“om Organization
`
`International Bureau
`
`2
`=
`
`TATANYAOYA
`
`(10) International Publication Number
`WO 2021/108569 Al
`
`(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`World Intellectual Propert
`>
`
`(43) International Publication Date
`03 June 2021 (03.06.2021)
`
`WIPOIPCT
`
`(51) International Patent Classification:
`HO4L 29/06 (2006.01)
`G0O6F 11/00 (2006.01)
`
`MURPHY,Brian, Philip; 777 8. Harbour Island Blvd.,
`Suite 500, Tampa, FL 33602 (US).
`
`(21) International Application Number:
`PCT/US2020/062252
`
`(74) Agent: COLANDREO,Brian,J. et al.; Ilolland & Knight
`LLP,10 St. James Avenue, Boston, MA 02116 (US).
`
`(22) International Filing Date:
`25 November 2020 (25.11.2020)
`English
`English
`
`(25) Filing Language:
`(26) Publication Language:
`(30) Priority Data:
`.
`26 November2019 (26.11.2019) US
`62/940,733
`(71) Applicant: RELIAQUEST HOLDINGS, LLC [US/US];
`777 §. UarbourIsland Blvd., Suite 500, Tampa, FL 33602
`(US).
`
`(81) Designated States (unless otherwise indicated, for every
`kind of national protection available); AE, AG, AL, AM,
`AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ,
`CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO,
`DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN,
`HR, HU, ID,IL, IN, IR, IS, IT, JO, JP, KE, KG, KH, KN,
`KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD,
`ME, MG, MK, MN, MW, MX. MY, MZ, NA. NG, NI, NO.
`NZ, OM,PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW,
`SA, SC, SD, SE, SG, SK, SL, ST, SV, SY, TH, TJ, TM, TN,
`TR, TT, TZ, UA, UG, US, UZ, VC, VN, WS, ZA, ZM, ZW.
`
`(72) Inventors: MURPHY,Brian, P.; 777 S. Harbour Island
`Blvd., Suite 500, Tampa, FL 33602 (US). PARTLOW,Joe;
`777 S. Harbour Island Blvd., Suite 500, Tampa, FL 33602
`(US). O'CONNOR,Colin; 777 S. Harbour Island Blvd.,
`Suite 500, Tampa, FL 33602 (US). PFEIFFER,Jason; 777
`S. HarbourIsland Blvd., Suite 500, Tampa, FL 33602 (US).
`
`(84) Designated States (unless otherwise indicated, for every
`kind of regional protection available); ARIPO (BW, GH,
`GM,KE, LR, LS, MW, MZ, NA, RW, SD,SL, ST, SZ, TZ,
`UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ,
`TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK,
`EE,ES, FI, FR, GB, GR, HR, HU,IE,IS, IT, LT, LU, LV,
`MC, MK,MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM,
`
`(4) Title: THREAT MITIGATION SYSTEM AND METHOD
`
`
`
`
`
`
` cellular
`
`
`
`
`
`
`mitigation
`.
`process,
`
`10
`
`
`
`
`
`
`
`
`
`10s
`threat
`
`
`mitigation
`
`
`network /
`process
`
`
`bridge
`
`
`
`
`
`
`
`wo2021/108569AINITINIINNINMICAHTATAMER (57) Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with
`
`
`
`30 48
`
`
`
`
`
`threat
`mitigation
`process
`
`
`
`
`
`
`
`
`threat
`mitigation
`process
`
`
`
`
`
`
`
`
`
`
`
`
`
`100"
`
`FIG. 1
`
`
`threat
`mitigation
`process
`
`
`
`
`
`a plurality of security-relevant subsystems within a computing platform; and mapping one or more data fields of a unified platform to
`one or more data fields of eachofthe plurality of security-relevant subsystems.
`
`[Continued on nextpage]
`
`

`

`WO 2021/108569 A|IMTMNTIIOINTA NINN MINTOAAIAT
`
`TR), OAPI (BF, BJ, CF, CG, Cl, CM, GA, GN, GO, GW,
`KM,ML, MR, NE,SN, TD, TG).
`
`Published:
`
`— with international search report (Art. 21(3))
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`Threat Mitigation System and Method
`
`Related Application(s)
`
`[001] This application claims the benefit of U.S. Provisional Application No.-:
`
`62/040,733,
`
`filed on 26 November 2019,
`
`the entire contents of which are herein
`
`incorporated by reference
`
`Technical Field
`
`[002] This disclosure relates to threat mitigation systems and, more particularly, to
`
`threat mitigation systems that utilize a universal query language.
`
`Background
`
`[003]
`
`In the computer world, there is a constant battle occurring between bad actors
`
`that want to attack computing platforms and good actors whotry to prevent the same.
`
`Unfortunately,
`
`the complexity of such computer attacks in constantly increasing, so
`
`technology needs to be employed that understands the complexity of these attacks and is
`
`capable of addressing the same.
`
`[004] Threat mitigation systems may utilize and/or communicate with a plurality of
`
`security-relevant subsystems, wherein these security-relevant subsystems may gather
`
`information concerning such computer attacks. Unfortunately and in order to obtain such
`
`gathered information from these security-relevant subsystems,
`
`the user of the threat
`
`mitigation system would often be required to formulate a unique query for each security-
`
`relevant subsystem.
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`Summary of Disclosure
`
`Concept2
`
`[005]
`
`In one implementation, a computer-implemented method is executed on a
`
`computing device and includes: establishing connectivity with a plurality of security-
`
`relevant subsystems within a computing platform; and mapping one or more data fields
`
`of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems.
`
`[006] One or more of the following features may be included. Mapping one or more
`
`data fields of a unified platform to one or more data fields of each of the plurality of
`
`security-relevant subsystems may include: mapping one or more data fields within a
`
`query structure of the unified platform to one or more data fields within a query structure
`
`of each ofthe plurality of security-relevant subsystems. Mapping one or more data fields
`
`of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields within a result set
`
`structure of each of the plurality of security-relevant subsystems to one or more data
`
`fields within a result set structure of the unified platform. Mapping one or more data
`
`fields of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems at a defined periodicity. Mapping one or more data fields of a unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems may include: proactively mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems. Mapping one or more data fields of a unified platform to one or more data
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`fields of each of the plurality of security-relevant subsystems may include: reactively
`
`mapping one or moredata fields of the unified platform to one or more data fields of each
`
`of the plurality of security-relevant subsystems. A unified query may be defined on a
`
`unified platform concerning the plurality of security-relevant subsystems. The unified
`
`query may be denormalized to define a subsystem-specific query for each of the plurality
`
`of security-relevant subsystems, thus defining a plurality of subsystem-specific queries.
`
`The plurality of subsystem-specific queries may be provided to the plurality of security-
`
`relevant subsystems. A plurality of subsystem-specific results sets may be received from
`
`the plurality of security-relevant subsystems that were generated in response to the
`
`plurality of subsystem-specific queries. The plurality of subsystem-specific results sets
`
`received from the plurality of security-relevant subsystems may be normalized to define a
`
`unified result set. The unified result may be provided set to a third-party.
`
`[007]
`
`In another
`
`implementation,
`
`a computer program product
`
`resides on a
`
`computer readable medium and has a plurality of instructions stored on it. When
`
`executed by a processor,
`
`the instructions cause the processor to perform operations
`
`including: establishing connectivity with a plurality of security-relevant subsystems
`
`within a computing platform; and mapping one or more data fields of a unified platform
`
`to one or more data fields of each of the plurality of security-relevant subsystems.
`
`[008] One or more of the following features may be included. Mapping one or more
`
`data fields of a unified platform to one or more data fields of each of the plurality of
`
`security-relevant subsystems may include: mapping one or more data fields within a
`
`query structure of the unified platform to one or moredata fields within a query structure
`
`of each ofthe plurality of security-relevant subsystems. Mapping one or moredata fields
`
`of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields within a result set
`
`structure of each of the plurality of security-relevant subsystems to one or more data
`
`fields within a result set structure of the unified platform. Mapping one or more data
`
`wo
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`fields of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems at a defined periodicity. Mapping one or more data fields of a unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems may include: proactively mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems. Mapping one or more data fields of a unified platform to one or more data
`
`fields of each of the plurality of security-relevant subsystems may include: reactively
`
`mapping one or moredata fields of the unified platform to one or more datafields of each
`
`of the plurality of security-relevant subsystems. A unified query may be defined on a
`
`unified platform concerning the plurality of security-relevant subsystems. The unified
`
`query may be denormalized to define a subsystem-specific query for each of the plurality
`
`of security-relevant subsystems, thus defining a plurality of subsystem-specific queries.
`
`The plurality of subsystem-specific queries may be provided to the plurality of security-
`
`relevant subsystems. A plurality of subsystem-specific results sets may be received from
`
`the plurality of security-relevant subsystems that were generated in response to the
`
`plurality of subsystem-specific queries. The plurality of subsystem-specific results sets
`
`received from the plurality of security-relevant subsystems may be normalized to define a
`
`unified result set. The unified result may be provided set to a third-party.
`
`[009]
`
`In another implementation, a computing system includes a processor and
`
`memory is configured to perform operations including: establishing connectivity with a
`
`plurality of security-relevant subsystems within a computing platform; and mapping one
`
`or more data fields of a unified platform to one or more data fields of each of the plurality
`
`of security-relevant subsystems.
`
`[0010] One or more of the following features may be included. Mapping one or more
`
`data fields of a unified platform to one or more data fields of each of the plurality of
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`security-relevant subsystems may include: mapping one or more data fields within a
`
`query structure of the unified platform to one or more data fields within a query structure
`
`of each of the plurality of security-relevant subsystems. Mapping one or moredatafields
`
`of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields within a result set
`
`structure of each of the plurality of security-relevant subsystems to one or more data
`
`fields within a result set structure of the unified platform. Mapping one or more data
`
`fields of a unified platform to one or more data fields of each of the plurality of security-
`
`relevant subsystems may include: mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems at a defined periodicity. Mapping one or more data fields of a unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems may include: proactively mapping one or more data fields of the unified
`
`platform to one or more data fields of each of the plurality of security-relevant
`
`subsystems. Mapping one or more data fields of a unified platform to one or more data
`
`fields of each of the plurality of security-relevant subsystems may include: reactively
`
`mapping one or moredata fields of the unified platform to one or moredatafields of each
`
`of the plurality of security-relevant subsystems. A unified query may be defined on a
`
`unified platform concerning the plurality of security-relevant subsystems. The unified
`
`query may be denormalized to define a subsystem-specific query for each of the plurality
`
`of security-relevant subsystems, thus defining a plurality of subsystem-specific queries.
`
`The plurality of subsystem-specific queries may be provided to the plurality of security-
`
`relevant subsystems. A plurality of subsystem-specific results sets may be received from
`
`the plurality of security-relevant subsystems that were generated in response to the
`
`plurality of subsystem-specific queries. The plurality of subsystem-specific results sets
`
`received from the plurality of security-relevant subsystems may be normalized to define a
`
`unified result set. The unified result may be provided set to a third-party.
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`[0011] The details of one or more implementations are set forth in the accompanying
`
`drawings and the description below. Other features and advantages will become apparent
`
`from the description, the drawings, and the claims.
`
`Brief Description of the Drawings
`
`[0012] FIG.
`
`1 is a diagrammatic view ofa distributed computing network including a
`
`computing device that executes a threat mitigation process according to an embodiment
`
`of the present disclosure;
`
`[0013] FIG, 2 is a diagrammatic view of an exemplary probabilistic model rendered
`
`by a probabilistic process of the threat mitigation process of FIG 1 according to an
`
`embodimentof the present disclosure;
`
`[0014] FIG 3 is a diagrammatic view of the computing platform of FIG. 1 according
`
`to an embodimentof the present disclosure;
`
`[0015] FIG 4 is a flowchart of an implementation of the threat mitigation process of
`
`FIG. | according to an embodimentof the present disclosure;
`
`[0016] FIGS. 5-6 are diagrammatic views of screens rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentofthe present disclosure;
`
`[0017] FIGS. 7-9 are flowcharts of other implementations of the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure;
`
`[0018] FIG 10 is a diagrammatic view of a screen rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentofthe present disclosure;
`
`[0019] FIG 11 is a flowchart of another implementation of the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure;
`
`[0020] FIG, 12 is a diagrammatic viewof a screen rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentofthe present disclosure;
`
`[0021] FIG. 13 is a flowchart of another implementation of the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure;
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`[0022] FIG. 14 is a diagrammatic view of a screen rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure;
`
`[0023] FIG. 15 is a flowchart of another implementation of the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure;
`
`[0024] FIG 16 is a diagrammatic view of screens rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentofthe present disclosure;
`
`[0025] FIGS. 17-23 are flowcharts of other implementations of the threat mitigation
`
`process of FIG.
`
`| according to an embodimentof the present disclosure;
`
`[0026] FIG, 24 is a diagrammatic view of a screen rendered by the threat mitigation
`
`process of FIG. 1 according to an embodimentofthe present disclosure;
`
`[0027] FIGS. 25-31 are flowcharts of other implementations of the threat mitigation
`
`process of FIG. 1 according to an embodimentof the present disclosure; and
`
`[0028] FIG. 32 is a diagrammatic view of data field mapping according to an
`
`embodimentof the present disclosure.
`
`[0029] Like reference symbols in the various drawingsindicate like elements.
`
`Detailed Description of the Preferred Embodiments
`
`System Overview
`
`[0030] Referring to FIG 1,
`
`there is shown threat mitigation process 10. Threat
`
`mitigation process 10 may be implemented as a server-side process, a client-side process,
`
`or a hybrid server-side / client-side process. For example, threat mitigation process 10
`
`may be implemented as a purely server-side process via threat mitigation process 10s.
`
`Alternatively, threat mitigation process 10 may be implemented as a purely client-side
`
`process via one or more of threat mitigation process 10c1, threat mitigation process 10c2,
`
`threat mitigation process 10c3, and threat mitigation process 10c4. Alternatively still,
`
`threat mitigation process 10 may be implemented as a hybrid server-side / client-side
`
`process via threat mitigation process 10s in combination with one or more of threat
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`mitigation process 10c1, threat mitigation process 10c2, threat mitigation process 10c3,
`
`and threat mitigation process 10c4. Accordingly, threat mitigation process 10 as used in
`
`this disclosure may include any combination of threat mitigation process 10s, threat
`
`mitigation process 10cl, threat mitigation process 10c2, threat mitigation process, and
`
`threat mitigation process 10c4.
`
`[0031] Threat mitigation process 10s maybe a server application and may reside on
`
`and may be executed by computing device 12, which may be connected to network 14
`
`(e.g., the Internet or a local area network). Examples of computing device 12 may
`
`include, but are not limited to: a personal computer, a laptop computer, a personal digital
`
`assistant, a data-enabled cellular telephone, a notebook computer, a television with one or
`
`more processors embeddedtherein or coupled thereto, a cable / satellite receiver with one
`
`or more processors embedded therein or coupled thereto, a server computer, a series of
`
`server computers, a mini computer, a mainframe computer, or a cloud-based computing
`
`network.
`
`[0032] The instruction sets and subroutines of threat mitigation process 10s, which
`
`may be stored on storage device 16 coupled to computing device 12, may be executed by
`
`one or more processors (not shown) and one or more memory architectures (not shown)
`
`included within computing device 12. Examples of storage device 16 may include but
`
`are not limited to: a hard disk drive; a RAID device; a random-access memory (RAM); a
`
`read-only memory (ROM); andall forms of flash memory storage devices.
`
`[0033] Network 14 may be connected to one or more secondary networks(e.g.,
`
`network 18), examples of which may include but are not limited to: a local area network;
`
`a wide area network;or an intranet, for example.
`
`[0034] Examples of threat mitigation processes 10c1, 10c2, 10c3, 10c4 may include
`
`but are not limited to a client application, a web browser, a game console userinterface,
`
`or a specialized application (e.g., an application running on e.g., the Android ™ platform
`
`or the iOS '™ platform). The instruction sets and subroutines of threat mitigation
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`processes 10c1, 10c2, 10c3, 10c4, which may be stored on storage devices 20, 22, 24, 26
`
`(respectively) coupled to client electronic devices 28, 30, 32, 34 (respectively), may be
`
`executed by one or more processors (not shown) and one or more memory architectures
`
`(not shown) incorporated into client electronic devices 28, 30, 32, 34 (respectively).
`
`Examples of storage device 16 may include but are not limited to: a hard disk drive; a
`
`RAID device; a random-access memory (RAM); a read-only memory (ROM); andall
`
`forms of flash memory storage devices.
`
`[0035] Examples of client electronic devices 28, 30, 32, 34 may include, but are not
`
`limited to, data-enabled, cellular telephone 28,
`
`laptop computer 30, personal digital
`
`assistant 32, personal computer 34, a notebook computer (not shown), a server computer
`
`(not shown), a gaming console (not shown), a smart television (not shown), and a
`
`dedicated network device (not shown). Client electronic devices 28, 30, 32, 34 may each
`
`execute an operating system, examples of which may include but are not limited to
`
`Microsoft Windows "™, Android "™, WebOS ™,
`
`iOS ™, Redhat Linux ', or a custom
`
`operating system.
`
`[0036] Users 36, 38, 40, 42 may access threat mitigation process 10 directly through
`
`network 14 or through secondary network 18. Further, threat mitigation process 10 may
`
`be connected to network 14 through secondary network 18, as illustrated with link line
`
`44.
`
`[0037] The variousclient electronic devices (e.g., client electronic devices 28, 30, 32,
`
`34) maybe directly or indirectly coupled to network 14 (or network 18). For example,
`
`data-enabled, cellular telephone 28 and laptop computer 30 are shown wirelessly coupled
`
`to network 14 via wireless communication channels 46, 48 (respectively) established
`
`between data-enabled, cellular telephone 28,
`
`laptop computer 30 (respectively) and
`
`cellular network / bridge 50, which is shown directly coupled to network 14. Further,
`
`personal digital assistant 32 is shown wirelessly coupled to network 14 via wireless
`
`communication channel 52 established between personal digital assistant 32 and wireless
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`access point
`
`(i.e, WAP) 54, which is
`
`shown directly coupled to network 14.
`
`Additionally, personal computer 34 is shown directly coupled to network 18 via a
`
`hardwired network connection.
`
`[0038] WAP 54 maybe, for example, an IEEE 802.11a, 802.11b, 802.11g, 802.11n,
`
`Wi-Fi, and/or Bluetooth device that is capable of establishing wireless communication
`
`channel 52 between personal digital assistant 32 and WAP 54. As is knownintheart,
`
`TEEE 802.11x specifications may use Ethernet protocol and carrier sense multiple access
`
`with collision avoidance (i.e. CSMA/CA)
`
`for path sharing. The various 802.11x
`
`specifications may use phase-shift keying (i.e., PSK) modulation or complementary code
`
`keying (i.e., CCK) modulation, for example. As is known in the art, Bluetooth is a
`
`telecommunications industry specification that allows e.g., mobile phones, computers,
`
`and personal digital assistants to be interconnected using a short-range wireless
`
`connection.
`
`Artificial Intelligence / Machines Learning Overview:
`
`[0039] Assume for illustrative purposes that threat mitigation process 10 includes
`
`probabilistic process 56 (e.g., an artificial intelligence / machine learning process) that is
`
`configured to process information (e.g., information 58). As will be discussed below in
`
`greater detail, examples of information 58 may include but are not limited to platform
`
`information (e.g., structured or unstructured content) being scanned to detect security
`
`events (e.g., access auditing; anomalies; authentication; denial of services; exploitation;
`
`malware; phishing; spamming; reconnaissance; and/or web attack) within a monitored
`
`computing platform (e.g., computing platform 60).
`
`[0040] As is knownintheart, structured content may be content that is separated into
`
`independent portions (e.g., fields, columns, features) and, therefore, may have a pre-
`
`defined data model and/or is organized in a pre-defined manner. For example, if the
`
`structured content concerns an employeelist: a first field, column or feature may define
`
`the first name of the employee; a second field, column or feature may define the last
`
`10
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`name of the employee; a third field, column or feature may define the homeaddress of
`
`the employee; and a fourth field, column or feature may define the hire date of the
`
`employee.
`
`[0041] Further and as is knownin the art, unstructured content may be content thatis
`
`not separated into independent portions (e.g., fields, columns, features) and, therefore,
`
`may not have a pre-defined data model and/or is not organized in a pre-defined manner.
`
`For example, if the unstructured content concerns the same employeelist: the first name
`
`of the employee, the last name of the employee, the homeaddress of the employee, and
`
`the hire date of the employee mayall be combinedinto onefield, column orfeature.
`
`[0042] For
`
`the following illustrative example, assume that
`
`information 58 1s
`
`unstructured content, an example of which may include butis not limited to unstructured
`
`user feedback received by a company(e.g., text-based feedback such as text-messages,
`
`social media posts, and email messages; and transcribed voice-based feedback such as
`
`transcribed voice mail, and transcribed voice messages).
`
`[0043] When processing information 58, probabilistic process
`
`56 may use
`
`probabilistic modeling to accomplish such processing, wherein examples of such
`
`probabilistic modeling may include but are not
`
`limited to discriminative modeling,
`
`generative modeling, or combinations thereof.
`
`[0044] As is known in the art, probabilistic modeling may be used within modern
`
`artificial intelligence systems (e.g., probabilistic process 56), in that these probabilistic
`
`models may provide artificial
`
`intelligence systems with the tools
`
`required to
`
`autonomously analyze vast quantities of data (e.g., information 58).
`
`[0045] Examples of the tasks for which probabilistic modeling may be utilized may
`
`include butare not limited to:
`
`e
`
`predicting media (music, movies, books) that a user may like or enjoy based
`
`upon media that the user has liked or enjoyed in the past;
`
`e
`
`transcribing words spoken by a userinto editable text;
`
`11
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`*
`
`e
`
`e
`
`e
`
`e
`
`e
`
`grouping genesinto geneclusters;
`
`identifying recurring patterns within vast data sets;
`
`filtering email that is believed to be spam from a user’s inbox;
`
`generating clean (i.e., non-noisy) data from a noisy data set;
`
`analyzing (voice-based or text-based) customer feedback; and
`
`diagnosing various medical conditions and diseases.
`
`[0046] For each of the above-described applications of probabilistic modeling, an
`
`initial probabilistic model may be defined, wherein this initial probabilistic model may be
`
`subsequently (e.g., iteratively or continuously) modified and revised, thus allowing the
`
`probabilistic models and the artificial intelligence systems (e.g., probabilistic process 56)
`
`to “learn” so that future probabilistic models may be more precise and may explain more
`
`complex data sets.
`
`[0047] Accordingly, probabilistic process 56 may define an initial probabilistic model
`
`for accomplishing a defined task (e.g.,
`
`the analyzing of information 58).
`
`For the
`
`illustrative example, assumethat this defined task is analyzing customer feedback (e.g.,
`
`information 58) that
`
`is received from customers of e.g., store 62 via an automated
`
`feedback phone line. For this example, assume that information 58 is initially voice-
`
`based content
`
`that
`
`is processed via e.g., a speech-to-text process that
`
`results in
`
`unstructured text-based customer feedback (e.g., information 58).
`
`[0048] With respect to probabilistic process 56, a probabilistic model may be utilized
`
`to go from initial observations about information 58 (e.g., as represented by the initial
`
`branches of a probabilistic model)
`
`to conclusions about
`
`information 58 (eg., as
`
`represented by the leaves of a probabilistic model).
`
`[0049] As used in this disclosure, the term “branch” may refer to the existence (or
`
`non-existence) of a component (e.g., a sub-model) of (or included within) a model.
`
`Examples of such a branch mayinclude but are not limited to: an execution branch ofa
`
`probabilistic program or other generative model, a part (or parts) of a probabilistic
`
`12
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`graphical model, and/or a component neural network that may (or may not) have been
`
`previously trained.
`
`[0050] While the following discussion provides a detailed example of a probabilistic
`
`model, this is for illustrative purposes only and is not intended to be a limitation of this
`
`disclosure, as other configurations are possible and are considered to be within the scope
`
`of this disclosure. For example, the following discussion may concern any type of model
`
`(e.g., be it probabilistic or other) and, therefore, the below-described probabilistic model
`
`is merely intended to be oneillustrative example of a type of model andis not intended to
`
`limit this disclosure to probabilistic models.
`
`[0051] Additionally, while the following discussion concerns word-based routing of
`
`messages through a probabilistic model, this is for illustrative purposes only and is not
`
`intended to be a limitation of this disclosure, as other configurations are possible and are
`
`considered to be within the scope of this disclosure. Examples of other types of
`
`information that may be used to route messages through a probabilistic model may
`
`include:
`
`the order of the words within a message; and the punctuation interspersed
`
`throughout the message.
`
`[0052] For example and referring also to FIG 2,
`
`there is shown one simplified
`
`example of a probabilistic model (e.g., probabilistic model 100) that may be utilized to
`
`analyze information 58 (e.g., unstructured text-based customer feedback) concerning
`
`store 62. The manner in which probabilistic model 100 may be automatically-generated
`
`by probabilistic process 56 will be discussed below in detail.
`
`In this particular example,
`
`probabilistic model 100 may receive information 58 (e.g., unstructured text-based
`
`customer feedback) at branching node 102 for processing. Assume that probabilistic
`
`model 100 includes four branches off of branching node 102, namely: service branch
`
`104; selection branch 106; location branch 108; and value branch 110 that respectively
`
`lead to service node 112, selection node 114, location node 116, and value node 118.
`
`13
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`[0053] As stated above, service branch 104 may lead to service node 112, which may
`
`be configured to process the portion of information 58 (e.g., unstructured text-based
`
`customer feedback) that concerns (in whole or in part) feedback concerning the customer
`
`service of store 62. For example, service node 112 may define service word list 120 that
`
`may include e.g., the word service, as well as synonyms of (and words related to) the
`
`word service (e.g., cashier, employee, greeter and manager). Accordingly and in the
`
`event that a portion of information 58 (e.g., a text-based customer feedback message)
`
`includes the word cashier, employee, greeter and/or manager, that portion of information
`
`58 may be considered to be text-based customer feedback concerning the service received
`
`at store 62 and (therefore) may be routed to service node 112 of probabilistic model 100
`
`for further processing. Assumeforthis illustrative example that probabilistic model 100
`
`includes two branchesoff of service node 112, namely: good service branch 122 and bad
`
`service branch 124.
`
`[0054] Good service branch 122 may lead to good service node 126, which may be
`
`configured to process the portion of information 58 (e.g. unstructured text-based
`
`customer feedback) that concerns (in whole or in part) good feedback concerning the
`
`customer service of store 62. For example, good service node 126 may define good
`
`service word list 128 that may include e.g., the word good, as well as synonyms of (and
`
`words related to) the word good (e.g., courteous, friendly, lovely, happy, and smiling).
`
`Accordingly and in the event that a portion of information 58 (e.g., a text-based customer
`
`feedback message) that was routed to service node 112 includes the word good,
`
`courteous, friendly, lovely, happy, and/or smiling, that portion of information 58 may be
`
`considered to be text-based customer feedback indicative of good service received at
`
`store 62 (and, therefore, may be routed to good service node 126).
`
`[0055] Bad service branch 124 may lead to bad service node 130, which may be
`
`configured to process the portion of information 58 (e.g., unstructured text-based
`
`customer feedback) that concerns (in whole or in part) bad feedback concerning the
`
`14
`
`

`

`WO 2021/108569
`
`PCT/US2020/062252
`
`customer service of store 62. For example, bad