Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This action is in response to the claims filed on 9/22/2020. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

All claims are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
All claims are directed to a system, method, or product, which are/is one of the statutory categories of invention.  (Step 1: YES).
The Examiner has identified independent method Claim 48 (herein called the Primary Independent Claim) as the claim that represents the claimed invention for analysis and is similar to independent system Claim 37 and product Claim 59 (herein called Additional Independent Claims).  Independent claims recites the limitations of: 
“obtaining, from the user device, respective answers for the one or more challenge questions, storing the one or more challenge questions and their respective answers, receiving an authorization from the user device to aggregate data from the plurality of accounts,  in response to receiving the authorization to aggregate data, providing the login information to the respective institution server system,  in response to providing the login information, receiving, from the respective institution server system, data identifying the one or more challenge questions, 
These limitations, under their broadest reasonable interpretation, cover performance of the limitation as “Certain Methods of Organizing Human Activity”.  “obtaining respective answers for the one or more challenge questions and in response obtaining from the institution server system data from an account” recites a commercial or legal interactions.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a commercial or legal interactions, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.  
The limitations of “from the user device, the respective institution server system, an aggregator server system” in the Primary Independent Claim is just applying generic computer components to the recited abstract limitations.  The recitation of generic computer components in a claim does not necessarily preclude that claim from reciting an abstract idea. The Additional Independent Claims are also abstract for similar reasons. (Step 2A-Prong 1: YES. The claims recite an abstract idea)
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of:  “identifying one or more challenge questions” The computer hardware/software is/are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware and software per se amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  See MPEP 2106.05(f) where applying a computer as a tool is not indicative of significantly more as well as MPEP 2106.05(d).  Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination.  Thus, all independent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)  
Dependent claims further define the abstract idea that is present in their respective independent claims, and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above.  The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, all the claims are not patent-eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims listed below in this section are rejected under 35 U.S.C. 103(a) as being unpatentable over Fischer (U.S. Patent Pub 2012/0179558) in view of Kelley (U.S. Patent Pub 2014/0380444) in further view of Connors (U.S. Patent Pub 2010/0138316)
Re claim 37 & 48 & 59: Fisher discloses: 
A computer-implemented method comprising: receiving, by an aggregator server system and from a user device, a request to include data in an interface, wherein the data is stored in a plurality of accounts and wherein each respective account of the plurality of accounts 1s stored at a different respective institution server system associated with a different respective institution  (see Fisher Figure 13)
A system comprising: a user device; a plurality of institution server systems, wherein each institution server system corresponds to a respective different institution, each institution server system stores a plurality of accounts for a plurality of users, and each institution server system is configured to require login information and to issue one or more challenge question and compare one or more received answers to one or more stored answers for a respective account to permit access to data in the respective account; and  (see Fisher Figure 13): 
an aggregator server system configured to perform operations comprising (see Fisher Figure 13):

for each respective account of the plurality of accounts, 
obtaining login information from the user device for accessing the respective account (see Fisher, Figure 2 item 201)
providing the login information to the respective institution server system corresponding to the respective institution associated with the respective account (see Fisher, Figure 2 item 201 + figure 10-13)
in response to providing the login information, receiving, from the respective institution server system , data identifying one or more challenge questions (see Fisher, Figure 2 item 204 + paragraph 0037-0039)
obtaining, from the user device, respective answers for the one or more challenge questions (see Fisher, Figure 2 item 204 + paragraph 0037-0039)
storing the one or more challenge questions and their respective answers,  (see Fisher, Figure 13 + Figure 2 item 204 + paragraph 0037-0039)
receiving an authorization from the user device to aggregate data from the plurality of accounts (see Fisher, paragraph 0035 “can link to multiple accounts and multiple account types.”  Figure 13 + Figure 2)
in response to receiving the authorization to aggregate data, providing the login information to the respective institution server system,  (see Fisher, Figure 2 item 201 + figure 10-13)

providing, to the respective institution server system, the respective answers to the one or more challenge questions, (see Fisher, Figure 2 item 204 + paragraph 0037-0039)
in response to providing the respective answers, obtaining, from the respective institution server system, data describing the respective account, and (see Fisher, Figure 7, Figure 2 + figure 10-13)
aggregating the obtained data for use in describing the respective account in the interface. (see Fisher, Figure 7, Figure 2 + figure 10-13)

While examiner believes, Fisher teaches the features of applicant, should the limitations be argued and for the sake of compact prosecution additional reference, Kelley additionally teaches the limitations of the applicant. 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Fisher by adapting any features of Kelley 
It is clear that one would be motivated to combine prior art elements according to know methods to yield predictable results. Specifically both Fisher and Kelley both relate to same subject area of challenge questions for access to financial data. 
Specifically challenge questions taught in Kelley Figure 2 and Connors 

Although Fischer in view of Kelley does not explicitly have the term aggregation (Fischer Figure 8 shows two banks that are aggregated & paragraph 0035 “can link to multiple 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Fischer in view of Kelley by adapting aggregation of Connors.
It is clear that one would be motivated to combine prior art elements according to know methods to yield predictable results. Specifically both Fischer and Connors both relate to same subject area of security for financial transactions.  
Re claim 38 & 49 & 60: see claims above +
wherein obtaining, from the user device, the respective answers for the one or more challenge questions comprises:  presenting, to the user device, an interface that identifies the one or more challenge questions; and receiving, from the user device, respective answers to the one or more challenge questions. (see Fisher, Figure 2 item 204 + paragraph 0037-0039)
Re claim 39 & 50 & 61: see claims above +
wherein obtaining login information from the user device for accessing the respective account comprises:  presenting, to the user device, an interface requesting login credentials; and receiving, from the user device, the login credentials.  (see Fisher, Figure 2 item 204 + paragraph 0037-0039)
Re claim 40 & 51 & 62: see claims above +
wherein the one or more challenge questions includes a request for entering a one-time password that was transmitted to the user device from the respective institution server system 
Re claim 41 & 52 & 63: see claims above +
wherein the operations further comprise, for each respective account of the plurality of accounts: obtaining data identifying a web cookie, wherein the web cookie identifies the aggregator server system to the respective institution server system corresponding to the respective institution associated with the respective account, and the web cookie was provided to the aggregator server system from the respective institution server system upon providing the login information; storing the data identifying the web cookie; and using the data identifying the web cookie to aggregate data for the respective account.  (see Fisher paragraph 0007 + Figure 13)
Re claim 42 & 53 & 64: see claims above +
wherein the web cookie is configured to bypass one or more security challenges presented by the respective institution server system (see Fisher Figure 14 show different levels of security + paragraph 0007 + Figure 13)
 Re claim 43 & 54 & 65: see claims above +
wherein the one or more security challenges include MFA-based challenges, CAPTCHA images, and hard device tokens.  (see Fisher paragraph 0038 + Figure 2 + 13)
Re claim 44 & 55 & 66: see claims above +
Wherein the operations further comprise, for each respective account of the plurality of accounts:  providing, to the respective institution server system corresponding to the respective institution associated with the respective account, the login information and the data identifying the web cookie; in response to providing the login information and the data identifying the web 
Re claim 45 & 56 & 67: see claims above +
wherein the one or more challenge questions have respective answers that were previously provided by the user to the respective institution server system corresponding to the respective institution associated with the respective account.  (see Fisher, Figure 10-13 + Figure 2 item 204 + paragraph 0037-0039 + Connor paragraph 005-008)
Re claim 46 & 57 & 68: see claims above + 
wherein at least one of the challenge questions have a respective answer that was generated by the respective institution server system corresponding to the respective institution associated with the respective account, and wherein the respective answer was provided by the user using the user device through an interface provided by the aggregator server system.  (see Fisher, Figure 10-13 + Figure 2 item 204 + paragraph 0037-0039 + Connor paragraph 005-008)
Re claim 47 & 58 & 69: see claims above +
wherein the operations further comprise, for each respective account of the plurality of accounts:  obtaining, from the respective institution server system corresponding to the respective institution associated with the respective account and from a web page associated with the respective account, data describing 1) one or more second challenge questions that were not presented by the respective institution server system and ii) respective answers to the one or more second challenge questions;  storing the one or more second challenge questions and their respective answers; and  using the one or more second challenge questions and their respective 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
FLESHMAN et al.., U.S. Patent Pub US 2011/0125644 A1, discloses method with security for transferring funds from a payer to payee. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kirsten Apple whose telephone number is (571)272-5588.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson can be reached on (571) 270-0508.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 

/KIRSTEN S APPLE/            Primary Examiner, Art Unit 3698