DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
 	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/12/2022 has been entered.

Response to Arguments
	Applicant’s corrections to claim objections for claim(s) 1, 7, 9, 14, and 21 made on 01/12/2022 has been considered and the objection to the claims is withdrawn. 
	Applicant’s amendment filed 05/12/2022 with respect to claim 1 have been considered and the previous claim interpretation has been withdrawn.
	Applicant's arguments filed 05/12/2022 with respect to claim(s) 1, 7, and 14 have been considered but are moot in view of the new ground(s) of rejection. Particularly, the Examiner changes the previous 102 rejection to a 103 rejection as being unpatentable over previously cited reference Khalid et al. (US 2010/0080226 A1) in view of previously cited reference Khalid et al. (US 2010/0063988 A1). Note: Khalid-988 has been cited in the Advisory Action filed 04/15/2022.	Applicant’s argument:	On pgs. 8-9, Applicant argues that Khalid does not disclose the limitation “wherein the next hop of the service routing trigger is a service node, and wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device or a value-added service device, and wherein the service routing trigger does not have a packet processing function implemented by the service node”. Applicant also argues that “One of ordinary skill in the art would understand that, with the next hop of the service routing trigger being a service node, the next hop of the service routing trigger would equate to the service node 50 of Khalid”.	Examiner’s response:	Examiner respectfully disagrees. Examiner equated the service node 50a to the service routing trigger and the service node 50b to the service node. Khalid discloses in [0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. [0063], [0065]: when a service node receives the packet 11 from another service node, it performs a service to the packet. Therefore, the service node 50a triggers service node 50b to perform a service by sending the packet to the service node 50b. Furthermore, Khalid discloses in Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device) and service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service.	Examiner also notes to have cited other references in the pertinent section below that appear to also teach a service routing trigger does not have a packet processing function implemented by the service node.

Claim Objections
 	Claim(s) 25-26 is/are objected to because of the following informalities:  
Claims 25-26 recite “to the first packet to the first packet” but it should be “to the first packet ”.	Claims 25-26 recite “IP”. Acronyms must be specified.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claim(s) 1-2, 6-7, 10-14, 16, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khalid et al. (US 2010/0080226 A1) in view of Khalid et al. (US 2010/0063988 A1) (hereinafter referred to as Khalid-988).

Regarding claim 1, Khalid discloses A packet processing system (Fig. 1: service system 10), comprising:
a controller (Figs. 1 and 4: service broker 30);
a traffic classifier (Figs. 1 and 3: service classification device (service classifier) 20); and
a service routing trigger (Figs. 1 and 5: service node 50a);
wherein the controller comprises a first processor and a first non-transitory memory storing a first program for execution by the first processor to cause the controller (Fig. 4, [0088]: service broker 30 (=controller) comprises processor 31 and memory 32 that stores instructions to be executed by the processor 31) to send policy information to the service routing trigger ([0048]: service broker 30 sends service information (=policy information) to service node 50 (=service routing trigger)), wherein the policy information comprises a service identifier and an Internet Protocol (IP) address of a next hop of the service routing trigger ([0048]: service information includes service header information (=service identifier) and next hop information. [0021], [0029]: service header information may be service header ID 100. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop)), wherein the service identifier identifies a service node sequence ([0029]: service header 100 relates to service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence) which are devices according to [0038], [0054], [0057]), wherein the service node sequence comprises one or more service nodes that process a packet (Fig. 4: FW 1a, IPS 2a, QoS 3b includes 3 service nodes to process a packet, i.e., [0013]: a packet goes through firewall, intrusion prevention system, and quality of service device. [0057]: service node 50 provide one or more services);
wherein the traffic classifier comprises a second processor and a first non-transitory memory storing a second program for execution by the second processor to cause the traffic classifier (Fig. 3, [0088]: service classifier 20 (=traffic classifier) comprises processor 21 and memory 22 that stores instructions to be executed by the processor 21) to receive a first packet ([0019]: service classifier 20 receives packet 11 (=first packet)), obtain the service identifier according to the first packet ([0019]: based on packet 11, service classifier 20 performs classification on packet 11. [0025]-[0026]: service classifier 20 receives service information associated with the classification. Service information includes service header (=service identifier)) and send a second packet to the service routing trigger ([0032]: service classifier 20 transmits packet 11 with an inserted service header (=second packet) to service node 50 (=service routing trigger). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger)), and wherein the second packet comprises the service identifier ([0032]: packet 11 includes service header); 
wherein the service routing trigger comprises a third processor and a third non-transitory memory storing a third program for execution by the third processor to cause the service routing trigger (Fig. 5, [0088]: service node 50 (=service routing trigger) comprises processor 51 and memory 52 that stores instructions to be executed by the processor 51) to receive the second packet ([0063]: service node 50 receives packet 11 with service header (=second packet). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger) that receives the packet from the service classifier 20), obtain the IP address of the next hop service routing trigger according to the service identifier carried in the second packet and the policy information ([0063]: service node 50 uses service header (=service identifier) included in packet 11 to recognize next hop address. [0061]: service node 50 receives service information (=policy information) that includes header information and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b), wherein the next hop of the service routing trigger is a service node ([0031]: next-hop of service node 50a (=service routing trigger) is service node 50b), wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device, or a value-added service device (Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device)), and wherein the service routing trigger does not have a packet processing function implemented by the service node (Fig. 2: service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is an IPS device providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service); and 
wherein the third program further causes the service routing trigger (Fig. 3, [0088]: memory 52 stores instructions to be executed by the processor 51) to send the second packet to the next hop of the service routing trigger to trigger the service node to process the second packet ([0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. [0063], [0065]: when a service node receives the packet 11 from another service node, it performs a service to the packet. Interpretation: by receiving the packet, the service node is triggered to perform a service).
While Khalid discloses a service header information, i.e., service header 100 (=service identifier), Khalid does not disclose the service header information is a label. 
However, Khalid-988 discloses a service header information is a label ([0079]: service classifier 108 (=traffic classifier) receives from service broker (=controller) a service header containing a service label (=service identifier is a label). [0080]-[0081]: first service node (=service routing trigger) receives an IPv6 packet with the service header information, i.e., service label (=service identifier is a label)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service header information, as taught by Khalid, to contain a service label, as taught by Khalid-988.
Doing so allows the service label be inserted in a flow label field that is then used by a user application (Khalid-988: [0031]).

Regarding claim 2, Khalid in view of Khalid-988 discloses all features of claim 1 as outlined above. 
Khalid discloses the second packet is encapsulated according to an encapsulation type ([0032]-[0033]: service classifier 20 inserts service header into packet 11 at the beginning of the packet (=encapsulation type). Note: examiner uses broadest reasonable interpretation for “encapsulation type”, i.e., the location of inserting the service header is an encapsulation type).

Regarding claim 6, Khalid in view of Khalid-988 discloses all features of claim 1 as outlined above. 
Khalid discloses wherein the policy information further comprises an address of a next-hop node of a service node sequence corresponding to the service identifier ([0048]: service information includes service header information (=service identifier) and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop). [0029]: service header information may be service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence)).

Regarding claim 7, Khalid discloses A packet processing method, comprising:
receiving, by a service routing trigger, a packet carrying a service identifier ([0063]: service node 50 (=service routing trigger) receives packet 11 with service header (=service identifier). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger) that receives the packet from the service classifier 20), wherein the service identifier identifies a service node sequence ([0029]: service header information relates to service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence) which are devices according to [0038], [0054], [0057]), wherein the service node sequence comprises one or more service nodes that processes the packet (Fig. 4: FW 1a, IPS 2a, QoS 3b includes 3 service nodes to process a packet, i.e., [0013]: a packet goes through firewall, intrusion prevention system, and quality of service device. [0057]: service node 50 provide one or more services);
obtaining, by the service routing trigger, an Internet Protocol (IP) address of a next hop of the service routing trigger according to the service identifier carried in the packet and a policy information ([0063]: service node 50 uses service header (=service identifier) included in packet 11 to recognize next hop address. [0061]: service node 50 receives service information (=policy information) that includes header information and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b), wherein the policy information comprises the service identifier and the IP address of the next hop of the service routing trigger ([0048]: service information includes service header information (=service identifier) and next hop information. [0021], [0029]: service header information may be service header ID 100. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop)), wherein the next hop of the service routing trigger is a service node ([0031]: next-hop of service node 50a (=service routing trigger) is service node 50b), and wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device, or a value-added service device (Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device)), and wherein the service routing trigger does not have a packet processing function implemented by the service node (Fig. 2: service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is an IPS device providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service); and
sending the packet to the next hop of the service routing trigger according to the IP address of the next hop of the service routing trigger to trigger the service node to process the second packet ([0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. [0063], [0065]: when a service node receives the packet 11 from another service node, it performs a service to the packet. Interpretation: by receiving the packet, the service node is triggered to perform a service).
While Khalid discloses a service header information, i.e., service header 100 (=service identifier), Khalid does not disclose the service header information is a label. 
However, Khalid-988 discloses a service header information is a label ([0079]: service classifier 108 (=traffic classifier) receives from service broker (=controller) a service header containing a service label (=service identifier is a label). [0080]-[0081]: first service node (=service routing trigger) receives an IPv6 packet with the service header information, i.e., service label (=service identifier is a label)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service header information, as taught by Khalid, to contain a service label, as taught by Khalid-988.
Doing so allows the service label be inserted in a flow label field that is then used by a user application (Khalid-988: [0031]).

Regarding claim 10, Khalid in view of Khalid-988 discloses all features of claim 7 as outlined above. 
Khalid discloses wherein the next hop of the service routing trigger is a service node or another service routing trigger ([0073], [0076], [0078]: next hop may be a service node, reporting device, service classifier, or service broker. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b).

Regarding claim 11, Khalid in view of Khalid-988 discloses all features of claim 7 as outlined above. 
Khalid further discloses further comprising:
receiving, by the service routing trigger, the policy information sent by a controller ([0061]: service node 50 receives service information (=policy information) from service broker 30 (=controller)).

Regarding claim 12, Khalid in view of Khalid-988 discloses all features of claim 7 as outlined above. 
Khalid discloses wherein the policy information further comprises an address of a next-hop node of a service node sequence corresponding to the service identifier ([0048]: service information includes service header information (=service identifier) and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop). [0029]: service header information may be service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence)).

Regarding claim 13, Khalid in view of Khalid-988 discloses all features of claim 12 as outlined above. 
Khalid further discloses wherein the method further comprises:
sending, by the service routing trigger, the packet to the next-hop node of the service node sequence ([0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence). Fig. 2, [0037]: FW 1a is service node 50 and IPS 2a is next hop service node in service header (service chain) 100’).

Regarding claim 14, Khalid discloses A service routing trigger (Figs. 1 and 5: service node 50a), comprising:
a processor (Fig. 5: processor 51); and 
a non-transitory computer-readable storage medium storing a program to be executed by the processor to cause the service routing trigger to (Fig. 5: memory 52 with various instructions 521-524 for the processor 51 to execute to cause service node 50 to perform functions):
receive a packet carrying a service identifier ([0063]: service node 50 (=service routing trigger) receives packet 11 with service header (=service identifier). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger) that receives the packet from the service classifier 20), wherein the service identifier identifies a service node sequence ([0029]: service header information relates to service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence) which are devices according to [0038], [0054], [0057]), wherein the service node sequence comprises one or more service nodes that process the packet (Fig. 4: FW 1a, IPS 2a, QoS 3b includes 3 service nodes to process a packet, i.e., [0013]: a packet goes through firewall, intrusion prevention system, and quality of service device. [0057]: service node 50 provide one or more services);
obtain an Internet Protocol (IP) address of a next hop of the service routing trigger according to the service identifier carried in the packet and a policy information ([0063]: service node 50 uses service header (=service identifier) included in packet 11 to recognize next hop address. [0061]: service node 50 receives service information (=policy information) that includes header information and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b), wherein the policy information comprises the service identifier and the IP address of the next hop of the service routing trigger ([0048]: service information includes service header information (=service identifier) and next hop information. [0021], [0029]: service header information may be service header ID 100. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop)), wherein the next hop of the service routing trigger is a service node ([0031]: next-hop of service node 50a (=service routing trigger) is service node 50b), wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device or a value-added service device (Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device)), wherein the service routing trigger does not have a packet processing function implemented by the service node (Fig. 2: service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is an IPS device providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service); and
send the packet to the next hop of the service routing trigger according to the IP address of the next hop of the service routing trigger to trigger the service node to process the second packet ([0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. [0063], [0065]: when a service node receives the packet 11 from another service node, it performs a service to the packet. Interpretation: by receiving the packet, the service node is triggered to perform a service).
While Khalid discloses a service header information, i.e., service header 100 (=service identifier), Khalid does not disclose the service header information is a label. 
However, Khalid-988 discloses a service header information is a label ([0079]: service classifier 108 (=traffic classifier) receives from service broker (=controller) a service header containing a service label (=service identifier is a label). [0080]-[0081]: first service node (=service routing trigger) receives an IPv6 packet with the service header information, i.e., service label (=service identifier is a label)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service header information, as taught by Khalid, to contain a service label, as taught by Khalid-988.
Doing so allows the service label be inserted in a flow label field that is then used by a user application (Khalid-988: [0031]).

Regarding claim 16, Khalid in view of Khalid-988 discloses all features of claim 14 as outlined above. 
Khalid further discloses wherein the program further causes the service routing trigger to:
receive the policy information sent by a controller ([0061]: service node 50 receives service information (=policy information) from service broker 30 (=controller)).

Regarding claim 19, Khalid in view of Khalid-988 discloses all features of claim 14 as outlined above. 
Khalid discloses wherein the policy information further comprises an address of a next-hop node of a service node sequence corresponding to the service identifier ([0048]: service information includes service header information (=service identifier) and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b (=next hop). [0029]: service header information may be service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence)).

Regarding claim 20, Khalid in view of Khalid-988 discloses all features of claim 19 as outlined above. 
Khalid further discloses wherein the program further including instructions to:
send the packet to the next-hop node of the service node sequence ([0073], [0078]: service node 50 transmits packet 11 to the next hop service node. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence). Fig. 2, [0037]: FW 1a is service node 50 and IPS 2a is next hop service node in service header (service chain) 100’).
	
	Claim(s) 9 and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khalid et al. (US 2010/0080226 A1) in view of Khalid et al. (US 2010/0063988 A1) (hereinafter referred to as Khalid-988) and Beck et al. (US 2006/0120364 A1).

Regarding claim 9, Khalid in view of Khalid-988 discloses all features of claim 7 as outlined above. 
Khalid in view of Khalid-988 does not disclose, but Beck discloses wherein the packet includes a virtual extensible LAN (VxLAN) identifier (ID) or a Virtual Local Area Network (VLAN) ID (Fig. 1, [0071]: network unit 1 (=service routing trigger) receives information from source 7 and tags a service identifier, i.e., S-VLAN, to the information before routing it through network 8 to a destination property).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to program the service node 50a, as taught by Khalid, to tag a S-VLAN to the packet before routing, as taught by Beck.
Doing so provides a reliable and more efficient method of transmitting information from a source to a destination by using service identifiers, such as S-VLAN, for routing the information through the network (Beck: abstract, [0059]-[0060], [0068]-[0069]).

Regarding claim 23, Khalid in view of Khalid-988 discloses all features of claim 2 as outlined above. 
Khalid in view of Khalid-988 does not disclose, but Beck discloses wherein the encapsulation type comprises VxLAN type, VLAN type or Multiprotocol Label Switching (MPLS) type (Fig. 1, [0071]: network unit 1 (=service routing trigger) receives information from source 7 and tags (=encapsulates) a service identifier, i.e., S-VLAN, to the information before routing it through network 8 to a destination property).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to program the service node 50a, as taught by Khalid, to tag a S-VLAN to the packet before routing, as taught by Beck
Doing so provides a reliable and more efficient method of transmitting information from a source to a destination by using service identifiers, such as S-VLAN, for routing the information through the network (Beck: abstract, [0059]-[0060], [0068]-[0069]).

	Claim(s) 8 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khalid et al. (US 2010/0080226 A1) in view of Khalid et al. (US 2010/0063988 A1) (hereinafter referred to as Khalid-988) and Chen et al. (US 8,584,199 B1).

Regarding claim 8, Khalid in view of Khalid-988 discloses all features of claim 7 as outlined above. 
Khalid in view of Khalid-988 does not disclose, but Chen discloses wherein the policy information further comprises an encapsulation type (col. 8 ll. 54-56: corporate directory 470 (=controller) provides security policy 402 (=second policy information) to security gateway 150 (=service routing trigger). Col. 11 ll. 23-24, 28-30, and 57-63: security policy 402 includes packet routing policy 652 (=encapsulation type) with forwarding interface 665 indicating modification, i.e., add tunnel header to data packet); and
wherein the packet is encapsulated according to the encapsulation type (col. 11 ll. 52-65: security gateway 150 adds tunnel header to data packet based on the forwarding interface 665 indicating to add the tunnel header to the data packet prior to transmission).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service information, as taught by Khalid, to include packet routing policy with forwarding interface indicating modification, as taught by Chen, and program the service classifier 20, as taught by Khalid, to add tunnel header to the data packet based on the forwarding interface indicating the modification, as taught by Chen.
Doing so allows the security gateway to add an IP-IP tunnel header, a L2TP tunnel header, an IPSec tunnel header, or a layer 2 tunnel header prior to transmission of a received and matched data packet (Chen: col. 11 ll. 52-63) allowing the packet to be transmitted through an IP-IP tunnel, a L2TP tunnel, an IPSec tunnel, or a layer 2 tunnel.

Regarding claim 15, Khalid in view of Khalid-988 discloses all features of claim 14 as outlined above. 
Khalid in view of Khalid-988 does not disclose, but Chen discloses wherein the policy information further comprises an encapsulation type (col. 8 ll. 54-56: corporate directory 470 (=controller) provides security policy 402 (=second policy information) to security gateway 150 (=service routing trigger). Col. 11 ll. 23-24, 28-30, and 57-63: security policy 402 includes packet routing policy 652 (=encapsulation type) with forwarding interface 665 indicating modification, i.e., add tunnel header to data packet); and
wherein the packet send is encapsulated according to the encapsulation type (col. 11 ll. 52-65: security gateway 150 adds tunnel header to data packet based on the forwarding interface 665 indicating to add the tunnel header to the data packet prior to transmission).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service information, as taught by Khalid, to include packet routing policy with forwarding interface indicating modification, as taught by Chen, and program the service classifier 20, as taught by Khalid, to add tunnel header to the data packet based on the forwarding interface indicating the modification, as taught by Chen.
Doing so allows the security gateway to add an IP-IP tunnel header, a L2TP tunnel header, an IPSec tunnel header, or a layer 2 tunnel header prior to transmission of a received and matched data packet (Chen: col. 11 ll. 52-63) allowing the packet to be transmitted through an IP-IP tunnel, a L2TP tunnel, an IPSec tunnel, or a layer 2 tunnel.

	Claim(s) 21 and 25-26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khalid et al. (US 2010/0080226 A1) in view of Khalid et al. (US 2010/0063988 A1) (hereinafter referred to as Khalid-988) and Chou et al. (US 2003/0018796 A1).

Regarding claim 21, Khalid in view of Khalid-988 discloses all features of claim 1 as outlined above. 
Khalid discloses wherein the traffic classifier is further configured to (Fig. 3: service classifier 20): 
obtain the service identifier according to a correspondence including a filtering rule and the service identifier ([0025]-[0026]: service classifier 20 receives service information including service header (=service identifier). The service header is derived from classification (=filtering rule). [0022]: classification is set as a rule. [0021]: the classification is based on packet 11 information related to originating endpoint 15 a, terminating endpoint 15 b, traffic type, content, a rule, or any combination thereof. Classification is set as a rule. [0019]: packet 11 goes through a communication network defined by a known protocol or later developed protocol, such as IP or TCP).
Khalid in view of Khalid-988 does not explicitly disclose, but Chou discloses wherein the filtering rule comprises one or multiple of a source address, a destination address, a source port, a destination port, or a protocol number of the first packet ([0033]: classification rules comprise one or more masks that are applied to a header. For example source address, destination address, source port, destination port, protocol field, etc. are used to determine whether a header matches a predetermined service criteria).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to program the service classifier 20 when deriving the service header from the classification, as taught by Khalid, wherein the classification rule comprises source address, destination address, source port, destination port, protocol field, etc., as taught by Chou.
Doing so allows the service module 190 to determine whether a received packet corresponds to transcoding services provided by a service module 190 and/or determine whether a packet header corresponds to a particular subscriber that is requesting a particular service from a particular destination and/or enable the packet to be passed to a transcoder application for further examination (Chou: [0033]).

Regarding claim 25, Khalid discloses A packet processing method, comprising: 
receiving, by a network device, a first packet ([0019]: service classifier 20 (=network device) receives packet 11 (=first packet)); 
determining, by the network device, a service identifier according to policy information ([0025]-[0026]: service classifier 20 receives service information (=policy information) including service header (=service identifier)), wherein the policy information comprises a filtering rule and the service identifier ([0048], [0051]-[0052]: service information includes service header information (=service identifier), next hop address, and/or other information from the service directory 40. [0050]: service directory has information about service classification information (=filtering rule) and service chain information. [0025]: service information is also associated with classification (=filtering rule)), wherein the service identifier identifies a service node sequence ([0029]: service header 100 relates to service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence) which are devices according to [0038], [0054], [0057]), wherein the service node sequence comprises one or more service nodes that process the packet (Fig. 4: FW 1a, IPS 2a, QoS 3b includes 3 service nodes to process a packet, i.e., [0013]: a packet goes through firewall, intrusion prevention system, and quality of service device. [0057]: service node 50 provide one or more services); 
generating, by the network device, a second packet by adding the service identifier to the first packet to the first packet ([0032]: service classifier 20 inserts the service header (=second packet) to packet 11 to generate a packet 11 with an inserted service header (=second packet)), and 
sending the second packet to a service routing trigger ([0032]: service classifier 20 transmits packet 11 with an inserted service header (=second packet) to service node 50 (=service routing trigger). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger) that receives the packet from the service classifier 20), the sending the second packet causing the service routing trigger to send the second packet to a service node for processing of the packet ([0063]: service node 50 receives packet 11 with service header (=second packet) and uses service header (=service identifier) included in packet 11 to recognize next hop address. [0061]: service node 50 receives service information (=policy information) that includes header information and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. Interpretation: by transmitting the packet, the service node 50a is triggered to transmit the packet to the next-hop, i.e., service node 50b for processing the packet), wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device or a value-added service device (Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device)), and wherein the service routing trigger does not have a packet processing function implemented by the service node (Fig. 2: service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is an IPS device providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service).
While Khalid discloses a classification (=filtering rule) and service header information, i.e., service header 100 (=service identifier), Khalid does not disclose the wherein the filtering rule comprises at least one of a source IP address, a destination IP address, a source port number or a destination port of the first packet and the service header information is a label. 
However, Chou discloses wherein the filtering rule comprises at least one of a source IP address, a destination IP address, a source port number or a destination port of the first packet ([0033]: classification rules comprise one or more masks that are applied to a header. For example source address, destination address, source port, destination port, protocol field, etc. are used to determine whether a header matches a predetermined service criteria).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to program the service classifier 20 when deriving the service header from the classification, as taught by Khalid, wherein the classification rule comprises source address, destination address, source port, destination port, protocol field, etc., as taught by Chou.
Doing so allows the service module 190 to determine whether a received packet corresponds to transcoding services provided by a service module 190 and/or determine whether a packet header corresponds to a particular subscriber that is requesting a particular service from a particular destination and/or enable the packet to be passed to a transcoder application for further examination (Chou: [0033]).
Khalid in view of Chou does not disclose the service header information is a label.
However, Khalid-988 discloses a service header information is a label ([0079]: service classifier 108 (=traffic classifier) receives from service broker (=controller) a service header containing a service label (=service identifier is a label). [0080]-[0081]: first service node (=service routing trigger) receives an IPv6 packet with the service header information, i.e., service label (=service identifier is a label)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service header information, as taught by Khalid, to contain a service label, as taught by Khalid-988.
Doing so allows the service label be inserted in a flow label field that is then used by a user application (Khalid-988: [0031]).

Regarding claim 26, Khalid discloses A network device (Fig. 3: service classifier 20 (=network device)), comprising: 
a processor (Fig. 3: processor 21); and 
a non-transitory computer-readable storage medium storing a program to be executed by the processor to cause the network device to (Fig. 3, [0088]: service classifier 20 comprises memory 22 that stores instructions to be executed by the processor 21):
receive a first packet ([0019]: service classifier 20 (=network device) receives packet 11 (=first packet)); 
determine a service identifier according to policy information ([0025]-[0026]: service classifier 20 receives service information (=policy information) including service header (=service identifier)), wherein the policy information comprises a filtering rule and the service identifier ([0048], [0051]-[0052]: service information includes service header information (=service identifier), next hop address, and/or other information from the service directory 40. [0050]: service directory has information about service classification information (=filtering rule) and service chain information. [0025]: service information is also associated with classification (=filtering rule)), wherein the service identifier identifies a service node sequence ([0029]: service header 100 relates to service chain 100’. Fig. 4, [0029]: service chain 100’ identifies service chain FW 1a, IPS 2a, QoS 3b (=service node sequence) which are devices according to [0038], [0054], [0057]), wherein the service node sequence comprises one or more service nodes that process the packet (Fig. 4: FW 1a, IPS 2a, QoS 3b includes 3 service nodes to process a packet, i.e., [0013]: a packet goes through firewall, intrusion prevention system, and quality of service device. [0057]: service node 50 provide one or more services); 
generate a second packet by adding the service identifier to the first packet to the first packet ([0032]: service classifier 20 inserts the service header (=second packet) to packet 11 to generate a packet 11 with an inserted service header (=second packet)), and 
send the second packet to a service routing trigger ([0032]: service classifier 20 transmits packet 11 with an inserted service header (=second packet) to service node 50 (=service routing trigger). Based on Fig. 2, [0029], [0031]: the service node 50 is a firewall, i.e. service node 50a (=service routing trigger) that receives the packet from the service classifier 20) to enable the service routing trigger to send the second packet to a service node to process the packet ([0063]: service node 50 receives packet 11 with service header (=second packet) and uses service header (=service identifier) included in packet 11 to recognize next hop address. [0061]: service node 50 receives service information (=policy information) that includes header information and next hop information. [0031]: next-hop information includes address of the next receiving device or node, i.e., a hop is the trip from service node 50a to service node 50b. Interpretation: by transmitting the packet, the service node 50a is triggered to transmit the packet to the next-hop, i.e., service node 50b for processing the packet), wherein the service node comprises at least one of a firewall device, a Network Address Translation (NAT) device or a value-added service device (Fig. 2, [0029], [0031]: service node 50b is IPS device (=value-added service device)), wherein the service routing trigger does not have a packet processing function implemented by the service node (Fig. 2: service node 50a (=service routing trigger) is a firewall device providing firewall service, whereas service node 50b is an IPS device providing intrusion prevention system service (=packet processing function). Therefore, service node 50a does not have the intrusion prevention system service).
While Khalid discloses a classification (=filtering rule) and service header information, i.e., service header 100 (=service identifier), Khalid does not disclose the wherein the filtering rule comprises at least one of a source IP address, a destination IP address, a source port number or a destination port of the first packet and the service header information is a label. 
However, Chou discloses wherein the filtering rule comprises at least one of a source IP address, a destination IP address, a source port number or a destination port of the first packet ([0033]: classification rules comprise one or more masks that are applied to a header. For example source address, destination address, source port, destination port, protocol field, etc. are used to determine whether a header matches a predetermined service criteria).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to program the service classifier 20 when deriving the service header from the classification, as taught by Khalid, wherein the classification rule comprises source address, destination address, source port, destination port, protocol field, etc., as taught by Chou.
Doing so allows the service module 190 to determine whether a received packet corresponds to transcoding services provided by a service module 190 and/or determine whether a packet header corresponds to a particular subscriber that is requesting a particular service from a particular destination and/or enable the packet to be passed to a transcoder application for further examination (Chou: [0033]).
Khalid in view of Chou does not disclose the service header information is a label.
However, Khalid-988 discloses a service header information is a label ([0079]: service classifier 108 (=traffic classifier) receives from service broker (=controller) a service header containing a service label (=service identifier is a label). [0080]-[0081]: first service node (=service routing trigger) receives an IPv6 packet with the service header information, i.e., service label (=service identifier is a label)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the service header information, as taught by Khalid, to contain a service label, as taught by Khalid-988.
Doing so allows the service label be inserted in a flow label field that is then used by a user application (Khalid-988: [0031]).

Conclusion
 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.	Narayanaswamy et al. (US 2014/0003433 A1) – Fig. 1, [0090], [0092]: edge device 181 (=service routing trigger) selects a service module executed at peripheral processing device 115 (=service node) to perform firewall service (=packet processing function) on the data packet.	Guichard et al. (US 2013/0343174 A1) – Fig. 1, [0026], [0028]-[0029]: router 12A (=service routing trigger) receives traffic and determines that service node 20A (=service node) is to perform application (=packet processing function) to the traffic and selects a path to service node 20A.	Esteve Rothenberg et al. (US 2012/0082163 A1) – Fig. 4, [0105]: a switch 2 (=service routing trigger) forwards packet to a node (=service node) to perform firewall service 3 (=packet processing function), receives the serviced packet, and forwards the serviced packet to another load to perform load balancer service 4.	Zhang et al. (CN 101030946 A) – Fig. 1, pg. 2 and second to last paragraph: a switch (=service routing trigger) forwards a request message to firewall 1 (=service node) to perform NAT operation (=packet processing function), receives the serviced message and forwards it to a load balancer 3, receives the converted request message and forwards it to a data service node.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to THE HY NGUYEN whose telephone number is (571)270-3813.  The examiner can normally be reached on Mo-Fr: 8am-4pm. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Avellino, can be reached on (571) 272-3905.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/THE HY NGUYEN/               Examiner, Art Unit 2478