	US 12,014,375 B2
	Generating security event case files from disparate unstructured data
Christopher Brakob, Minneapolis, MN (US); and Ethan Sommer, Minneapolis, MN (US)
Assigned to Target Brands, Inc., Minneapolis, MN (US)
Filed by Target Brands, Inc., Minneapolis, MN (US)
Filed on Apr. 18, 2022, as Appl. No. 17/722,820.
Claims priority of provisional application 63/303,329, filed on Jan. 26, 2022.
Claims priority of provisional application 63/217,984, filed on Jul. 2, 2021.
Prior Publication US 2023/0004978 A1, Jan. 5, 2023
Int. Cl. G06Q 20/40 (2012.01); G06F 16/35 (2019.01); G06Q 20/20 (2012.01)

CPC G06Q 20/4016 (2013.01) [G06F 16/353 (2019.01); G06Q 20/20 (2013.01)]

20 Claims

1. A method for generating security event case files with unstructured data, the method comprising:

receiving, by a computing system, unstructured data and system-based inferences, wherein the unstructured data comprises raw data that is captured by one or more devices positioned throughout a store and the system-based inferences comprise data indicating potentially suspicious activities in the store that is generated by the one or more devices in response to processing the unstructured data;

retrieving, by the computing system and from a data store, one or more structuring models, wherein the one or more structuring models were trained using machine learning to process the unstructured data and the system-based inferences by automatically (i) adding information to the unstructured data and the system-based inferences to generate structured data, the added information defining one or more security event characteristics associated with the unstructured data and the system-based inferences, and (ii) correlating the unstructured data and the system-based inferences based on the respective added information to identify suspicious activities in the store;

adding structure, by the computing system, to the unstructured data and the system-based inferences based on applying the one or more structuring models, wherein adding structure using the one or more structuring models comprises:

labeling, by the computing system, the unstructured data and the system-based inferences,

classifying, by the computing system, the labeled data and system-based inferences into one or more of the plurality of security event categories, wherein the plurality of security event categories identify suspicious activities that may occur in the store, and

identifying, by the computing system, objective identifiers from the structured data and the structured system-based inferences, wherein the objective identifiers identify one or more users that appear in the structured data and the structured system-based inferences;

generating, by the computing system, a case file for each of the one or more objective identifiers, wherein the case file includes the structured data and the structured system-based inferences that correspond to the respective objective identifier;

determining, by the computing system, whether information in the case file satisfies one or more alerting rules, wherein the one or more alerting rules correspond to alerting policies for a location in the store that is identified by location information in the case file; and

storing, by the computing system and in the data store, the case file with the determination of whether the information in the case file satisfies the one or more alerting rules.