PERSONA PROFILE AND PROBE REFINER WITH DISTRIBUTED HYBRID MULTI-CLOUD OBSERVABILITY ASSURANCE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on November 11/18/2022 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Specification The specification submitted on 11/18/2022 has been acknowledged by the examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 20190327237 A1 –hereinafter—"Bar”) in view of Gong et al. (US 20240135279 A1 –hereinafter –"Gong”). As per claim 1, Bar discloses a computer-implemented method, comprising operations for: creating a persona profile, ([0038] persona models generator 260, [0046] persona models generator 260 may determine interpretive data from received user data utilized by components or subcomponents of system 200 to interpret user data. For example, interpretive data can be used to provide context to user data, which can support determinations or inferences made by the components or subcomponents, for instance, statistical ratios of feature values or relative features used for determining locations (or venues), networks, or activity patterns frequently associated with a user); wherein the persona profile is associated with a persona ([0062] persona models generator 260 is generally responsible for generating (or updating) a persona model corresponding to a legitimate user. A persona model comprises a set of information about a legitimate user (or users) that may be used to determine a confidence value about the legitimacy of a current user by comparing user-related activity of the current user against information in the persona model. A persona model generated or updated by persona models generator 260 may be stored in (or accessed from, in the case of updating or utilizing the persona model) a user profile associated with the legitimate user, such as user persona model(s) component 244 of user profile 240), and comprises a configuration that identifies data to be retrieved for the persona ([0040] user-data collection component 210 is generally responsible for accessing or receiving (and in some cases also identifying) user data from one or more data sources, such as data sources 104a and 104b through 104n of FIG. 1. The user-data collection component 210 may be utilized to facilitate the accumulation of user data of a particular user (or in some cases, a plurality of users including crowd-sourced data) for user-related activity monitor 280, persona models generator 260, or authenticity verification 290. The data may be received (or accessed), and optionally accumulated, reformatted and/or combined, by data collection component 210 and stored in one or more data stores such as storage 225, where it may be available to other components of system 200. The user data may be stored in or associated with a user profile 240. [0064] Persona models generator 260 may run on a server, as a distributed application across multiple devices, or in the cloud. At a high level, persona models generator 260 receives information related to a legitimate, which may include user user-activity-related information and/or contextual (or other related) information for the legitimate user, which may be provided from user-related activity monitor 280, user-data collection component 210, or user-activity logs from client-side applications or services associated with user-related activity monitor 280. The information related to a legitimate is determined to be related to a legitimate user when the information is derived, generated, detected, or otherwise determined while the authenticity score indicates a likelihood that the current user is legitimate. Legitimate user-related information also may be provided by a system administrator associated with the legitimate user; for instance, business rules, corporate passwords or other credentials, or other policies (e.g., information indicating that in order to be considered “legitimate” the user must be using an authorized communication network, such as a corporate internet connection or VPN, or a specific IP address or range); identifying a probe for the persona profile ([0043] User-related activity monitor 280 is generally responsible for monitoring user data for information that may be used for determining user-related activity information, which may include identifying and/or tracking features (sometimes referred to herein as “variables”) or other information regarding specific user activity and related contextual information. Embodiments of user-related activity monitor 280 may determine, from the monitored user data, user activity, and related information, associated with a particular user.. [0044] Information determined by user-related activity monitor 280 may be provided to persona models generator 260 including information regarding the context and historical observations. Some embodiments may also provide user-related activity information, such as user-related activity associated with a current user (current user activity), to authenticity verification 270. The user activity features may be determined by monitoring user data received from user-data collection component 210. The user data and/or information about the user-related activity determined from the user data is stored in a user profile, such as user profile 240. [0045] User-related activity monitor 280 comprises one or more applications or services that analyze information detected via one or more user devices used by the user and/or cloud-based services associated with the user, to determine activity information and related contextual information. Information about user devices associated with a user may be determined from the user data made available via user-data collection component 210, and maybe provided to user-related activity monitor 280, persona models generator 270, authenticity verification 290, or other components of system 200); deploying the persona profile and the probe to one or more cloud environments of a hybrid multi-cloud environment to generate probe data ([0043] As described previously, the user-related activity information determined by user activity monitor 280 may include user activity information from multiple user devices associated with the user and/or from cloud-based services associated with the user (such as email, calendars, social-media, or similar information sources), and which may include contextual information associated with the identified user activity, such as location, networks detected, proximity to other users, or other contextual information as described herein. User-related activity monitor 280 may determine current or near-real-time user activity information and may also determine historical user activity information, in some embodiments, which may be determined based on gathering observations of user activity over time, accessing user logs of past activity (such as browsing history, for example). User-related activity monitor 280 may determine user-related activity (which may include historical activity) from other users associated with particular user (i.e. crowdsourcing), as described previously. [0083] System 200, example authenticity verification 290 comprises an authenticity score determiner 292, security challenge generator 294, and security challenge evaluator 296. Authenticity score determiner 292 is generally responsible for computing an authenticity score for a current user. As used herein the term “current user” may refer to a human user, who may be currently engaged in a user session with a user device associated with the legitimate user or with an application or service associated with the legitimate user (such as email or a cloud-based service), either in person (i.e., the current user has physical control over the user device) or via remote access to the user device (or cloud-based application or service.) “Current user” also may refer to non-human conducted activity occurring on a user device or cloud-based application or service associated with the legitimate user, such as malicious activity carried out automatically by malware, adware, spyware, or other process carried out without consent by the legitimate user. User-related activity information from a current user may be monitored by user-related activity monitor 280 and stored in contemporary user session data 241, as part of a user profile 240); verifying the probe data to determine whether the data to be retrieved for the persona has been retrieved and to generate verification data ([0050] User-related activity detector 282, in general, is responsible for determining (or identifying) a user action or activity event has occurred. Embodiments of activity-related detector 282 may be used for determining current user activity or one or more historical user actions. The activity detector 282 may monitor user data for activity-related features or variables corresponding to user activity such as indications of applications launched or accessed, files accessed, modified, copied, etc., websites navigated to, online content downloaded and rendered or played, or similar user activities, as well as related features, which may be contextual, such as location or environmental features (e.g., communication networks, acoustic information, time of day, duration, proximity of other users, such as users who are contacts, proximity of or user activity on other user devices associated with the user, or other detectable features related to user activity. [0051] The user-related activity detector 282 extract from the user data information about user activity, which may include current user activity, historical user activity, and/or related information such as contextual information. In addition, the contextual information extractor 284 determines and extracts contextual information. Similarly, in some embodiments, activity features determiner 286 extract information about user activity, such user activity related features, based on an identification of the activity determined by user-related activity detector 282. Examples of extracted user-related activity information may include, without limitation, location(s), date or time, app usage, online activity, searches, calls, usage duration, application data (e.g. emails, messages, posts, user status, notifications, etc.), audio or visual information (which may be detected by a microphone, camera, or similar sensor on or associated with a user device) or nearly any other data related to user interactions with the user device or user activity via a user device that may be detected or determined. Among other components of system 200, the extracted user activity information determined by user-related activity detector 282may be provided to other subcomponents of user-related activity monitor 280, persona models generator 260, or authenticity verification 290. Further, the extracted user-related activity may be stored as part of one or more user persona models associated with the user, such as in user persona models component 244 of user profile 240. In some embodiments, user-related activity detector 282 or user-related activity monitor 280 (or its other sub components) performs conflation on the detected user-related activity information. For example, overlapping information may be merged and duplicated or redundant information eliminated); analyzing the verification data to generate one or more recommendations to refine at least one of the persona profile and the probe ([0060] Semantic information analyzer 262 is generally responsible for determining semantic information associated with the activity features identified by user-related activity monitor 280. For example, while a user-activity feature may indicate a specific website visited by the user, semantic analysis may determine the category of website, related websites, themes or topics or other entities associated with the website or user activity. Semantic information analyzer 262 may determine additional activity features semantically related to the user activity, which may be used for identifying user-related activity patterns. [0069] Semantic information analyzer 262 is generally responsible for determining semantic information associated with the activity features identified by user-related activity monitor 280. For example, while a user-activity feature may indicate a specific website visited by the user, semantic analysis may determine the category of website, related websites, themes or topics or other entities associated with the website or user activity. Semantic information analyzer 262 may determine additional activity features semantically related to the user activity, which may be used for identifying user-related activity patterns. [0070] A semantic analysis may be performed on the user-related activity information, which may include the contextual information, to characterize aspects of the user action or activity event. For example, in some embodiments, activity features associated with an activity event may be classified or categorized (such as by type, timeframe or location, work-related, home-related, themes, related entities, other user(s) (such as communication to or from another user) and/or relation of the other user to the user (e g family member, close friend, work acquaintance, boss, or the like), or other categories), or related features may be identified for use in determining a similarity or relational proximity to other user activity events, which may indicate a pattern. In some embodiments, semantic information analyzer 262 may utilize a semantic knowledge representation, such as a relational knowledge graph. Semantic information analyzer 262 may also utilize semantic analysis logic, including rules, conditions, or associations to determine semantic information related to the user activity. For example, a user activity event comprising an email sent to someone who works with the user may be characterized as a work-related activity. Thus where the user emails some person she works with every Sunday night, but not necessarily the same person, a pattern may be determined (using activity pattern determiner 266) that the user performs work-related activities every Sunday night. Accordingly, a persona model associated with the legitimate user may be determined to indicate this pattern. [0071] Semantic information analyzer 262 may also be used to characterize contextual information associated with the user activity event, such as determining that a location associated with the activity corresponds to a hub or venue of interest to the user (such as the user's home, work, gym, or the like) based on frequency of user visits. For example, the user's home hub may be determined (using semantic analysis logic) to be the location where the user spends most of her time between 8 PM and 6 AM.) Similarly, the semantic analysis may determine time of day that correspond to working hours, lunch time, commute time, etc. Similarly, the semantic analysis may categorize the activity as being associated with work or home, based on other characteristics of the activity (e.g. a batch of online searches about chi-squared distribution that occurs during working hours at a location corresponding to the user's office may be determined to be work-related activity, whereas streaming a movie on Friday night at a location corresponding to the user's home may be determined to be home-related activity). In this way, the semantic analysis provided by semantic information analyzer 262 may provide other relevant features of the user activity events that may be used for determining user-related activity patterns. For example, where the user activity comprises visiting CNN.com over lunch and the semantic analysis determines that the user visited a news-related website over lunch, a pattern of user activity may be determined indicating that the user routinely visits news-related websites over lunch, even though the user may only visit CNN.com occasionally). Bar does not explicitly disclose refining at least one of the persona profile and the probe based on the one or more recommendations. Gong, in analogous art however, discloses refining at least one of the persona profile and the probe based on the one or more recommendations ([0024] An identity detection and task recommendation (ADAR) service 120 applies machine learning (ML) to user data and enterprise network data to determine the identity of the user. The ADAR service 120 learns the identity of the user (persona(s) and role(s)) to generate customized, user-specific task recommendations. [0025] A task recommendation includes one or more tasks to be performed for configuring the enterprise network. Each task includes one or more operations executed within a predetermined time interval. Task recommendations are specifically tailored to the user's job or role in managing equipment and software of the enterprise network. The ADAR service 120 generates a list of tasks for the user to perform using the cloud portal 100. The tasks may be performed by the ADAR service 120 itself or by the ADAR service 120 and the cloud portal 100 such as changing a configuration of a particular asset, updating software asset to a newer version, etc. The user is then notified that these automated tasks were performed. [0030] Specifically, the ADAR service 120 analyzes a plurality of data sources to pair numerous data sources with user-defined role information. The ADAR service 120 applies machine learning (ML) to available information about the user and their enterprise to understand the context/the identity of the user (the user's persona, role, enterprise, etc.). The ADAR service 120 then generates user-specific task recommendations that are customized to the unique identity of the user within the enterprise. [0032] The ADAR service 120 is a ML-based system that provides identity detection to further enhance task recommendations and maximize utilization of the cloud portal 100, for example. The ADAR service 120 detects user personas, further breaks down personas into different roles, and combines use patterns and current state of the enterprise network (networking environment) to customize recommended tasks specific to each user and user's job. [0046] The deep recommendation engine 340 uses the correlation information between the embedded tasks 314a-h and the data vectors 328a-g in the user-task matrix 330 to generate a list of sorted jobs (e.g., in a form of the recommended task list 344) for the identified user. Moreover, the deep recommendation engine 340 may use ML clustering-based model to identify user personas 202a-m of FIG. 2 and roles 204a-k of FIG. 2 of each persona. [0066] The techniques presented above with respect to FIGS. 4-6, illustrate generating different embeddings or the data vectors 328a-g of FIG. 3. The ADAR service 120 uses the data vectors 328a-g to learn the user's persona(s) and/or role(s). By determining the identity of the user, the ADAR service 120 generates customized and user-specific predictions of the user's daily behaviors. The ADAR service 120 thus generates user-tailored task recommendations that may involve various components of the cloud portal 100. Different components/functionalities of the cloud portal 100 are recommended to the users depending on their different daily duties. By embedding various information sources such as, but not limited to, the user profile, network information reflecting user's network security and static status, and user's daily usage habits (shown by historical clicks data), the ADAR service 120 learns user characteristics (persona(s) and role(s)) for generating customized task recommendations). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the persona profile and the probe disclosed by Bar to include refining at least one of the persona profile and the probe based on the one or more recommendations. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a task recommendation system that generates customized task recommendations based on applying machine learning to multiple data sources to determine the identity of a user, the task recommendation based on the identity of the user, where the task recommendation includes one or more tasks having a plurality of operations that are to be performed within a predetermined time interval for performing one or more actions associated with configuring the enterprise network as suggested by Gong in ([0014-0015]). As per claim 2, Bar in view of Gong discloses the computer-implemented method of claim 1, wherein the persona is one of: role-based, operations-based, and custom (Gong [0068] Specifically, based on the identity of the user, the customized task recommendation 700 involves different types of tasks (i.e., tasks specific to the user's identity). A task involves different operations performed by the user within a predetermined time interval. An operation is one or more clicks on a component of a system. [0069] For example, the ADAR service 120 determined the identity of the user to be a hybrid of the operator 202b and the planner 202e of FIG. 2. Accordingly, the customized task recommendation 700 involves a plurality of tasks includes (1) a security assessment task 702a, (2) an asset purchase task 702b, and (3) a monitoring task 702d). As per claim 3, Bar in view of Gong discloses the computer-implemented method of claim 1, wherein the analyzing further comprises using a machine learning model (Gong [0041] The data sources 320 are embedded to form data vectors 328a-g. For example, the user clicks history 322 is time-series data that is embedded using recurrent neural network (RNN). The user profiles 324 and the device states 326 are embedded using deep machine learning models. The data vectors 328a-g are added to the user-task matrix 330). As per claim 4, Bar in view of Gong discloses the computer-implemented method of claim 1, further comprising operations for: storing the persona profile in a version control system; and ingesting the persona profile (Gong [0025] A task recommendation includes one or more tasks to be performed for configuring the enterprise network. Each task includes one or more operations executed within a predetermined time interval. Task recommendations are specifically tailored to the user's job or role in managing equipment and software of the enterprise network. For example, the ADAR service 120 generates a list of tasks for the user to perform using the cloud portal 100. In one example, at least some of the tasks may be performed by the ADAR service 120 itself or by the ADAR service 120 and the cloud portal 100 such as changing a configuration of a particular asset, updating software asset to a newer version, etc. The user is then notified that these automated tasks were performed. [0073] As yet another example, the user indicated that his role is network developer when onboarding the cloud portal 100 (in the user profile, for example). However, the ADAR service 120 detects that, in addition to the day-to-day network development work, the user's actions involve handling opened cases and risk insights related to the current security state of the enterprise network. The ADAR service 120 thus determines that the user is a hybrid of the developer 202m of FIG. 2 and the operator 202b of FIG. 2 (with the network role 204a and the security role 204b). The ADAR service 120 then generates the customized task recommendation 700 that includes tasks linked to the risk score, software version verification, solutions of current security advisories, and security vulnerability-related notices to guarantee that the enterprise network operates securely and stably. As per claim 5, Bar in view of Gong discloses the computer-implemented method of claim 1, further comprising operations for: performing centralized logging, distributed tracing, and monitoring (Bar [0048] This information about the identified user device(s) associated with a user may be stored in a user profile associated with the user, such as in user account(s) and device(s) 242 of user profile 240. In an embodiment, the user devices may be polled, interrogated, or otherwise analyzed to determine information about the devices. This information may be used for determining a label or identification of the device (e.g. a device id) so that the user interaction with device may be recognized from user data by user-related activity monitor 280. In some embodiments, users may declare or register a device, such as by logging into an account via the device, installing an application on the device, connecting to an online service that interrogates the device, or otherwise providing information about the device to an application or service. In some embodiments devices that sign into an account associated with the user, such as a Microsoft® account or Net Passport, email account, social network, or the like, are identified and determined to be associated with the user). As per claim 6, Bar in view of Gong discloses the computer-implemented method of claim 1, further comprising operations for: deploying the refined probe (Gong [0106] a memory, a network interface configured to enable network communications, and a processor. The processor is configured to perform operations including obtaining user data and network data associated with one or more assets used in an enterprise network of a user. The operations further include determining an identity of the user based on the user data and the network data and generating a task recommendation based on the identity of the user. The task recommendation includes one or more tasks having a plurality of operations that are to be performed within a predetermined time interval. The operations further include providing the task recommendation for performing one or more actions associated with configuring the enterprise network). As per claim 7, Bar in view of Gong discloses the computer-implemented method of claim 1, further comprising operations for: returning the probe data to a user associated with the persona (Gong [0106] The task recommendation includes one or more tasks having a plurality of operations that are to be performed within a predetermined time interval. The operations further include providing the task recommendation for performing one or more actions associated with configuring the enterprise network.) As per claims 8-14: Claims 8-14 are directed to a computer program product, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform operations having substantially similar corresponding limitations of claims 1-7 respectively and therefore claims 8-14 are rejected with the same rationale given above to reject corresponding limitations of claims 1-7 respectively. As per claims 15-20: Claims 15-20 are directed to a computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more computer-readable memories, to perform operations having substantially similar corresponding limitations of claims 1-6 respectively and therefore claims 15-20 are rejected with the same rationale given above to reject corresponding limitations of claims 1-6 respectively. Conclusion The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts. WILLIAMS et al. (US 20200067776 A1) discloses features for selecting a community including member devices that are associated with a distributed job. The features includes identifying a trigger related to the distributed job and spawning an automated action set related to the trigger. The automated action set includes at least one of automated action by the member devices or automated action by a remote device communicatively coupled to at least one of the member devices. The actions can vary by community or based on individual personas within a community, and can be orchestrated as a single action or series following an appropriate trigger. Devices can be shared among multiple members, and multiple personas can accordingly be stored on, represented by, or otherwise associated with a single device for various control or authentication. DeWeese et al. (US 20160277387 A1) disclosed are various examples for multi-persona management on a client device that can be configured to maintain multiple personas for a single user where each of the personas which includes a unique configuration of the client device. A first one of the personas can include an enterprise persona while a second one of the personas can include a personal persona. Different methods of authentication can result in the client device toggling between the enterprise persona and the personal persona where the client device is managed by a device management service, for example, when the client device is configured in accordance with the enterprise persona. Kosmiskas et al. (US 20150100890 A1) discuses one or more personas associated with a user, the one or more personas including a first persona and a second persona, and providing, in response to an input, a first set of applications or data, or a second set of applications or data, based on a determination that an electronic device is in a mode associated with the first persona or the second persona, respectively. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LINGLAN EDWARDS can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TECHANE GERGISO/ Primary Examiner, Art Unit 2408