DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/25/2022 has been entered.
 Claim Objections
Claims 17-18 are objected to because of the following informalities:  
Claim 17, lines 2: limitation has typographical error; recommend inserting period at end of the sentence.  
Claim 18: appears to be another method as claimed in independent claims 1 and 12; there is typographical error, as there are two dependent claims of 19 and 20 which should depend on claim 18. However, dependent claims of 19 and 20 are duplicate to dependent claims 16 and 17, depending on claim 1 which appear to be in errors. Recommend to change dependent claim 18 to an independent claim as the claim limitations are the same scope as independent claims 1 and 12.
Appropriate correction is required.

Response to Amendment
This action is in response to the communications and remarks filed on 10/25/2022. Claims 1 and 12-13 have been amended. Claims 16-20 have been added. Claims 1-20 have been examined and are pending.
Response to Arguments
Applicant’s Amendments necessitated anew ground of rejection; accordingly, Applicant’s arguments see pages 7-13 of remarks, filed 10/25/2022, with respect to amended independent claims 1 and 12 (Koninkl Philips Electronics NV ) have been considered but are moot in view of the new ground of rejections (Shi et al, hereinafter (“Shi”), WIPO Patent Application (WO2017143611 A1)) applied below.

Applicants’ arguments in the instant Amendment, filed on 10/25/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “35 U.S.C. 102(b): The Examiner has rejected claims 1-7 and 9-14 under 35 U.S.C. § 102 as allegedly being anticipated by Koninkl Philips Electronics NV (CN 103765842A). Applicant contends that claims 1-7 and 9-14 are not anticipated by Koninkl Philips Electronics NV because Koninkl Philips Electronics NV does not teach each and every element of the claims... A method for transmitting data packets via a network from a transmitter to a receiver using a communication connection comprising at least a transmission section used to transmit a data packet from a transmit node of the transmission section to a receive node of the transmission section and at least a next transmission section used to transmit the data packet from a transmit node of the next transmission section to a receive node of the next transmission section, having the following steps: assigning an item of security information for the transmission section, which comprises information relating to a cryptographic protective function used when transmitting the data packet, to the data packet by the transmit node of the transmission section, transmitting the data packet containing the assigned security information to the receive node of the transmission section, checking the item of security information in the receive node of the transmission section with respect to a predefined guideline, and providing, by the transmit node of the next transmission section, at least one measure depending on the checking result, wherein a protective function for the data packet to be applied in the next transmission section is selected as a measure. Applicant's claimed embodiments use at least two transmission sections, namely, a transmission section (for example, TSi) and a next transmission section (for example, TSi+1).' An item of security information is assigned to the data packet for the transmission section.2 The item of 1 Published Specification, at ¶¶ [0008], [0013], [0054]. security information includes information relating to a cryptographic protective function used in the transmission section.3 For example, the security information may include the cryptographic protective function used when transmitting the data packet via the transmission section.4 This security information may then be used to select a protective function to be applied in the next transmission section.5 As explained in the Specification, it may thus be possible "to select the protective function in the subsequent transmission section on the basis of the knowledge of the protective functions used in the preceding transmission section. 6  The cited reference to Koninkl does not teach or suggest these limitations. Specifically, Koninkl does not teach the limitations of checking the item of security information in the receive node of the transmission section with respect to a predefined guideline, and providing, by the transmit node of the next transmission section, at least one measure depending on the checking result, wherein a protective function for the data packet to be applied in the next transmission section is selected as a measure." 
		While Koninkl teaches at least two transmission sections: first network 120, second network 108, and intermediate device that is connected using a first and second transport protocol at most; additionally performing security verification in order to conduct end-to-end connectivity based on the authentication field of the header of the packets, TCP/IP based networks. The intermediate devices changes the data packets from a format on the first network to the format on the second  [Koninkl, paras 0013-0015, 0020-0024, and 0071-0073]. The Examiner respectfully submits that even in arguendo with respects to Koninkl, Examiner has identified Shi, WIPO Patent Application (WO2017143611 A1) to reject the amended claims below.
Applicant’s arguments: “The Examiner points to the use of an intermediate device that receives a data packet from a first network, reformats/translates an original header of the data packet, and then sends the data packet to a second network. As Applicant previously argued, Koninkl expressly teaches that the intermediate device is only reformatting/translating-it does not check the security information and does not select a measure that is a protective function for the next transmission section.7 In fact,  Koninkl teaches that the cited intermediate device "is not actively involved" in the secure end to end connection nor in the verification of information.8 Further, the reference teaches the intermediate 3Id. at ¶¶ [0024], [0055]. device does not even have knowledge of the private key used in the security protocol.9 Based on these teachings, the reference does not teach or suggest that the intermediate device performs, or even could perform, the recited limitations of substantively checking the security information for a transmission section. The cited reformatted header of Koninkl does not relate to a data packet assigned security information comprising information related to a cryptographic protective function used when transmitting the data packet. Instead, Koninkl's teaching is only that the header is translated/reformatted for the second network. Thus, Koninkl does not teach these limitations.”
		As discussed above, Examiner respectfully submits that even in arguendo with respects to Koninkl, Examiner has identified Shi, WIPO Patent Application (WO2017143611 A1) to reject the amended claims below.
Applicant’s arguments: “Further, even assuming arguendo Koninkl could be interpreted as substantively checking the security information, the reference does not then use that checking to provide a measure for the protection of a next transmission section. Again, Koninkl is clear that its intermediate device is not actively involved in the security of the connection nor in the verification of information. As discussed above, it acts only to reformat headers as part of the forwarding process and does not use security information from one transmission section to set a protective function to be applied in the next transmission section. Koninkl's teachings are not the same as checking in the receive node of the transmission section and providing by the transmit node of the next transmission section as recited in the currently claimed embodiments. Again, as discussed above, the cited intermediate device of Koninkl is not involved in the security of the data packet and does not perform these functions. Thus, Koninkl fails to teach or suggest these limitations. 
		For at least these reasons, the cited reference to Koninkl fails to teach the limitations of independent claim 1 and the claim is in condition for allowance. Independent claims 12 and 13 include similar limitations and are allowable for at least the same reasons. Accordingly, Applicant respectfully requests reconsideration and removal of the anticipation rejection, and further contends that the pending claims are in condition for allowance.”
		As discussed above, Examiner respectfully submits that even in arguendo with respects to Koninkl, Examiner has identified Shi, WIPO Patent Application (WO2017143611 A1) to reject the amended claims below.
Applicant’s arguments: “35 U.S.C. 103: The Examiner has rejected claim 8 under 35 U.S.C. § 103 as allegedly being unpatentable over Koninkl Philips Electronics NV (CN 103765842A) in view of Wakiyama (U.S. Patent Application Publication No. 2005/0010759). 
		Because claim 8 depends from independent claim 1, if independent claim 1 is allowable, claim 8 is likewise allowable. Applicant contends that at least based on the foregoing, independent claim 1 is allowable. Therefore, claim 8 is likewise allowable. 
		Based on the forgoing, Applicant requests reconsideration and removal of the obviousness rejection, and further contends that the pending claims are in condition for allowance.”
		Examiner respectfully submits that even in arguendo with respects to Wakiyama, Examiner has identified Shi, WIPO Patent Application (WO2017143611 A1) to reject dependent claim 8 as it depends on independent claim 1.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shi et al, hereinafter (“Shi”), WIPO Patent Application (WO2017143611 A1).
Regarding currently amended claims 1, Shi teaches a method for transmitting data packets via a network from a transmitter to a receiver using a communication connection comprising at least a transmission section used to transmit a data packet from a transmit node of the transmission section to a receive node of the transmission section and at least a next transmission section the data packet  from a transmit node of the transmission section to a receive node of the transmission section, having the following steps [Shi,  p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section and at least a next transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904. p. 7, ¶6: Figure 2 shows another possible application scenario of the present invention which include a third network device (which may act as a Network Virtualization Edge (NVE) device) in communication with the controller; the third network device communicates with the second network device. The controller sends the VNI1 to the first network device and the second network device, the VNI1 for indicating the first virtual network, the first virtual network including the first network device and the second network device. The controller issues VNI2 to a second network device and a third network device, the VNI2 being used to indicate a second virtual network, the second virtual network including the second network device and the third network device.] 
assigning an item of security information for the transmission section, which comprises information relating to a cryptographic protective function used when transmitting the data packet the transmit node of the transmission section, [Shi,  p. 1, ¶7: first aspect provides an encryption method for processing Virtual Extensible Local Area Network (VXLAN) messages (data packet) that include a request message that carries the attribute information of the network device, for the controller to obtain a request to assign a VXLAN Network Identifier (VNI) (an item of security information for the transmission section). “The VXLAN security policy being used to encrypt VXLAN packets carrying the VNI and then transmitting the VNI and the VXLAN security policy to the network device.” p. 2, ¶3: the VXLAN security policy identifier includes a VXLAN security policy number, a security level identifier, or a policy type identifier. p. 3, ¶2-4 Based on the scheme provided by the embodiment, the network device encrypts the VXLAN message based on the VXLAN security policy (information relating to a cryptographic protective function) issued by the controller. The VXLAN packet is encrypted based on the VXLAN security policy.]
transmitting the data packet containing the assigned security information to the receive node of the [Shi,  p. 3, ¶14 and p. 4, ¶ the second network device receiving an encrypted VXLAN message from a first network device carrying a VNI message, the first network device and the second network device being located at the VNI. In the network; determining that the encrypted VXLAN message carries the encrypted flag bit, the VXLAN security policy corresponding to the VNI is obtained from the VNI in the encrypted VXLAN message, the VXLAN security policy being from the control p. 10, ¶7: “When the request message is from the network device, the network device may allocate a VNI based on a service request, for example when the network device needs to send a VXLAN message, the network device issues the request message to the controller”]
checking the security information in [[a]] the receive node of the transmission section with respect to a predefined guideline, [Shi,  p. 2, ¶2: ...before the controller acquires the VNI according to the attribute information carried by the request message and obtains a VXLAN security policy corresponding to the VNI, the controller is automatically generated according to a preset policy rule -- The VXLAN security policy. p.4, ¶¶5-7: The VNLAN security policy corresponding to the VNI is acquired according to the VNI in the encrypted VXLAN message when the second network device determines that the encrypted flag carried by the encrypted VXLAN message is set, When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline).] and 
providing, by the transmit node of the next transmission section, at least one measure depending on the checking result, wherein a protective function for the data packet to be applied in [[a]] the next transmission section is selected as a measure. [See Shi,  p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline). Wherein the second network device generates a policy authentication according to a policy authentication algorithm identifier carried by the VXLAN security policy before the second network device decrypts the encrypted VXLAN message according to the VXLAN security policy. Examiner interprets that the VXLAN security policy is analogous to a predefined guideline as guidelines are a well-known in the arts to be a prescribed rule or policy is known beforehand. ]
Regarding currently amended claim 2, Shi teaches claim 1 as described above.
Shi teaches wherein the data packet is assigned a further item of security information for the next transmission section and the further item of security information is transmitted, together with the at least one first item of security information, to [[the]] next receive node. [See Shi,  p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set (a further item of security information for the next transmission section), sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline).] 
   Regarding claim 3, Shi teaches claim 1 as described above.
Shi teaches wherein the item of security information is assigned by arranging the item of security information in the header of the data packet. [Shi, p. 6, ¶1: ...the VXLAN security policy corresponding to the VNI while transmitting the VNI to the network device. Thus, the VINLAN packet is encrypted according to the VNLAN security policy corresponding to the VNI application when the network device as the transmitting end encapsulates the VXLAN message. Examiner interprets the encapsulation of the VXLAN message as analogous to arranging the item of security information in the header of the data packet; as the process of encapsulation incorporates appending or concatenating to the beginning and/or end of a header of a data packet. Therefore, the function of encapsulating/encapsulation is mapped as such.] 
Regarding claim 4, Shi teaches claim 1 as described above.
Shi teaches wherein the assignment is carried out by arranging a reference value of the item of security information in the header of the data packet, and the security information is determined by the receive node in a security server on the basis of the reference value. [See Shi,  p. 1, ¶7: first aspect provides an encryption method for processing VXLAN messages that include a request message that carries the attribute information of the network device, for the controller to obtain a request to assign a VXLAN Network Identifier (VNI). The VXLAN security policy being used to encrypt VXLAN packets carrying the VNI (a reference value of the item of security information in the header of the data packet) and then transmitting the VNI and the VXLAN security policy to the network device. p. 2, ¶3: the VXLAN security policy identifier includes a VXLAN security policy number, a security level identifier, or a policy type identifier. P. 8, ¶3: The controller assigns a VNI to the virtual network, and transmits the VNI to the first network device and the second network device according to the IP addresses of the first network device and the second network device. In this way, the first network device may use the VNI to encapsulate the VXLAN message, and the second network device may decrypt the VXLAN message according to VNI. Examiner interprets the encapsulation of the VXLAN message as analogous to arranging the reference value in the header of the data packet; as the process of encapsulation incorporates appending or concatenating to the beginning and/or end of a header of a data packet. Therefore, the function of encapsulating/encapsulation is mapped as such.]
       	Regarding claim 5, Shi teaches claim 1 as described above.                                                                                        
 Shi teaches wherein the assignment is carried out by arranging the item of security information in a header of a superordinate data packet containing the data packet. [See Shi,  p. 1, ¶7: first aspect provides an encryption method for processing VXLAN messages that include a request message (a superordinate data packet)] 

 Regarding claim 6, Shi teaches claim 1 as described above.
Shi teaches wherein the cryptographic protective function comprises at least one of the details relating to a security option used, a security protocol used, and/or a detail relating to the protected transmission path, for which the cryptographic protective function is valid. [Shi, p. 15, ¶6: In the present application, the controller may be an SDN controller, and the SDN controller and the network device complete the exchange of messages and the transmission of information through the control channel of the OpenFlow protocol specification. In this way, the VXLAN security policy can be developed and SDN network organically combined.] 
 
Regarding claim 7, Shi teaches claim 1 as described above.
Shi teaches wherein the item of security information is transmitted in a manner cryptographically protected and/or encrypted with respect to the authenticity of the transmit node and the integrity of the security information. [See p. 2, ¶2: ...before the controller acquires the VNI according to the attribute information carried by the request message and obtains a VXLAN security policy corresponding to the VNI, the controller is automatically generated according to a preset policy rule -- The VXLAN security policy.]

Regarding currently amended claim 8, Shi teaches claim 1 as described above.
Shi teaches wherein the item of security information comprises an item of information relating to [[the]] an authentication method used by the transmitter of the data packet when accessing the network. [See Shi, p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section and at least a next transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904. p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data (an item of information relating to [[the]] an authentication method), which is used to verify the consistency of the VXLAN security policy (a predefined guideline).].

 Regarding claim 9, Shi teaches claim 1 as described above.
Shi teaches wherein the respective transmit node transmits item of the security information to a filter node or to the security server. [See Shi,  p. 7, ¶6: Figure 2 shows another possible application scenario of the present invention which include a third network device (which may act as a Network Virtualization Edge (NVE) device) in communication with the controller...] 

 Regarding claim 11, Shi teaches a system for transmitting data packets via a network from a transmitter to a receiver using a communication connection comprising at least two transmission sections which are used to transmit the data packet, comprising at least one transmit node and one receive node which are configured to carry out the method as claimed in claim 1. [Shi, See p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section and at least a next transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904. p. 1, ¶5: embodiment of the present invention provides a system for processing VXLAN packets to realize a more flexible and simpler VXLAN message encryption and decryption technology.] 

Regarding claim 12, Shi teaches a transmit node for transmitting data packets via a network from a transmitter to a receiver using a communication connection comprising at least a transmission section used to transmit a data packet from the transmit node to a receive node of the transmission section and at least a next transmission section used to transmit [[a]] the data packet from [[the]] a transmit node of the next transmission section to a receive node of the next transmission section, comprising:  [Shi, p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904. p. 7, ¶6: Figure 2 shows another possible application scenario of the present invention which include a third network device (which may act as a Network Virtualization Edge (NVE) device) in communication with the controller; the third network device communicates with the second network device. The controller sends the VNI1 to the first network device and the second network device, the VNI1 for indicating the first virtual network, the first virtual network including the first network device and the second network device. The controller issues VNI2 to a second network device and a third network device, the VNI2 being used to indicate a second virtual network, the second virtual network including the second network device and the third network device.]
an assignment unit which is configured to assign an item of security information for the transmission section, which comprises information relating to a cryptographic protective function used when transmitting the data packet, to the data packet, [See Shi,  p. 1, ¶7: first aspect provides an encryption method for processing Virtual Extensible Local Area Network (VXLAN) messages (data packet) that include a request message that carries the attribute information of the network device, for the controller to obtain a request to assign a VXLAN Network Identifier (VNI) (an item of security information for the transmission section). “The VXLAN security policy being used to encrypt VXLAN packets carrying the VNI and then transmitting the VNI and the VXLAN security policy to the network device.” p. 2, ¶3: the VXLAN security policy identifier includes a VXLAN security policy number, a security level identifier, or a policy type identifier. p. 3, ¶2-4 Based on the scheme provided by the embodiment, the network device encrypts the VXLAN message based on the VXLAN security policy (information relating to a cryptographic protective function) issued by the controller. The VXLAN packet is encrypted based on the VXLAN security policy.] and 
a transmit unit which is configured to transmit the data packet containing the assigned item of security information to the receive node of the transmission section, wherein a protective function for the data packet to be applied in [[a]] the next transmission section is selected as a measure at the receive node. [See Shi,  p. 3, ¶14 and p. 4, ¶ the second network device receiving an encrypted VXLAN message from a first network device carrying a VNI message, the first network device and the second network device being located at the VNI. In the network; determining that the encrypted VXLAN message carries the encrypted flag bit, the VXLAN security policy corresponding to the VNI is obtained from the VNI in the encrypted VXLAN message, the VXLAN security policy being from the control. p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline). Wherein the second network device generates a policy authentication according to a policy authentication algorithm identifier carried by the VXLAN security policy before the second network device decrypts the encrypted VXLAN message according to the VXLAN security policy. p. 10, ¶7: “When the request message is from the network device, the network device may allocate a VNI based on a service request, for example when the network device needs to send a VXLAN message, the network device issues the request message to the controller”]

 Regarding claim 13, Shi teaches a receive node for transmitting data packets via a network from a transmitter to a receiver using a communication connection[[)]] comprising at least a transmission section used to transmit a data packet from a transmit node of the transmission section to the receive node and at least a next transmission section used to transmit [[a]] the data packet from a transmit node of the next transmission section to [[the]] a receive node of the next transmission section, comprising: [See Shi, p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section and at least a next transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904.  p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section) of the above-described embodiments for present invention]
a receive unit which is configured to receive the data packet,  [See Shi,  p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver (a receive unit) via interface 903 that is connected to a bus 904. ] 
a checking unit which is configured to check the item of security information for the transmission section with respect to a predefined guideline, wherein the item of security information includes information relating to a cryptographic protective function used when transmitting the data packet to the receive node, [See Shi,  p. 2, ¶2: ...before the controller acquires the VNI according to the attribute information carried by the request message and obtains a VXLAN security policy corresponding to the VNI, the controller is automatically generated according to a preset policy rule -- The VXLAN security policy. p.4, ¶¶5-7: The VNLAN security policy corresponding to the VNI is acquired according to the VNI in the encrypted VXLAN message when the second network device determines that the encrypted flag carried by the encrypted VXLAN message is set, When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline).]  and 
a provision unit which is configured to provide at least one measure depending on the checking result, wherein a protective function for the data packet in [[a]] the next transmission section is selected as a measure. [See Shi,  p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline). Wherein the second network device generates a policy authentication according to a policy authentication algorithm identifier carried by the VXLAN security policy before the second network device decrypts the encrypted VXLAN message according to the VXLAN security policy. Examiner interprets that the VXLAN security policy is analogous to a predefined guideline as guidelines are a well-known in the arts to be a prescribed rule or policy is known beforehand.] 
 Regarding claim 14, Shi teaches a computer program product, comprising a computer readable hardware storage device having computer readable code stored therein, said program code executable by a processor of a computer system to implement the method as claimed claim 1. [Shi,  p.25, ¶3: ... various aspects of the present invention, or various possible implementations thereof, may take the form of a computer program product, which refers to computer readable program code stored in a computer readable medium. ] 

Regarding new claim 18, Shi teaches claim 1 as described above.
Shi teaches wherein the communication connection further comprises at least a further transmission section used to transmit the data packet from a transmit node of the further transmission section to a receive node of the further transmission section, and wherein the method further comprises: [See Shi,  p. 21, ¶¶7-8: Fig. 9 shows the hardware structure of the controller 900, first network device (a transmit node of the transmission section), and second network devices (a receive node of the transmission section) of the above-described embodiments for present invention that comprises a transmitter and a receiver via interface 903 (a transmitter to a receiver using a communication connection) that is connected to a bus 904. p. 7, ¶6: Figure 2 shows another possible application scenario of the present invention which include a third network device (which may act as a Network Virtualization Edge (NVE) device) in communication with the controller; the third network device communicates with the second network device. The controller sends the VNI1 to the first network device and the second network device, the VNI1 for indicating the first virtual network, the first virtual network including the first network device and the second network device. The controller issues VNI2 to a second network device and a third network device, the VNI2 being used to indicate a second virtual network, the second virtual network including the second network device and the third network device.]
assigning a next item of security information for the next transmission section, which comprises information relating to a cryptographic protective function used when transmitting the data packet, to the data packet by the transmit node of the next transmission section, [See Shi,  p. 1, ¶7: first aspect provides an encryption method for processing Virtual Extensible Local Area Network (VXLAN) messages (data packet) that include a request message that carries the attribute information of the network device, for the controller to obtain a request to assign a VXLAN Network Identifier (VNI) (an item of security information for the transmission section). “The VXLAN security policy being used to encrypt VXLAN packets carrying the VNI and then transmitting the VNI and the VXLAN security policy to the network device.” p. 2, ¶3: the VXLAN security policy identifier includes a VXLAN security policy number, a security level identifier, or a policy type identifier. p. 3, ¶2-4 Based on the scheme provided by the embodiment, the network device encrypts the VXLAN message based on the VXLAN security policy (information relating to a cryptographic protective function) issued by the controller. The VXLAN packet is encrypted based on the VXLAN security policy.]
transmitting the data packet containing the assigned next item of security information to the receive node of the next transmission section, [See Shi,  p. 3, ¶14 and p. 4, ¶ the second network device receiving an encrypted VXLAN message from a first network device carrying a VNI message, the first network device and the second network device being located at the VNI. In the network; determining that the encrypted VXLAN message carries the encrypted flag bit, the VXLAN security policy corresponding to the VNI is obtained from the VNI in the encrypted VXLAN message, the VXLAN security policy being from the control p. 10, ¶7: “When the request message is from the network device, the network device may allocate a VNI based on a service request, for example when the network device needs to send a VXLAN message, the network device issues the request message to the controller”]
checking the item of security information in the receive node of the next transmission section with respect to a predefined guideline, [See Shi,  p. 2, ¶2: ...before the controller acquires the VNI according to the attribute information carried by the request message and obtains a VXLAN security policy corresponding to the VNI, the controller is automatically generated according to a preset policy rule -- The VXLAN security policy. p.4, ¶¶5-7: The VNLAN security policy corresponding to the VNI is acquired according to the VNI in the encrypted VXLAN message when the second network device determines that the encrypted flag carried by the encrypted VXLAN message is set, When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline).] and 
providing, by the transmit node of the further transmission section, at least one measure depending on the checking result, wherein a protective function for the data packet to be applied in the further transmission section is selected as a measure. [See Shi,  p.4, ¶¶5-7: ...When the second network device determines that the encrypted VXLAN message carrying security flag bit is set, sending a request message to the controller, the request message carrying the VNI; the second network device receiving The VNI from the controller and the VXLAN security policy corresponding to the VNI. The VXLAN security policy carries the same policy authentication data, which is used to verify the consistency of the VXLAN security policy (a predefined guideline). Wherein the second network device generates a policy authentication according to a policy authentication algorithm identifier carried by the VXLAN security policy before the second network device decrypts the encrypted VXLAN message according to the VXLAN security policy. Examiner interprets that the VXLAN security policy is analogous to a predefined guideline as guidelines are a well-known in the arts to be a prescribed rule or policy is known beforehand.]

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Shi et al, hereinafter (“Shi”), WIPO Patent Application (WO2017143611 A1), in view of Hu et al, hereinafter (“Hu”), US PG Publication (20210044567 A1), in view of .
Regarding claim 10, Shi teaches claim 1 as described above.
However, Shi fails to explicitly teach but Hu teaches wherein the transmitter additionally specifies a minimum security requirement for all transmission sections or for at least one transmission section and arranges the minimum security requirement in the data packet. [Hu et al 20210044567 A1, ¶0059: data segment labels 340 implicitly indicate minimum security requirements] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of method, device, and system for processing a VXLAN packet of Shi before him or her by including the teachings of a method, apparatus, and computer readable medium for providing security service for data center of Hu. The motivation/suggestion would have been obvious to try to modify the VXLAN messages of a request message as taught by Shi by adding the functionality of the data segments labels as the output indicates minimum security requirements as taught by Hu [Hu, ¶¶0058-0059].  

Claims 16-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shi et al, hereinafter (“Shi”), WIPO Patent Application (WO2017143611 A1), in view of Byun et al, hereinafter (“Byun”), US PG Publication (20200154400 A1).
Regarding new claims 16 and 19, Shi teaches claim 1 as described above.
Shi teaches repeated [See Shi, p. 16, ¶7: specific implementation process may be described in the foregoing description of the embodiment with respect to Figure 3, will be repeated]; however, Shi does not explicitly teach but Byun teaches wherein the method is repeated for the next transmission section. [Byun, ¶0088: since UL transmission is repeated, a plurality of contention-based grant-free UL resource may be allocated to the UE; ¶0099: subsequent repeated transmission is performed on a resource scheduled with the UL grant.] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Shi and Hu before him or her by including the teachings of a method, apparatus, and a method and device for transmitting grant-free-based uplink data in wireless communication system of Byun. The motivation/suggestion would have been obvious to try to modify the VXLAN messages of a request message as taught by Shi by adding the functionality of the data segments labels as the output indicates minimum security requirements as taught by Hu, with UL transmission is repeated as a plurality of resources [Byun, ¶0088].  

Regarding new claims 17 and 20, Shi teaches claim 16 as described above.
However, Shi does not explicitly teach but Byun teaches wherein the method is repeated for a further transmission section subsequent to the next transmission section [See Byun, ¶0088: since UL transmission is repeated, a plurality of contention-based grant-free UL resource may be allocated to the UE; ¶0099: subsequent repeated transmission is performed on a resource scheduled with the UL grant.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Shi and Hu before him or her by including the teachings of a method, apparatus, and a method and device for transmitting grant-free-based uplink data in wireless communication system of Byun. The motivation/suggestion would have been obvious to try to modify the VXLAN messages of a request message as taught by Shi by adding the functionality of the data segments labels as the output indicates minimum security requirements as taught by Hu, with UL transmission is repeated as a plurality of resources [Byun, ¶0088].  

 Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Fluhrer (20120060029 A1) teaches a method and system for dynamic secured group communication.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Sakinah White Taylor/Primary Examiner, Art Unit 2497