DETAILED ACTION
This office action is in response to the correspondence filed on 07/22/2020. This application is a 371 National Stage of PCT/CN2018/075487. Claims 34-53 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 


Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 07/22/2020, 10/12/2021, and 02/22/2022. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 34-41, and 53 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wang et al. per IDS (US Pub No. 2016/0352629 A1, referred to as Wang).
Regarding claims 34 and 38, taking claim 38 as exemplary, Wang anticipates,
	38. (New) An apparatus, comprising:
a processor; and (Wang: [0044])
a memory coupled to the processor and storing instructions thereon, the instructions, when executed by the processor, configured to cause the apparatus to: (Wang: [0044])
receive a packet terminating at or originating from a data center; (Wang: Fig. 1; [0042-0043]; classifier working in conjunction with a policy center collectively forming an apparatus providing security services for a data center. The classifier receives an application data packet.)
determine at least one label for the packet, (Wang: [0042-0043]; when the classifier receives an application data packet or a media packet, the classifier 330 inserts the application-specific contextual information. [0006]; adding the application-specific contextual data to the first of the application data packets according to the classification rule (determine).) each label indicating a security requirement for the packet; (Wang: [0006]; adding the application-specific contextual data to the first of the application data packets according to the classification rule to enable communication (indicating a requirement) of the application-specific contextual data to at least one of the service functions (SFs) in the service function chain (SFC). [0055]; SFs provide services including fraud prevention (security requirement).).
select, based on the at least one label, a security service chain for the packet, (Wang: [0043]; the application-specific contextual information specifies/selects the service node (SN) that provides the service function (SF). [0006]; SF in the service function chain (SFC).) the security service chain comprising an ordered set of security functions that are deployed in the data center and to be applied to the packet; and (Wang: [0055]; a service function chain (SFC) comprises a set of sequenced or ordered SFs (e.g., transcoding, encryption, and/or fraud prevention).)
transmit the packet to the selected security service chain in association with the at least one label, (Wang: [0043-0044], [0048-0049]; forwarding (transmit) the received packet to the SN implementing the service function (SF) prescribed by the application-specific contextual information.) the packet being processed by the ordered set of security functions in the security service chain. (Wang: [0006]; the SFC comprises an ordered set of service functions (SFs) that provide services to an application.)


Regarding claims 35 and 39, taking claim 39 as exemplary, Wang further anticipates, 
	39. (New) The apparatus of claim 38, wherein the selecting of the security service chain further comprises:
select the security service chain such that at least one security function in the ordered set is applied to process the packet to meet the security requirement indicated by the at least one label. (Wang: [0043]; the application-specific contextual information specifies/selects the service node (SN) that provides the service function (SF). [0006]; SF in the service function chain (SFC). Adding the application-specific contextual data to the first of the application data packets according to the classification rule to enable communication of the application-specific contextual data to at least one of the service functions (SFs) in the service function chain (SFC). [0055]; SFs provide services including fraud prevention (security requirement).) 


Regarding claims 36 and 40, taking claim 40 as exemplary, Wang further anticipates, 
40. (New) The apparatus of claim 38, wherein the determining of the at least one label further comprises:
determine a first label for the packet, the first label indicating a security requirement for transmission of the packet in the security service chain. (Wang: [0006]; when the first of the application data packets matches the classification rule, a first SFC packet by adding the application-specific contextual data (first label) to the first of the application data packets according to the classification rule to enable communication of the application-specific contextual data to at least one of the SFs in the SFC.)


Regarding claims 37 and 41, taking claim 41 as exemplary, Wang further anticipates, 
41. (New) The apparatus of claim 40, wherein the transmitting of the packet comprises:
modify the packet by inserting the first label into a header of the packet; and transmit the modified packet to the security service chain. (Wang: [0041]; the application-specific contextual information may be embedded (inserting) in a service header as metadata.)


Regarding claim 53, Wang further anticipates, 
53. (New) The apparatus of claim 38, 
wherein the security service chain comprises at least one of the following security functions: a firewall, access control, entity authentication, unified threat management, intrusion detection system, intrusion prevention system, virtual private network, security gateway, deep packet inspection, Lawful Intercept, traffic cleaning, data integrity validation, data confidentiality protection, data desensitization, data encryption, and data decryption. (Wang: [0055]; SFs provide services including transcoding, encryption, fraud prevention (examples of data encryption, unified threat management, intrusion detection system, intrusion prevention system).).


Allowable Subject Matter
Claims 42-52 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance:
Although prior art Wang above disclose all the limitations of the prior claims (see rejections above), it fails to disclose wherein the packet comprises data to be stored or having been stored in the data center, determine a second label indicating a security requirement for storage of the data in the data center or a third label indicating a security requirement for access of the data in the data center or a fourth label indicating a security requirement associated with one of: a geographic location where the data were generated, a storage technology being used by the data center, and an industry type of the data; or in response to the receiving of the packet from a further data center, determine a further label for the packet, indicating a format of the packet associated with the further data center; or determining whether the packet comprises a predefined label from a set of predefined labels and label the packet accordingly as described in the claims.
Additional notes for claims 42, 44, and 50-51 in particular, to further explain why they are indicated as allowable subject matter even though there were closely related arts: 
Quinn et al. (US Pub No. 2016/0277188) discloses receiving a network service packet, analyzing the network service packet in order to identify a plurality of service functions and an associated service function path for the service functions, identifying which security function or functions may be performed by each of the service functions on a network service packet header to be generated for the network service packet, but it fails to disclose determining additional labels relating to security requirement for data storage or access, geographic location, storage technology, or industry type of data for packet with data to be stored or having been stored in the data center. It also fails to disclose determining a further label for the packet, indicating a format of the packet associated with the further data center; or determining whether the packet comprises a predefined label from a set of predefined labels and label the packet accordingly as described in the claims.
Biancaniello (US Pub No. 20160164776 A1) discloses steering packet traffic through an online network including receiving, at a switch of a network, a packet of data; classifying the packet to a service function chain based on fields of a packet header of the packet, the service function chain including a set of service functions to be performed on the packet; setting fields of the packet header to identify the service function chain classified; and transmitting the packet to a service function device that performs a service function on the packet, the service function being in the set of service functions, but it fails to disclose determining additional labels relating to security requirement for data storage or access, geographic location, storage technology, or industry type of data for packet with data to be stored or having been stored in the data center. It also fails to disclose determining a further label for the packet, indicating a format of the packet associated with the further data center; or determining whether the packet comprises a predefined label from a set of predefined labels and label the packet accordingly as described in the claims.
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Kumar; Dinesh et al.	US-PGPUB	US 20170094002 A1	Technologies for offloading data object replication and service function chain management
Jiang, Sheng et al.	FIT		WO 2014101002 A1	IP data package transmitting method and label switching router
Foo; Ian et al.		US-PGPUB	US 20140050223 A1	Method for creating software defined ordered service patterns in a communications network

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435