DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The amendments, filed on December 17, 2020, have been entered. Applicant amended claims 1 and 14, and cancelled claims 18 and 19. Claims 1-17 and 20 remain pending in the application.
Response to Arguments
Applicant’s arguments, filed on December 17, 2020, with respect to the Non-Final Office Action dated November 12, 2020, have been fully considered but they are not persuasive.  
Applicant argued “Claim 1 is amended to recite, in part: "wherein in response to the subscription request, receiving a subscription response that includes a signing key, wherein the event information includes a signature that was generated using the signing key" and "generating a second signature using the signing key received in the subscription response; comparing the second signature to the signature included with the event information to verify the event information." These amendments are supported at least by disclosure in paragraphs [0050]-[0055] and [0063] respectively. Claims 18 and 19 are cancelled. None of the cited references, alone or in combination, appear to teach these elements of amended independent claim 1. The Office Action cites Griffin paragraph [0073] as teaching the above limitation. However, Griffin teaches a subscription ID that "must be unique for a userld." Griffin recites "serviceinstanceUID is the same as that from the request." Griffin does not appear to teach "generating a second signature using the signing key received in the subscription response" or "comparing the second signature to the signature included with the event information to verify the event information" as recited in amended claim 1”.
.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-8, 11-15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin et al. (US PGPUB No. 20110040863), hereinafter, Griffin, in view of Graham et al. (US PGPUB No. 20110270763), hereinafter, Graham, and further in view of Pant et al. (US PGPUB No. 20140236792), hereinafter, Pant.
Regarding claim 1:
Griffin teaches:
(Fig. 2 show a system with service event source ([[financial institution]]) for providing service information (event). Fig 7A-7B shows the method. Paragraph 0011, lines 4-10, states “A service event source may include, for example, an e-mail server, a groupware or collaboration system, or a proprietary email or application server or service. An event may include the addition, change, update, or removal of information managed by the service event source, or groupings thereof, or changes to the service itself or user accounts therewith”. Paragraph 0046 discusses implementing the method using Push framework): 
receiving, from an aggregation provider, a discovery request that includes [[an access token]], [[the access token]] identifying a customer that has an account with the [[financial institution]] (paragraph 0127, lines 1-4, teaches event management platform (aggregation provider) sends a discovery request to the service event source after authorization as stated “At 1116, the event management platform sends a discovery request to the service event source, specifying user (or domain), service type”).
in response to the discovery request, sending, to the aggregation provider, a listing of one or more event resources, each event resource providing access to events associated with the customer's account, each event resource being associated with a unique event resource Uniform Resource Locator  URL, the listing including a first event resource that is associated with a first event resource URL , wherein the financial institution signs the event to allow the aggregation provider to verify the authenticity of the event (paragraph 127, lines4-5, teaches service event source sends instances of service type (listing of event resources) to the event management platform in response to the discovery request as stated “At 1118, the service event source receives discovery request and returns instances of service type for which notifications are available”. Paragraph 0058 and 0059 discuss various parameter of a response to a discovery request depicting service name: “inbox” (event resource) with service location “inbox\home” listed under “email” service type for a particular userID. Paragraph 0057 states “Subscription-url identifies the service event source's subscription interface”. Paragraph 0089 teaches service event source include a high water mark (sign) “a high water mark (or synchronization anchor or value) may be included in the notification message from the service event source 205” ); 
receiving, from the aggregation provider via the first event resource URL, a subscription request that requests a subscription to the first event resource, the subscription request specifying a unique callback URL and one or more types of events that the aggregation provider desires to receive via the first event resource (paragraph 0129 teaches event management platform sends a subscription request to the service event source as stated “At 1126, the event management platform sends a subscription request to the service event source, specifying subscription channel. At 1128, the service event source receives the subscription request”. Paragraph 0068 depicts various parameter of the subscription request including notifyUrl (callback URL). Paragraph 0070, lines 4-6, states “notifyURL (optional) is the call back URL used by the service event source to send back Push notifications”),
in response to an occurrence of an event that matches the one or more types of events specified in the subscription request, sending, to the aggregation provider via the callback URL, event information describing the event (paragraph 0131 teaches service event source sends a notification in response to the event occurrence. Paragraph 0077, lines 8-9 teaches such notification pushed via the notifyUrl as stated “in a Push model, the service event source should start sending notification events to the designated notifyURL”. Paragraph 0087,lines 1-4, states “The notification request is sent to the event management platform (such as 120 of FIG. 1 or 220 of FIG. 2) whenever a subscribed event occurs on a user's account for the associated service instance.”).
Griffin does not teach a financial institution, [[for providing]] financial [[events using a push framework]]. 
(Paragraph 0383, lines 1-4, states “the ECS 10 can provide a push data agent 922 that can allow a message provider such as a bank to push data to the ECS 10”. Paragraph 0385, lines 2-4, states “the bank may wish to send a notification to a particular user, such as an overdraft notification.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin to incorporate the teaching of Graham about bank and overdraft notification. One would be motivated to modify service event source to include bank and events to include overdraft since vast majority of consumer’s deals with financial institution and such e-notification of financial events are cost effective (see paragraph 0006 of Graham).
Griffin, in view of Graham, teaches financial institution (as shown above).
Griffin does not explicitly teach receiving, [[from an aggregation provider, a discovery request that includes]] an access token, the access token identifying a customer that has an account with [[the financial institution]] (Paragraph 0126 teaches the event management platform receives authorization results prior to send the discovery request. Paragraph 0051 teaches such authorization process can include token based authentication as stated “other authentication methods may be used, such as MD5, digest, token based authentication”. Griffin does not explicitly mention the discovery request includes access token identifying a customer that has an account).
In the same field of endeavor, Pant teaches request that includes an access token, the access token identifying a customer that has an account with the financial institution (paragraph 0041, lines 1-4, states “the access token is configured to allow the system to access and obtain financial data from the financial account associated with the financial institution for a specified time period”. Paragraph 0042, lines 1-3, states “The system stores the access token for use in accessing and aggregating financial data describing the financial account”).
(see paragraph 0004, lines 9-12, of Pant).
Griffin does not explicitly teach wherein in response to the subscription request, receiving a subscription response that includes a signing key, wherein the event information includes a signature that was generated using the signing key; generating a second signature using the signing key received in the subscription response; comparing the second signature to the signature included with the event information to verify the event information; 
Graham teaches wherein in response to the subscription request, receiving a subscription response that includes a signing key, wherein the event information includes a signature that was generated using the signing key; generating a second signature using the signing key received in the subscription response; comparing the second signature to the signature included with the event information to verify the event information  (paragraph 0277, lines 6-17, of  teaches “This method could include, but is not limited to, applying a cryptographic hash function to the data and attaching the resulting hash to the financial document or record or other data. Each user issuing financial documents and/or records would be issued a digital signing certificate, encrypted using a private encryption key and verified by a certificate authority. The recipient of a financial document and/or record or other data with such a cryptographic hash attached would use a public encryption key provided by the originating user to verify the validity and originality of the data”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin to incorporate the teaching of Graham about hash-key based (paragraph 0277, lines 1-6, of Graham).
As to claim 2, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
Griffin does not teach wherein the account is one of a checking, savings, credit card, or investment account.
 In the same field of endeavor, Graham teaches wherein the account is one of a checking, savings, credit card, or investment account (paragraph 13, lines 7-9, teaches a bank or credit card account states “For instance, a bank, a cell phone service provider, a credit card company, a loan company and a power company are few examples of businesses that can maintain accounts for the user”. Paragraph 0184 teaches various accounts. Paragraph 0355 states “For instance, the user may be able to specify that the ECS 10 can retrieve data from a checking portion of the account but not the saving portion of the bank account specified by the user.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin to incorporate a checking account. One would be motivated to modify service event source to include bank and events to include overdraft since vast majority of consumer’s deals with financial institution and such e-notification of financial events are cost effective (see paragraph 0006 of Graham).
As to claim 3, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin further teaches wherein the first event resource provides access to one of account events, transaction events, or profile events (see at least paragraph 0011, 0015).
As to claim 4, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
Griffin further teaches wherein the first event resource provides access to account events, and the one or more types of events include one or more of a current state event that defines a current state of the account, a created event that defines the creation of the account, an updated event that defines an update to the account, or an overdrawn event that defines that the account is overdrawn (Paragraph 0011 states “An event may include the addition, change, update, or removal of information managed by the service event source, or groupings thereof, or changes to the service itself or user accounts therewith”).
As to claim 5, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin further teaches wherein the first event resource provides access to transaction events, and the one or more types of events includes one or more of a created event that defines that a transaction was created within the account, an updated event that defines that a transaction was updated within the account, or a deleted event that defines that a transaction was deleted within the account (Paragraph 0011 states “An event may include the addition, change, update, or removal of information managed by the service event source, or groupings thereof, or changes to the service itself or user accounts therewith”).
As to claim 6, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin further teaches wherein the first event resource provides access to profile events, and the one or more types of events include one or more of a current state event that defines a current state of a profile associated with the account or an updated event that defines an update to the profile associated with the account (Paragraph 0011 states “An event may include the addition, change, update, or removal of information managed by the service event source, or groupings thereof, or changes to the service itself or user accounts therewith”).
As to claim 7, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin further teaches wherein the one or more types of events comprise a subset of all types of events that are accessible via the first event resource (Paragraph 0011 teaches events can include grouping of other events as stated “An event may include the addition, change, update, or removal of information managed by the service event source, or groupings thereof, or changes to the service itself or user accounts therewith”).
As to claim 8, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin further teaches further comprising: in response to the subscription request, sending, to the aggregation provider, a subscription response that includes a subscription URL that is uniquely associated with the subscription (paragraph 0072 depicts a response to a subscription request including subscription domain name).
As to claim 11, the rejection of claims 1 and 8 are incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claims 1 and 8 as shown above.
 Griffin further teaches further comprising: receiving, from the aggregation provider via the subscription URL, an unsubscribe request; and unsubscribing the aggregation provider from the first event resource (see at least paragraph 0096).
As to claim 12, the rejection of claims 1 and 8 are incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claims 1 and 8 as shown above.
(see at least paragraph 0100).
As to claim 13, the rejection of claim 1 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 1 as shown above.
 Griffin, in view of Graham, teaches further comprising: in response to the subscription request, sending, to the aggregation provider, a subscription response that includes a signing key to be used in verifying event information received at the callback URL ( see claim 1 rejection as shown above ).
Regarding claim 14:
	Claim 14 recites similar limitations as claim 1. Accordingly, it is rejected under similar rationale.
Claim 15 recites similar limitations as claim 8. Accordingly, it is rejected under similar rationale.
As to claim 20, the rejection of claim 14 is incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claim 14 as shown above.
 Griffin further teaches wherein the event information defines the type of the event (paragraph 0091 depicts event information in notification including event type).
Claims  9, 10, 16, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin, in view of Graham, and further in view of Seshadri et al. (US PG-PUB No 20040068481), hereinafter, Seshadri .
As to claim 9, the rejection of claims 1 and 8 are incorporate. Griffin, in view of Graham and Pant, teaches all the limitations of claims 1 and 8 as shown above.
Griffin does not teach [[further comprising: receiving, from the aggregation provider via the subscription URL]], a subscription update request [[that includes the access token and]] one or more updates to be made to [[the subscription]].
(paragraph 0037 states “subscriptions 124 can be dynamically adjusted based upon explicit commands from the user, inferred from contextual user states, and/or based upon incentives or other factors directed to the user”.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin to incorporate the teaching of Seshadri to incorporate steps to update a subscription to change the nofifyURL. One would be motivated to include one or more notifyURL to enable accessing notification based on the accessibility and capability of devices (see paragraph 0041 and 0153 of Seshadri).
As to claim 10, the rejection of claims 1, 8, and 9 are incorporate. Griffin, in view of Graham and Seshadri, teaches all the limitations of claims 1, 8, and 9 as shown above.
 Griffin does not teach wherein the one or more updates includes one or more of a different [[callback URL to which future event information describing events is to be sent, or one or more types of events that the aggregation provider desires to receive via the first event resource]].
In the same field of endeavor, Seshadri teaches wherein the one or more updates includes one or more of a different callback URL to which future event information describing events is to be sent, or one or more types of events that the aggregation provider desires to receive via the first event resource (paragraph 0037 states “subscriptions 124 can be dynamically adjusted based upon explicit commands from the user, inferred from contextual user states, and/or based upon incentives or other factors directed to the user”. Paragraph 0041 further teaches altering ways of notification received).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin to incorporate the teaching of Seshadri to incorporate steps to update a subscription to change the nofifyURL. One would be motivated to include one or more (see paragraph 0041 and 0153 of Seshadri).
Claim 16 recites similar limitations as claims 9, 11, and 12. Accordingly, it is rejected under similar rationale.
Claim 17 recites similar limitations as claim 10. Accordingly, it is rejected under similar rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Title: “HMAC: Keyed-Hashing for Message Authentication”; Author: Krawczyk et al.;
An online NPL publication with publication date February 1997; URL: https://tools.ietf.org/html/rfc2104 .

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAMAL HOSSAIN whose telephone number is (571)270-3070.  The examiner can normally be reached on 8:30-5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on (571)272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




	March 2, 2021

/KAMAL HOSSAIN/Examiner, Art Unit 2457                                                                                                                                                                                                        

/RAMY M OSMAN/Primary Examiner, Art Unit 2457