DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is response to communication:  response to original application filed on 07/13/2020.
Claims 1-20 are currently pending in this application.  
The IDS filed on 11/05/2020 has been accepted.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 6, 7, 13, 19, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As per claims 6, 7, 13, 19, and 20, the claims recite a “Javascript Object Notation Web Token.”  Javascript is a trademark, which is a term of goodwill.  This term is a proprietary term, and it is unclear how this term limits the claim in regards to its utility. 
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims  1-5, 8-12, and 14-18 are rejected under 35 U.S.C. 103 as being obvious over Shnitko et al. US Patent Application Publication 2018/0077222 (Shnitko)
As per claim 1, Shnitko teaches a computer-implemented method for delivery restricted access resources hosted on an origin server using a content delivery network comprising a plurality of CDN servers, the method comprising: receiving, by a CDN server from a client, a request for a restricted-access resource hosted on the origin server, wherein the request comprises a resource identifier of the restricted-access resource and an authentication token (paragarphs 39-40 with client device sending request for content asset; request includes cdn url, which points to conent and provides cdn with token); performing a delivery step comprising: creating, by the CDN server, a composite cache key comprising the resource identifier and at least part of the authentication token (paragraph 40 with authorization and source url; these url include asset identifier and key which were included from the request/cdn 

As per claim 2, Shnitko teaches further comprising verifying, by the CDN server, the validity of the authentication token after receiving the request, and wherein the delivery step is only performed if the authentication token is valid (Shnitko paragraphs 41, 59, 60, Figure 6, and throughout, with transmitting client to content only if client is authorized by verifying authorization url).
As per claim 3, Shnitko teaches generating, by the origin server, the authentication token and sending the authentication token to the client; and wherein verifying the vaidity of the authentication token comprises retrieving, by the CDN server, verification data from the origin server (obvious over Shnitko; see paragraphs 34-39 wherein the token is generated, 
As per claim 4, it would have been obvious over Shnitko to store, by the CDN server, the verification data (pragarph 39 wherein CDN access token and determines whether client is authorized to access based on token, which includes key, expiration, etc).
As per claim 5, it would have been obvious over Shnitko wherein the request is an hypertext transfer protocol request comprising a body and the composite cache key further comprises the body (paragraph 40 wherein the request is a URL; see paragraph 32 wherein URL set identifies protocols such as http or https; see paragraph 39 and 40  wherein url inlcues identifier, key/ expiration, etc).
 Claim 8 is rejected using the same basis of arguments used to reject claim 1 above. 
Claim 9 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 10 is rejected using the same basis of arguments used to reject claim 3 above. 
Claim 11 is rejected using the same basis of arguments used to reject claim 4 above. 
Claim 12 is rejected using the same basis of arguments used to reject claim 5 above. 
Claim 14 is rejected using the same basis of arguments used to reject claim 1 above. 
Claim 15 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 16 is rejected using the same basis of arguments used to reject claim 3 above. 
Claim 17 is rejected using the same basis of arguments used to reject claim 4 above. 
Claim 18 is rejected using the same basis of arguments used to reject claim 5 above. 


Claims  6, 7, 13, 19, and 20 are rejected under 35 U.S.C. 103 as being obvious over the Shnitko combination as applied above, in view of Lores et al. US Patent Application publication 2019/0306157 (Lores).
As per claim 6, as best understood by the Examiner, Shnitko does not explicitly teach wherein the authetnicaiton token is a JWT comprising one or more JWT claims and the only part of the authentication token comprised in the composite cache key is a subset of the one or more JWT claims.  However, utilizing JWT authentication with JWT caches is well known in the art.  FOr example, see Lores (paragraph 43 with authenticating with JWT found in JWT cache).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shnitko with Lores.  One of ordinary skill in the art would have been motivated to perform such an addition to increase security by reducing the authentication overhead (paragraph 20 of Lores).
As per claim 7, it would have been obvious over the Shnitko combination further comprising hashing the body and/or the subset of the one or more JWT claims (Lores paragraph 32-33 wherein JWT hashes may be utilized; also obvious over Shnitko, as seen in paragraphs 38-40, 46, and throughout wherein hash values may be used for authentication)
Claim 13 is rejected using the same basis of arguments used to reject claim 6 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 6 above.
Claim 20 is rejected using the same basis of arguments used to reject claim 7 above.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495