DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3-6, 8-9, 11-15, 17 and 18 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Raut et al. (US 2021/0218652 A1) hereinafter “RAUT”.
Regarding claim 1:
RAUT discloses a method comprising: 
receiving, by a software defined networking (SDN) controller (Fig. 4, 110) of a multi-tenant virtualized data center, a security policy expressed as one or more tags (Fig. 4, 445, Fig. 6, 610, Fig. 8, 830, Fig. 9, 910) to redirect traffic of a virtualized application workload to a host-based firewall (HBF) (Fig. 6, 651-654, Fig. 8, 861-863, [0063]) of the multi-tenant virtualized data center; 
configuring, by the SDN controller, a virtual router (Fig. 6, 171, Fig. 8, 171-172, Fig. 9, 171-172) to direct traffic of the virtualized application workload to the HBF in accordance with the security policy ([0049], [0050], [0063]); 
obtaining, by a security controller (Fig. 4, 110) that manages the HBF, the one or more tags (Fig. 4, 450 and 455) from the SDN controller; 
receiving, by the security controller, one or more firewall policies (Fig. 4, 445) expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and 
configuring, by the security controller, the function of the HBF in accordance with the one or more firewall policies (Fig. 4, 465, [0063], [0079]).
Regarding claim 3:
RAUT further discloses configuring, by the SDN controller, a virtual execution element ([0079], hypervisor, Fig. 2, 214A-C) of a server of the multi-tenant virtualized data center to implement the HBF.
Regarding claim 4:
RAUT further discloses wherein the virtual execution element comprises a virtual machine of the multi-tenant virtualized data center (Fig. 2, 214A-C).
Regarding claim 5:
RAUT further discloses wherein the virtual execution element comprises a container of a server (Fig. 2, 215A-C, 217A-C, or 219A-C) of the multi-tenant virtualized data center.
	Regarding claim 6:
RAUT further discloses obtaining, by the security controller, a virtual local area network (VLAN) identifier (Fig. 4, 450 and 455, srcGroup, dstGroup) for one or more tenants of the multi-tenant virtualized data center; configuring, by the security controller, an instance of the HBF (Fig. 6, 651-654) for each of the one or more tenants of the multi-tenant virtualized data center, wherein configuring the function of the HBF in accordance with the one or more firewall policies further comprises configuring the one or more firewall policies (Fig. 6, 640) using the one or more tags and the VLAN identifier for the one or more tenants of the multi-tenant virtualized data center.
	Regarding claim 8:
RAUT further discloses in response to obtaining the one or more tags from the SDN controller, converting, by the security controller, the tags to IP addresses, wherein, to configure the function of the HBF in accordance with the one or more firewall policies, the security controller is configured to configure the function of the HBF based on the IP addresses ([0083], translating trace request to tuple information).
	Regarding claims 9, 11-15, 17 and 18:
	Similar features to claims 1, 3-6, and 8. Same rationales also applicable. 

	Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 10, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over RAUT.
Regarding claim 2:
RAUT further discloses wherein the function of the HBF comprises at least one of Intrusion Prevention System an Intrusion Detection System ([0063]).
RAUT does not disclose the function of the HBF comprises the functions of anti-virus and malware detection.
However, Examiner submits that the functions of anti-virus and malware detection are well known in the art; and it would have been obvious to one of ordinary skilled in the art before the effective filing date of the invention to modify the system of RAUT to include these functions in order to enhance protection for the network.
Regarding claims 10 and 19:
	Rejection for claim 2 applicable. 

Allowable Subject Matter
Claims 7, 16, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.	

	Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BO HUI A ZHU whose telephone number is (571)270-1086. The examiner can normally be reached Mon-Fri 10am-7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Marsha Banks-Harold can be reached on 5712727905. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BO HUI A ZHU/Primary Examiner, Art Unit 2465