … in accordance with the security service configuration,
	4 the set of security services corresponding with the throughput, the concurrency value, or the number of policies,
	5 determine a security device…
Combellas, however, discloses
	1 … providing a set of security services (Fig. 1, Col. 2:66-3:6, “The NNFs 108 as shown include a session border controller (SBC) 108a, a firewall 108b, and a switch (e.g., router) 108 c. Examples of other NNFs that may be provided by the network service infrastructure management system 100 [that provid[e] a set of security services] include load balancers, intrusion detection devices, and wide area network (WAN) accelerators to name a few.”),
	3 … in accordance with the security service configuration (Fig. 1, Col. 2:66-3:6, i.e., the ordering of the tasks 108a-c, with additional tasks potentially including “load balancers” and “intrusion detection devices.”),
Connor, however, discloses
	2 implementing the target flow (Figs. 6-9, ¶¶ [0053]-[0054]) executes the set of security services (Figs. 6-9, ¶ [0018]) in accordance with a security service configuration (Fig. 3, “The service function chain determination module 306 is configured to determine a preferred service function chain [with the resulting output comprising a security service configuration] based on the required service functions determined by the service functions determination module 302”) and executes the set of security services as different service levels (¶ [0033], “The present conditions (i.e., service function chain selection criteria) [that consequently lead to different service levels] may include the number and type of presently running VMs on the remote computing device 106, the number of remote computing devices 106 available, network bandwidth availability/utilization, quality of service (QoS) requirements, and/or properties of the components of the remote computing device(s) 106 (e.g., present capacity of the processor 202, amount of memory 206 available, amount of data storage available in the data storage device 208, etc.). As will be described in further detail below, to determine the preferred service function chain, the service function chain determination module 306 may be configured to determine which required service functions [(where a “required” function represents a different service level than a function that need not be performed)] are required to be performed on the critical network packet processing path, which required service functions are required to be performed in real-time, and/or which , including throughput, concurrency value, or number of policies (¶ [0035], “As noted previously, each VM may be configured to perform a service function on the network packet, such as one or more firewall services [involving policies, such as allowed IP addresses, and concurrent connections or concurrency], NAT services, load balancing services [involving throughput], DPI services, and/or TCP optimization services, some of which may be performed in parallel.”),
4 the set of security services corresponding with the throughput, the concurrency value, or the number of policies (¶ [0035], i.e., a firewall correspond[s] with concurrency and a number of policies and a load balancer corresponds with throughput),
	5 determine a security device… (Fig. 3, ¶ [0034], “The service function path control module 308 [acts as a security device] is configured to control the generation of the service function path and manage the network packet as it is processed through each required service function of the service function path,” noting )
	Regarding the rationale to combine Hikichi and Combellas, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the service management system of Hikichi to have the additional service features of Combellas. One of ordinary skill in the art would have been motivated to incorporate the additional service features of Combellas because Combellas teaches the use of additional services that serve to increase the security of a target flow and the additional services can be provided in “an efficient, organized manner.”  See Combellas Col. 2:18-37.

Regarding Claim 2
Hikichi in view of Combellas, and further in view of Connor (“Hikichi-Combellas-Connor”) discloses the medium according to claim 1, and Connor further discloses 
wherein: the security device is determined based on security service information (Fig. 3, ¶ [0030], “Referring now to FIG. 3, in use, the remote computing device 106 establishes an environment 300 during operation. The illustrative environment 300 includes a service functions determination module 302, a service function chain determination module 306, and a service function path control module 308,” i.e., the “remote computing device 106 establishes an environment 300” that includes the “service function path control module 308” that acts as the security device; and ¶ [0030], “The illustrative environment 300 additionally includes service function policy data 304 that may include information on service functions [that acts as security service information], such as which service functions to apply to particular network packets, dependencies between service functions, and/or the like.”),
the security information includes (¶ [0030]) one or more service types (Figs. 6-9, i.e., load balancer, firewall, virus scan, etc.) respectively associated with a service policy (¶ [0033], “The service function chain determination module 306 may generate more than one possible service function chain and compare the possible service function chains based on present conditions of the remote computing device 106,” with the “preferred service function chain” being based upon a service policy) and the order (¶ [0033], “The service function chain determination module 306 may determine the preferred service function chain based on service function dependency information (e.g., sequential [or order[ing]] dependencies, temporal dependencies, etc.).”); and 
by executing the machine readable instructions (Fig. 4, ¶ [0046]), the hardware processor (Fig. 4, ¶ [0046]) is further caused to:
determine the security device (Fig. 3, ¶ [0034]) and the first service configuration information (Fig. 5, ¶ [0050] of Hikichi; see also Connor ¶ [0032], i.e., “lookup table”) of the security service configuration according to the service type and the service policy associated with the service type (¶¶ [0032]-[0033], e.g., “The service functions determination module 302 is configured to determine which service functions [as a service type] are required for each network packet received by the remote computing device 106. In some embodiments, determining the required service functions [as a service policy] may be based on flow policies corresponding to a type (e.g., email, video, audio, web, etc.) and/or a payload of the network packet.,” and “The service function chain determination module 306 may determine the preferred service function chain [as a service policy] based on service function dependency information (e.g., sequential dependencies, temporal dependencies, etc.).”); andSMRH :4815-2301-5346.3-2-Application No.: 15/543,724Docket No.: 90459182 
determine the next-hop information of the security device according to the order and the first service configuration information of the security service configuration (¶ [0033], “The service function chain determination module 306 may determine the preferred service function chain based on service function dependency information (e.g., sequential [or order[ing]] dependencies, temporal dependencies, etc.);” and Figs. 6-9 that shows a particular resulting order).
Regarding the combination of Hikichi and Connor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.
Regarding Claim 14
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses
wherein the target flow …1 (Fig. 5, ¶¶ [0047]-[0050], i.e., the path A that delivers the services of FW1 and CACHE3, with the target flow identif[ying] the various security devices as disclosed in Combellas), and 
identifies a second security device (of Combellas, i.e., NNF 108b as the firewall acts as a second security device) based on the next-hop information of the security device (Fig. 5, ¶¶ [0047]-[0050], i.e., the “routing table” that contain next-hop information enables the target flow as depicted by path “A” to identify the second security device).  
Combellas further discloses
	1 … identifies the security device as a first security device and a last security device in a set of security devices (Fig. 1, Col. 2:66-3:23, i.e., a first and last “NNF 108a-c” involved in a target flow is shown in Fig. 1, and these NNFs may comprise an first security device as NNF 108a (with the intrusion detection device simply substituting for the SBC as shown in Fig. 1), and thereby NNF 108b acting as firewall and serving as a last security device (noting that in a § 103 rejection need not literally teach every limitation, see MPEP § 2141(III)), 
Regarding the rationale to combine Hikichi and Combellas, the rationale to combine Hikichi and Combellas is the same as provided for claim 1.
Regarding Claim 15
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Combellas further discloses
wherein the set of security services (Fig. 1, Col. 2:66-3:23, i.e. the various NNFs) correspond with levels of throughput (Col. 3:7-23, i.e., the “throughput capacity” correspond[s] to the throughput of one of the NNFs that acts as a firewall), concurrency value (Col. 3:7-23, i.e., the “processing capability” correspond[s] to the concurrency of one of the NNFs where the level of the “processing capability” can be set according to the amount of traffic associated with the firewall), and number of policies (Col. 3:7-23, i.e., when the NNFs comprise a intrusion detection system and a firewall, each service provided by the NNFs involve a different policy, and thus the set of security services correspond with … numbers of policies, i.e., the two different services directly corresponds to the two different policies.  
Regarding Claim 18
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses
wherein the target flow comprises a first security service and a second security service in the set of security services (Fig. 1, Col. 2:66-3:23, i.e., a first and second “NNF 108a-c” involved in a target flow is shown in Fig. 1, and these NNFs may comprise an “intrusion detection device[]” that provides a first security service as NNF 108a (with the intrusion detection device simply substituting for the SBC as shown in Fig. 1), and thereby NNF 108b acting as firewall and providing a second security service), 
wherein the first security service is provided by a first device and the second security service is provided by a second device (Fig. 1, Col. 2:66-3:23, i.e., NFF 108a and NFF 108b comprise individual device[s] that provide distinct service[s]).  
Regarding Claim 20
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses
wherein upon receiving the security service information (Fig. 5, ¶ [0047], “D1 of FIG. 5 is an example of the service chain that is generated when a user of the terminal 10a requests, to an operator, setting of a path that reaches from the terminal 10a to the terminal 10 b through a firewall and a cache server.”), 
the security service information is converted into a service configuration information format for configuring the security device to provide the set of security services (¶ [0050], “A routing table held by access routers 1 (1 a, 1 b) and VNFs 60 (FW 1, Cache 3) is illustrated so as to easily view transfer processing in D2. The routing table in each device is set by a device that performs processing for generating a service chain when the service chain is generated,” i.e., the “routing table” contains the security service information that has been converted into a service configuration information format).
Regarding Claim 22
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Connor further discloses
wherein the security device is automatically determined based on security service information (Fig. 4, ¶¶ [0036], “Referring now to FIG. 4, in use, the remote computing device 106 may [automatically] execute a method 400 for processing a network packet through a service function chain including a plurality of service functions,” i.e., an intervention of an administrator is not required to create the service function chain), and wherein the security service information is converted into a standard configuration format applicable for the security device ((At ¶ [0022] of Applicant’s published application US 2018/0007001, the Applicant states as an admission to the state of the art, “Such security service information may fail to be directly configured on the security devices because the security devices usually have their own service configuration standard interfaces.” (emphasis added”).  The Applicant then states, “Thus, the security control center module 12 may perform format conversion on the security service information, and convert the security service information into the first service configuration information for configuring the security device to provide security service. (emphasis added).  Accordingly, given the usual individual service configuration standard interfaces, it would be obvious to one skilled in the art based upon “thus” to have a different format from a configuration standard associated with the security device. See MPEP § 2141(III), stating “Prior art is .  
	Regarding the combination of Hikichi and Connor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 22.
Regarding Claim 23
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Connor further discloses
wherein the first service configuration information is firewall-related, intrusion-prevention-system-related, or a load-balancing-related configuration information (Figs. 6-9, ¶ [0018], “In use, as will be described in further detail below, upon receipt of a network packet from the computing device 102, the remote computing device 106 determines which network functions or services (e.g., firewall services, network address translation (NAT) services, load-balancing services, deep packet inspection (DPI) services, transmission control protocol (TCP) optimization services, etc.) are required to be performed on the network packet.”).
Regarding the combination of Hikichi and Connor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 23.
Regarding Independent Claims 6 and 10
mutatis mutandis, to the subject matter of claims 6 and 10. Therefore, claims 6 and 10 are rejected, for similar reasons, under the grounds set forth for claim 1. 
Regarding Dependent Claims 7 and 11
With respect to claims 7 and 11, a corresponding reasoning as given earlier for claim 2 applies, mutatis mutandis, to the subject matter of claims 7 and 11. Therefore, claims 7 and 11 are rejected, for similar reasons, under the grounds set forth for claim 2. 
B.	Claims 3, 8, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Hikichi in view of Combellas and Connor, and further in view of Koganti et al. (US 2013/0223449, “Koganti”).
Regarding Claim 3
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses
wherein, by executing the machine readable instructions (Fig. 4, ¶ [0046]), the hardware processor (Fig. 4, ¶ [0046]) is further caused to: 
1 …; 
determine the next-hop information of the non-security device onto the non-security device, …2 (Fig. 5, ¶ [0050], “A routing table held by … VNFs 60 [(and thus configure[d] … onto the non-security device, such as Cache 3)] is illustrated so as to easily view transfer processing in D2.”).  
Hikichi-Combellas-Connor doesn’t disclose but Koganti further discloses
1 determine the next-hop information of a non-security device (¶ [0075], i.e., “appliance 442 provides service 454 to fabric switch 400 and is coupled to member switch 403. Examples of a service include, but are not limited to ... network analysis, and network virtualization.”, which are non-security functions) immediately before the security device (¶ [0076], i.e., “The configuration also specifies the sequence of the required services to be services 452, 454, and 453.”), 
wherein the non-security device is to forward the target flow to the security device first (¶ [0074], i.e., “When a plurality of services are associated with a fabric switch, the services may require a specific sequence of execution. Such a sequence can be based on the interdependency and/or priority of the services.”, with security devices taking priority over non-security devices on the occasions that security takes priority.);
2 …, so that the non-security device transmits the target flow to the security device according to the next-hop information of the non-security device (¶ [0076], i.e., “a network administrator provides the service configuration to switch 402 (e.g., configures switch 402 with the service configuration)”).
Regarding the rationale to combine Hikichi-Combellas-Connor and Koganti, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the service management system of Hikichi-Combellas-Connor to have included the service order feature of Koganti.  One of ordinary skill in the art would have been motivated to incorporate the service order feature of Koganti because Koganti notes that “[a]s Internet traffic is becoming more diverse, efficient and accurate configuration of essential services, such as firewalls, 
Regarding Claims 8 and 12
With respect to claims 8 and 12, a corresponding reasoning as given earlier for claims 3 applies, mutatis mutandis, to the subject matter of claims 8 and 12. Therefore, claims 8 and 12 are rejected, for similar reasons, under the grounds set forth for claim 3. 
C.	Claims 4-5, 9, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hikichi in view of Combellas and Connor, and further in view of Natarajan et al. (US 9,152,789, “Natarajan”).
Regarding Claim 4
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses 
wherein, by executing the machine readable instructions (Fig. 4, ¶ [0046]), the hardware processor (Fig. 4, ¶ [0046]) is further caused to: 
1 … from the set security device which is received by the security device during providing the set of security services (of Combellas) to the target flow (Fig. 5, ¶¶ [0047]-[0050], i.e., the VNF providing services as part of the path A), and 
2 …. 
Hikichi-Combellas-Connor doesn’t disclose
	1 analyze an unknown flow…
	2 update a feature library based on an analysis result, so that the security device provides the set of security services to the target flow by using the updated feature library.
Natarajan, however, discloses
	1 analyze an unknown flow… (Col. 15:47-16:3, i.e., “In the cloud system 500, traffic from various locations (and various devices located therein) such as a regional office 510, headquarters 520, various employee's homes 530, mobile laptop 540, and mobile device 550 is redirected to the cloud system 500 through the cloud nodes 502.”, and “The cloud system 500 may be configured to perform various functions such as spam filtering, uniform resource locator (URL) filtering, antivirus protection, bandwidth control, data loss prevention, zero day vulnerability protection, web 2.0 features, malware detection and blocking, and the like.”)
	2 update a feature library (Col. 10:20-31, i.e., “updates the master threat data 124 stored in the authority node data store”) based on an analysis result (Col. 9:64-10:19, i.e, “the processing node manager 118 may cause one or more of the data inspection engines 117 to perform the threat detection processes to classify the content item according to a threat classification. Once the content item is classified, the processing node manager 118 generates a threat data update that includes data indicating the threat classification for the content item from the threat detection process…”), 
so that the security device (of Hikichi) provides the set of security services (of Combellas) to the target flow (of Hikichi) by using the updated feature library (Col. 10:49-11:7, i.e., “The authority node manager 128 can then update the master threat data 124. Thereafter, any future requests related to responsive threat data for the .
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the service management system of Hikichi-Combellas-Connor to have included the malware analysis system of Natarajan.  One of ordinary skill in the art would have been motivated to incorporate the malware analysis system of Natarajan because Natarajan discloses the need of being able “to quickly detect malware and pass this detection on to provide zero day/zero hour protection,” see Natarajan at Col. 1:52-54, and Natarajan teaches “systems and methods for dynamic cloud-based malware behavior analysis (BA) … which dynamically detect malware [that] provid[es] zero day/zero hour protection.”  See Natarajan Col. 3:26-29.     
Regarding Claim 5
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses 
wherein, by executing the machine readable instructions (Fig. 4, ¶ [0046]), the hardware processor (Fig. 4, ¶ [0046]) is further caused to: 
1 …
2 … during providing the set of security services (of Combellas) to the target flow (Fig. 5, ¶¶ [0047]-[0050], i.e., the VNF providing services as part of the path A); 
3 …; and 
4 ….  
Hikichi-Combellas-Connor doesn’t disclose but Natarajan further discloses
1 analyze an unknown flow from the security device to generate a security policy (Col. 10:49-11:7, i.e., “the processing node manager 118 can cause one or more of the data inspection engines 116 to perform the threat detection processes to classify the content item according to a threat classification”),
	2 wherein the unknown flow is received by the security device…(Col. 10:49-11:7, i.e., “If responsive threat data is stored in the master threat data 124, then the authority node manager 128 provide a reply that includes the responsive threat data to the processing node…”)
3 determine second service configuration information according to the security policy (Col. 9:11-31, i.e., “An authority node manager 128 may be used to manage the master security policy data 123, e.g., receive input from users of each of the external systems defining different security policies, and may distribute the master security policy data 123 to each of the processing nodes 110.”); and
4 determine the second service configuration information onto the security device (Col. 9:11-31, i.e., “may distribute the master security policy data 123 to each of the processing nodes 110. The processing nodes 110 then store a local copy of the security policy data 113.”), 
so that the security device provides the set of security services (of Combellas) according to the second service configuration information (Col. 16:29-48, i.e., “It is expected that the cloud nodes 502, the processing nodes 110, and/or some other cloud-based device is continually monitoring user activity for security”).

Regarding Claims 9 and 13
With respect to dependent claims 9 and 13, a corresponding reasoning as given earlier for dependent claim 4 and 5 applies, mutatis mutandis, to the subject matter of claims 9 and 13. Therefore, claims 9 and 13 are rejected, for similar reasons, under the grounds set forth for claims 4 and 5. 
D.	Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Hikichi in view of Combellas and Connor, and further in view of Maestas (US 2010/0268799, “Maestas”).
Regarding Claim 16
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Hikichi further discloses
wherein the set of security services includes a firewall service (Fig. 5, ¶ [0049]), and 
1 ….
Hikichi-Combellas-Connor doesn’t disclose
1 the firewall service allows first packets in a first address field range of the security device and denies second packets in a second field range of the security device.  
Maestas, however, discloses
1 the firewall service allows first packets in a first address field range of the security device and denies second packets in a second field range of the security device (¶ [0055], “a firewall may be located between a network and the internet. The firewall may wish to block packets originating from and/or addressed to certain IP addresses. These IP addresses may be the IP addresses of known spammers, hackers, foreign governments, etc.”).
	Regarding the rationale to combine Hikichi-Combellas-Connor and Maestas, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the service management system of Hikichi-Combellas-Connor to have included the firewall-address features of Maestas. One of ordinary skill in the art would have been motivated to incorporate the firewall-address features of Maestas because firewalls blocking flows to and from IP addresses of known threats is a common feature of firewalls to increase security.   
E.	Claims 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Hikichi in view of Combellas and Connor, and further in view of Martinez et al. (US 2014/0280961, “Martinez”).
Regarding Claim 19
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Combellas further discloses
wherein the security service information …1 (Col. 7:11-12, “…the application receives a request to generate a network service having one or more NNFs,” with the list of “NNFs” comprising security service information) 
Hikichi-Combellas-Connor doesn’t disclose
1 … is encoded in an XML format.  
Martinez, however, discloses
1 … is encoded in an XML format (¶ [0078], “The policies [or security service information] can be expressed via languages such as XML,”).  
Regarding the rationale to combine Hikichi-Combellas-Connor and Martinez, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the service management system of Hikichi-Combellas-Connor to have included the XML features of Martinez. One of ordinary skill in the art would have been motivated to incorporate XML features of Martinez because Extensible Markup Language is a common computer code.
Regarding Claim 21
Hikichi-Combellas-Connor discloses the medium according to claim 1, and Connor further discloses
wherein the security device is automatically determined based on security service information (Fig. 4, ¶¶ [0036], “Referring now to FIG. 4, in use, the remote computing device 106 may [automatically] execute a method 400 for processing a network packet through a service function chain including a plurality of service functions,” i.e., an intervention of an administrator is not required to create the service function chain), and 
2….
Hikichi-Combellas-Connor doesn’t disclose
2 wherein the security service information is a text string or Extensible Markup Language (XML) format that is in a different format from a configuration standard associated with the security device.
Martinez, however, discloses
2 wherein the security service information is a text string or Extensible Markup Language (XML) format (¶ [0078], “The policies [or security service information] can be expressed via languages such as XML,”) that is in a different format from a configuration standard associated with the security device (At ¶ [0022] of Applicant’s published application US 2018/0007001, the Applicant states as an admission to the state of the art, “Such security service information may fail to be directly configured on the security devices because the security devices usually have their own service configuration standard interfaces.” (emphasis added”).  The Applicant then states, “Thus, the security control center module 12 may perform format conversion on the security service information, and convert the security service information into the first service configuration information for configuring the security device to provide security service. (emphasis added).  Accordingly, given the usual individual service configuration standard interfaces, it would be obvious to one skilled in the art based upon “thus” to have a different format from a configuration standard associated with the security device. See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the 
Regarding the combination of Hikichi and Connor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 21.
Regarding the combination of Hikichi-Combellas-Connor and Martinez, the rationale to combine is the same as provided for claim 19 due to the overlapping subject matter between claims 19 and 21.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491