11324648 (P.T.A.B. Feb. 22, 2017)

Ex Parte Strub et al

Patent Trial and Appeal BoardFeb 22, 2017

11324648 (P.T.A.B. Feb. 22, 2017)

United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/324,648 01/03/2006 Lyle Strub ALC 3982 7611 76614 7590 02/24/2017 Terry W. Kramer, Esq. Kramer & Amado, P.C. 330 John Carlyle Street 3rd Floor Alexandria, VA 22314 EXAMINER ALMEIDA, DEVIN E ART UNIT PAPER NUMBER 2492 NOTIFICATION DATE DELIVERY MODE 02/24/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): mail@krameramado.com ipsnarocp @ nokia. com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte LYLE STRUB, ADRIAN GRAH, and BASHAR SAID BOU-DIAB Appeal 2015-004750 Application 11/324,648 Technology Center 2400 Before DAVID M. KOHUT, JASON V. MORGAN, and BRYAN F. MOORE, Administrative Patent Judges. KOHUT, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. Â§ 134(a) of the final rejection of claims 1, 2, 4â€”13, and 16â€”28.1 We have jurisdiction under 35 U.S.C. Â§ 6(b). We AFFIRM-IN-PART the Examinerâ€™s rejection. INVENTION The invention is directed to a method and apparatus for monitoring traffic in communication networks for the detection of malicious traffic. Spec. 1. Claim 1 is illustrative of the invention and is reproduced below: 1. A method of monitoring data traffic in a communication network, comprising: 1 Claims 3, 14, and 15 were previously cancelled. Appeal 2015-004750 Application 11/324,648 receiving data traffic at a router connected to said communication network; monitoring, at said router, a flow of said received data traffic at a predetermined point on a flow path carrying said flow of data traffic; wherein said monitoring comprises a single stage monitoring process, wherein said single stage monitoring process is performed using exclusively one of a plurality of different monitoring criteria, including a first monitoring criteria and a second monitoring criteria, such that data traffic that is subject to monitoring at said predetermined point is only monitored according to one of said monitoring criteria; said monitoring further including monitoring said flow of data traffic at said predetermined point on said flow path according to said first monitoring criteria; based on information contained in the data traffic monitored according to the first criteria, determining whether data in the traffic is indicative of a malicious threat to one or more resources connected to said communication network, and only if said determining step determines that data in said traffic is indicative of a malicious threat, changing the monitoring criteria in said single stage monitoring process from the first monitoring criteria to the second monitoring criteria; and monitoring subsequently received data traffic at said predetermined point along said flow path according to said second monitoring criteria, instead of said first monitoring criteria. REFERENCES Cantrell Munson Piesco Portolani US 2004/0030776 A1 US 2004/0143756 A1 US 2006/0010493 A1 US 2006/0095968 A1 Feb. 12, 2004 July 22, 2004 Jan. 12, 2006 May 4, 2006 2 Appeal 2015-004750 Application 11/324,648 REJECTIONS AT ISSUE Claims 1, 2, 4â€”6,2 10-13, 16â€”24,3 and 26â€”284 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over the combination of Portolani and Piesco. Final Act. 3-6 and 9-14. Claims 7, 8, 9, and 25 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over the combination of Portolani, Piesco, and Cantrell. Final Act. 6 and 12. ISSUES Did the Examiner err in finding that the combination of Portolani and Piesco teaches or suggests: (a) changing the monitoring criteria in said single stage monitoring process from the first monitoring criteria to the second monitoring criteria only if said determining step 2 On page 3 of the Final Rejection, the Examiner correctly included claims 5 and 6 in the statement of the rejection as being unpatentable over the combination of Portolani and Piesco. In the body of the Examinerâ€™s rejection, the Examiner indicated that, in addition to Portolani and Piesco, Munson was being used to reject claim 4 and, thereby, claims 5 and 6. Final Act. 6. However, Munson was not relied upon to teach any of the limitations of claims 4-6. Final Act. 6. We find this to be harmless error and note it here. 3 On page 3 of the Final Rejection, the Examiner correctly included claims 21 and 22 in the statement of the rejection as being unpatentable over the combination of Portolani and Piesco. In the body of the Examinerâ€™s rejection, the Examiner indicated Cantrell instead of Piesco was used to reject claims 16 and 17 and, thereby, claims 21, and 22. Final Act. 12. However, Cantrell was not relied upon to teach any of the limitation of claims 16, 17, 21, or 22. Final Act. 10â€”13. We see this as harmless error and note it here. 4 On page 3 of the Final Rejection, the Examiner included claims 7, 8, 9, and 25 in the statement of rejection as being unpatentable over Portolani and Piesco. However, in the Examinerâ€™s rejection of claim 7 (and thereby, dependent claims 8, 9, and 25), the Examiner uses Portolani, Piesco, and Cantrell. Final Act. 3â€”7 and 14. We find this to be harmless error and indicate the appropriate headings here. 3 Appeal 2015-004750 Application 11/324,648 determines that data in said traffic is indicative of a malicious threat, or monitoring subsequently received data traffic at said predetermined point along said flow path according to said second monitoring criteria, instead of said first monitoring criteria, as recited in claim 1 and similarly recited in claims 12 and 16; (b) the first monitoring criteria includes a first rate at which received data traffic at said predetermined point is sampled to produce said information, and said second monitoring criteria includes a second rate at which received data at said predetermined point is sampled, and said second sampling rate is higher than said first sampling rate, as recited in claim 4 and similarly recited in claims 20 and 24; (c) identifying a parameter associated with data in said traffic that is indicative of a malicious threat, and wherein said monitoring subsequently received data according to said second monitoring criteria comprises controlling selectivity of data in said traffic for monitoring, based on said parameter, as recited in claim 5; (d) the monitor comprises a sampler for sampling the data traffic, and that the sampler is capable of being configured to sample the data traffic according to a plurality of different sampling criteria, as recited in claim 21; (e) the first monitoring criteria includes collecting information that may be associated with a plurality of different malicious threats, and that the determining step comprises determining if the collected information is indicative of a particular one or particular ones of the plurality of different malicious threats, and if it is determined that the collected information is indicative of a particular one or ones of the plurality of different threats, the second monitoring criteria comprises restricting collection of the information to information associated with the particular one or ones of the plurality of different threats, as recited in claim 23; 4 Appeal 2015-004750 Application 11/324,648 (f) the second monitoring criteria isolates characteristics of the malicious threat, as recited in claim 26; (g) if said module determines that data in said data traffic is indicative of a malicious threat, then said module changes state to reflect said malicious threat, wherein said second monitoring criteria isolates characteristics of said malicious threat, as recited in claim 27; and (h) the monitoring criteria isolates characteristics of the malicious threat, as recited in claim 28? Did the Examiner err in finding that the combination of Portolani, Piesco, and Cantrell teaches or suggests: (a) determining from information obtained from monitoring according to said second monitoring criteria, whether data in said received traffic is indicative of a malicious threat, as recited in claim 7; (b) only, if it is determined from information monitored according to said second monitoring criteria, that is data indicative of a malicious threat, monitoring subsequently received data at said predetermined point according to a third monitoring criteria, different from said first and second monitoring criteria, as recited in claim 8; (c) the second and third monitoring criteria comprise second and third rates of sampling the received data, respectively, wherein the third sampling rate is higher than the second sampling rate, as recited in claim 9; and (d) wherein said second monitoring criteria includes collecting information indicative of one or more of a plurality of different threats, and said third monitoring criteria comprises collecting more information relating to said one or more different threats than is collected using said second monitoring criteria, as recited in claim 25? ANALYSIS Claims 1, 12, and 16 Appellants contend that the combination of Portolani and Piesco fails to teach 5 Appeal 2015-004750 Application 11/324,648 based on information contained in the data traffic monitored according to the first criteria, determining whether data in the traffic is indicative of a malicious threat to one or more resources connected to said communication network, and only if said determining step determines that data in said traffic is indicative of a malicious threat, changing the monitoring criteria in said single stage monitoring process from the first monitoring criteria to the second monitoring criteria; and monitoring subsequently received data traffic at said predetermined point along said flow path according to said second monitoring criteria, instead of said first monitoring criteria, as recited in independent claim 1 and similarly recited in claims 12 and 16. Br. 8â€” 13. Appellants argue that Piesco discloses various INFOCON security levels that reflect the severity of an attack on a computer network and define particular protective actions to take in response, but do not have any relevance to monitoring criteria. Br. 10-11 (citing Piesco 17â€”28). We disagree with Appellants. The Examiner finds that Piesco teaches changing the monitoring criteria in a single stage monitoring process from the first monitoring criteria to the second monitoring criteria by disclosing an INFOCON NORMAL level where a subset of attack signatures are used and an elevated INFOCON ALPHA level where all attack signatures are turned on for use. Ans. 2 (citing Piesco 121). The Examiner interprets â€œfirst monitoring criteriaâ€ as monitoring where not all of the attack signatures have been turned on and â€œsecond monitoring criteriaâ€ as monitoring where all attack signatures have been turned on. Id. Hence, the Examiner finds that the adding of additional attack signatures represents a different or second monitoring criteria because monitoring would be performed for a larger set of attacks. Id. We agree with the Examinerâ€™s interpretation and find that Piesco teaches changing the monitoring criteria in a single stage monitoring process from the first monitoring criteria to the second monitoring criteria because the INFOCON NORMAL state monitors a subset of attack signatures while the 6 Appeal 2015-004750 Application 11/324,648 ALPHA state applies a second monitoring criteria different from the NORMAL state where all attack signatures are being monitored. Piesco 121. Thus, for the reasons stated supra, we sustain the Examinerâ€™s rejections of claims 1, 12, and 16. The rejections of claims 2, 10, 11â€”13, and 17â€”19 dependent therefrom, are not separately argued and are accordingly also sustained. Claims 4, 20, and 24 Appellants contend that the combination of Portolani and Piesco fails to teach â€œthe first monitoring criteria includes a first rate at which received data traffic at said predetermined point is sampled to produce said information, and said second monitoring criteria includes a second rate at which received data at said predetermined point is sampled, and said second sampling rate is higher than said first sampling rate,â€ as recited in claim 4 and similarly recited in claims 20 and 24. Br. 14, 21, and 23â€”24. Appellants argue that Piesco discloses various INFOCON security levels that reflect the frequency of an attack during a 24 hour period, but Piesco is silent as to the sampling rate of data traffic. Br. 14, 23, and 23â€”24 (citing Piesco 17â€”28). We agree with Appellants. The Examiner interprets Piescoâ€™s disclosure of applying additional attack signatures and hardening of firewall rules as disclosing different rates of sampling because the incoming data traffic is being applied to additional mles or filters. Ans. 2â€”3 (citing Piesco H 18, 21â€”23, and 25). However, the portions of Piesco cited by the Examiner do not describe any increase in sampling, but instead only disclose applying the same traffic data to an increased number of signatures or filters. Piesco is silent as to changing sampling rates when different INFOCON states are reached. Thus, for the reasons stated supra, we reverse the Examinerâ€™s rejections of claims 4, 20, and 24. 7 Appeal 2015-004750 Application 11/324,648 Claims 5 and 6 Appellants contend that the combination of Portolani and Piesco fails to teach â€œidentifying a parameter associated with data in said traffic that is indicative of a malicious threat, and wherein said monitoring subsequently received data according to said second monitoring criteria comprises controlling selectivity of data in said traffic for monitoring, based on said parameter,â€ as recited in claim 5. Br. 15. Claim 6 is dependent upon claim 5. The Examiner finds that Portolaniâ€™s disclosure of routing particular types of data to a particular intrusion detection system meets the claim element of â€œidentifying a parameter associated with data in said traffic that is indicative of a malicious threat, and wherein said monitoring subsequently received data according to said second monitoring criteria comprises controlling selectivity of data in said traffic for monitoring, based on said parameter.â€ Ans. 3 (citing Portolani H 21, 22, and 29). The Examiner interprets the type of data as the claimed parameter where the monitoring of each type of data is controlled selectively by sending a particular data type to a particular monitoring device. Id. Appellants argue that Portolaniâ€™s disclosure of routing data traffic to be monitored based on the type of data traffic does not teach the use a parameter that was determined to be indicative of a malicious threat in subsequent monitoring to control selectivity of the data for monitoring. Br. 15. We agree with Appellants. Portolani discloses several parameters for controlling selectivity of data for monitoring by directing traffic to a particular intrusion device based on VLAN identification, subnet, or type of traffic. Portolani 1121, 22, and 29; see Br. 15â€”16. Portolaniâ€™s disclosure does not meet the express requirements of claim 5 because the parameters are not based upon indications of a malicious threat, but are only based upon the type of data traffic. Accordingly, the 8 Appeal 2015-004750 Application 11/324,648 Examiner has not established, nor do we find, that the cited portions of Portolani teach identifying a parameter that is indicative of a malicious threat and then using that parameter to control selectivity of data in subsequent monitoring according to a second monitoring criteria. Accordingly, for the reasons stated supra, we cannot sustain the Examinerâ€™s rejection of claim 5 or claim 6 which is dependent upon claim 5. Claim 7 Claim 7 was rejected as obvious over Portolani as modified by Piesco and further refers to Cantrell. The Examiner finds that Cantrell teaches â€œperforming said monitoring according to said second criteriaâ€ and Piesco further teaches â€œdetermining from information obtained from monitoring according to said second criteria, whether data in said received traffic is indicative of a malicious threat.â€ Final. Act. 6 (citing Cantrell 16 and Piesco Tflf 16â€”28). Appellants do not dispute the Examinerâ€™s findings that the references teach the claimed features and only argue that Cantrell discloses a multi-level packet screening method that would teach away from the single stage monitoring method set forth in claim 7. Br. 18â€” 19. We disagree with Appellants. â€œA reference may be said to teach away when a person of ordinary skill, upon reading the reference, would be discouraged from following the path set out in the reference, or would be led in a direction divergent from the path that was taken by the applicant.â€ In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994); see also In re Fulton, 391 F.3d 1995, 1201 (Fed. Cir. 2004). Teaching an alternative or equivalent method, however, does not teach away from the use of a claimed method. See In re Dunn, 349 F.2d 433, 438 (CCPA 1965). Appellants do not point to an explicit disclosure within Cantrell that acts to criticize, discredit, or otherwise discourage the use of a single stage monitoring 9 Appeal 2015-004750 Application 11/324,648 process, but have instead asserted that the combination of Portolani with Cantrell would add further complexity. Br. 18â€”19. However, the mere addition of complexity, absent evidence that such complexity suggests the combination would have been unlikely to be productive of the result sought by Appellants (see Gurley, 27 F.3d at 553), would not rise to the level of teaching away absent a clear statement discouraging or criticizing the modification. Therefore, Appellants have not shown that Cantrell teaches away from the claimed invention. Thus, for the reasons stated supra, we sustain the Examinerâ€™s rejection of claim 7. Claims 8 and 25 Appellants contend that the combination of Portolani and Piesco fails to teach â€œonly, if it is determined from information monitored according to said second monitoring criteria, that said data is indicative of a malicious threat, monitoring subsequently received data at said predetermined point according to a third monitoring criteria, different from said first and second monitoring criteria,â€ as recited by claim 8. Br. 19. Initially, we note that claim 8 sets forth conditional claim elements in that the â€œmonitoring subsequently received data . . . according to a third monitoring criteriaâ€ occurs only â€œif it is determined from information monitored according to said second monitoring criteria, that said data is indicative of a malicious threat.â€ Under the broadest reasonable interpretation of claim 8, we conclude the step of monitoring subsequently received data, may never occur. Ex parte Schulhauser, Appeal No. 2013-007847, 2016 BL 173053, slip op at 9, available at https://www. uspto.gov/sites/default/files/documents/Ex%20parte%20Schulhauser%202016_04_ 28.pdf (PTAB, April 28, 2016) (precedential) (holding â€œThe Examiner did not need to present evidence of the obviousness of the remaining method steps of 10 Appeal 2015-004750 Application 11/324,648 claim 1 that are not required to be performed under a broadest reasonable interpretation of the claim.â€) Applying the precedential guidance of Schulhauser, the Examiner is not required to provide evidence of the obviousness of the claimed method step of subsequent monitoring when, under the broadest reasonable interpretation standard, the step is not required to be performed (i.e., when the step is optional given the broadest reasonable scenario). Accordingly, Appellantsâ€™ arguments directed to the subsequent monitoring using a third monitoring criteria are unavailing in view of the broadest reasonable scenario described above. Appellantsâ€™ arguments directed to the determining step are also unavailing. Br. 19. Appellants argue that â€œthere is no disclosure in Piesco of first, second and third monitoring criteria used to monitor incoming data traffic.â€ Id. However, as noted supra, in the analysis of claims 1, 12, and 16, we hold that Piesco discloses first and second monitoring criteria and teaches â€œdetermin[ing] from information monitored according to said second monitoring criteria, that said data is indicative of a malicious threatâ€ by disclosing a second monitoring criteria in the form of the activation of all attack signatures that would identify whether data is indicative of a malicious threat. Piesco 121. Appellants further contend that the combination of Portolani and Piesco fails to teach â€œsaid third monitoring criteria comprises collecting more information relating to said one or more different threats than is collected using said second monitoring criteria,â€ as recited by claim 25. Br. 24. Claim 25 depends from claim 8 and further defines the third monitoring criteria recited in claim 8. For the reasons stated supra, the Examiner is not required to provide evidence of the obviousness of the claimed third monitoring criteria. Accordingly, Appellantsâ€™ arguments directed to the third monitoring criteria are unavailing. 11 Appeal 2015-004750 Application 11/324,648 Thus, for the reasons stated supra, we sustain the Examinerâ€™s rejections of claims 8 and 25. Claim 9 Appellants contend that the combination of Portolani and Piesco fails to teach â€œsaid second and third monitoring criteria comprise second and third rates of sampling said received data, respectively, wherein said third sampling rate is higher than said second sampling rate,â€ as recited in claim 9. Br. 20. Appellants argue that Piesco discloses various rNFOCON security levels that reflect the frequency of an attack during a 24 hour period, but Piesco is silent as to the sampling rate of data traffic. Br. 20 (citing Piesco 29-33). We agree with Appellants. We first note that as described above, the broadest reasonable interpretation of claim 9â€™s parent claim 8 does not include the claimed third monitoring level because the step of â€œmonitoring subsequently received data . . . according to a third monitoring criteriaâ€ may not occur. Hence, we consider only the Appellantsâ€™ arguments directed to the sampling rate of the second monitoring criteria, which is claimed as being lower than a third monitoring sampling rate (even though, as claimed, actual monitoring at the third monitoring sampling rate need not be performed). In a similar manner to that described above in the analysis of claim 4, the Examiner interprets Piescoâ€™s disclosure of applying additional attack signatures and hardening of firewall rules as disclosing different rates of sampling because the incoming data traffic is being applied to additional rules or filters. Ans. 5 (citing Piesco 17â€”28). However, the portions of Piesco cited by the Examiner do not describe any increase in sampling, but instead only disclose applying the same traffic data to an increased number of signatures or filters. Piesco is silent as to changing sampling rates when different INFOCON levels are reached. 12 Appeal 2015-004750 Application 11/324,648 Thus, for the reasons stated supra, we reverse the Examinerâ€™s rejection of claim 9. Claims 21 and 22 Appellants contend that the combination of Portolani, Cantrell, and Piesco fails to teach the â€œmonitor comprises a sampler for sampling the data traffic, and that the sampler is capable of being configured to sample the data traffic according to a plurality of different sampling criteria,â€ as recited in claim 21. Br. 21â€”22. Claim 22 is dependent upon claim 21. Appellants note that while Cantrell is cited, the Examiner does not identify any particular portion of Cantrell as teaching the limitations of claim 21 and argue that Cantrell discloses a multi-stage filtering process where the same traffic is subjected to multiple stages of inspection without any disclosure of different types of sampling criteria. Br. 22. Further, Appellants argue that Piesco discloses various INFOCON security levels that reflect the frequency of an attack during a 24 hour period, but is silent as to different types of sampling criteria. Br. 21â€”22 (citing Piesco Tflf 29-33). We agree with Appellants. In the Final Rejection, the Examiner found that Piescoâ€™s disclosure of the INFOCON CHARFIE level teaches the claimed sampler being configured to sample the data traffic according to a plurality of different sampling criteria. Final Act. 12 (citing Piesco 29-33). However, the portions of Piesco cited by the Examiner do not describe a sampler or the applying of different sampling criteria, but instead only disclose response measures for an imminent information warfare attack such as upgrading workstation security, disconnecting web servers, and disabling accounts. Piesco Tflf 29-33. Piesco is silent as to the use of a sampler or different sampling criteria. 13 Appeal 2015-004750 Application 11/324,648 Thus, for the reasons stated supra, we reverse the Examinerâ€™s rejections of claim 21 and claim 22 which is dependent therefrom. Claim 23 Appellants contend that the combination of Portolani and Piesco fails to teach said determining step comprises determining if the collected information is indicative of a particular one or particular ones of said plurality of different malicious threats, and if it is determined that the collected information is indicative of a particular one or ones of said plurality of different threats, said second monitoring criteria comprises restricting collection of said information to information associated with the particular one or ones of said plurality of different threats, as recited in claim 23. Br. 23. Appellants specifically assert that Piesco fails to teach the claimed restricting collection of said information to information associated with a particular one or ones of said plurality of different threats. Id. Similar to the discussion above regarding claim 8, we note that claim 23 sets forth conditional claim elements in that the â€œrestricting collection of said informationâ€ occurs only if â€œif it is determined that the collected information is indicative of a particular one or ones of said plurality of different threats.â€ Applying the precedential guidance set forth by Schulhauser, we conclude that under the broadest reasonable interpretation of claim 23, the step of restricting collection of information may never occur. Schulhauser, supra at 9. Accordingly, the Examiner is not required to provide evidence of the obviousness of the claimed subsequent restricting because under the broadest reasonable interpretation standard it is not required to be performed. 14 Appeal 2015-004750 Application 11/324,648 Accordingly, Appellantsâ€™ arguments directed to the restricting collection of information are unavailing in view of the broadest reasonable interpretation described above. Thus, for the reasons stated supra, we sustain the Examinerâ€™s rejection of claim 23. Claims 26â€”28 Appellants contend that the combination of Portolani and Piesco fails to teach â€œsaid second monitoring criteria isolates characteristics of said malicious threat,â€ as recited in claim 26 and similarly recited in claims 27 and 28. Br. 25â€”26. Appellants argue that Piesco discloses various INFOCON security levels that reflect the severity or an attack on a computer network and define particular protective actions to take in response, but none of the responses disclose isolating characteristics of a particular malicious threat. Br. 25â€”26 (citing Piesco Tflf 17â€”28). We agree with Appellants. The Final Rejection cited portions of Piesco describing the INFOCON NORMAF and INFOCON AFPHA threat levels. Final Act. 14 (citing Piesco 17â€”28). As noted above in the discussion of claim 1, we found that Piesco discloses a second monitoring criteria by disclosing an elevated INFOCON AFPHA level where all attack signatures are turned on for use. Piescoâ€™s INFOCON AFPHA level (second monitoring criteria) would identify characteristics of a malicious threat; however, claim 26 requires isolating characteristics of said malicious threat which refers to the malicious threat identified by the first monitoring criteria of claim 1. The Examiner has not established, nor do we find that Piesco discloses a second monitoring criteria that isolates characteristics of a malicious threat identified by a first monitoring criteria, but instead discloses a second monitoring criteria that ensure that all attack signatures are in use. 15 Appeal 2015-004750 Application 11/324,648 Thus, for the reasons stated supra, we reverse the Examinerâ€™s rejections of claims 26â€”28. CONCLUSION The Examiner did not err in finding that the combination of Portolani and Piesco teaches or suggests the features recited in claims 1, 12, 16, and 23. The Examiner erred in finding that the combination of Portolani and Piesco teaches the features recited in claims 4â€”6, 20-22, 24, and 26â€”28. The Examiner did not err in finding that the combination of Portolani, Piesco, and Cantrell teaches the features recited in claims 7, 8, and 25. The Examiner erred in finding that the combination of Portolani, Piesco, and Cantrell teaches the features recited in claim 9. DECISION The Examinerâ€™s decision to reject claims 1, 7, 8, 12, 16, 23, and 25 is affirmed. The Examinerâ€™s decision to reject claims 4â€”6, 9, 20â€”22, 24, and 26â€”28 is reversed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l)(iv). AFFIRMED-IN-PART 16