Patent Grant
11556362
This disclosure relates generally to the field of data processing systems and more particularly to robotic process automation systems.
Robotic process automation (RPA) is the application of technology that allows workers in an organization to configure a computer software or a “robot” (also referred to as a “bot”) to capture and interpret existing applications for processing a transaction, manipulating data, triggering responses and communicating with other digital systems. Conventional RPA systems employ software robots to interpret the user interface of third-party applications and to execute steps identically to a human user. Typically, the bot will be initiated on a device by a human user who provides the bot with access credentials that the human user has to access certain systems and applications. For example, to complete its tasks, the bot may require login credentials to login as the human user onto a particular device, and then to login to various applications and other system services in order to access, store and/or modify certain data, send messages and perform other functions permitted by the applications. Although this process permits automation of a variety of manual tasks, it still requires a human user to deploy the bot with the user's own credentials.
Embodiments disclosed herein simplify deployment of bots within an RPA system while ensuring the appropriate credentials are employed in accessing applications, data and computerized services. A bot deployment request may be made centrally by a user instead of requiring a human at a computer terminal, such as a desktop or laptop, who is authorized to deploy the bot. In the disclosed embodiments, a request to deploy a bot that identifies a particular bot and an authorized class of user is first checked to determine if the bot requester is authorized to deploy the particular bot for use by the authorized class of user. If so, then a device upon which the bot will execute is identified and an authorization token is issued to the identified device, for use by the identified device in interacting with the system. The identified device employs the authorization token in retrieving the requested bot and in retrieving credentials associated with the authorized class of user. The requested bot is then able to execute on the identified device automatically.
In conventional systems, the user that a bot runs as is determined by which user is logged into the device, and which device is deployed. Devices do not have their own identity; users must log into devices and the device employs the user's identity. Further in conventional systems, bot-specific permissions prevent a device from being used for bots with different purposes, and devices have no way to establish a connection without involving a human, who must know all required usernames and passwords for all devices. In the disclosed embodiments, in contrast, devices have their own identity rather than requiring a user to provide one.
Additional aspects related to the invention will be set forth in part in the description which follows, and in part will be apparent to those skilled in the art from the description or may be learned by practice of the invention. Aspects of the invention may be realized and attained by means of the elements and combinations of various elements and aspects particularly pointed out in the following detailed description and the appended claims.
It is to be understood that both the foregoing and the following descriptions are exemplary and explanatory only and are not intended to limit the claimed invention or application thereof in any manner whatsoever.
The accompanying drawings, which are incorporated in and constitute a part of this specification exemplify the embodiments of the present invention and, together with the description, serve to explain and illustrate principles of the inventive techniques disclosed herein. Specifically:
In the following detailed description, reference will be made to the accompanying drawings, in which identical functional elements are designated with like numerals. The aforementioned accompanying drawings show by way of illustration, and not by way of limitation, specific embodiments and implementations consistent with principles of the present invention. These implementations are described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other implementations may be utilized and that structural changes and/or substitutions of various elements may be made without departing from the scope and spirit of present invention. The following detailed description is, therefore, not to be construed in a limited sense.
Embodiments disclosed herein may implement a method and or system of deploying bots within a robotic process automation system to process assigned work tasks, such as for example, processing an invoice, loan application, new employee onboarding documentation and the like. A bot deployment request is received from a deployment user. The bot deployment request includes a bot identification that identifies a specific preexisting bot encoded to perform predefined application level tasks that may be performed by a human user. The bot deployment request further includes an authorized class of user to execute the specific preexisting bot. Credentials of the deployment user are checked to determine if the deployment user is authorized to deploy the specific preexisting bot with credentials of the authorized class of user. If the deployment user is determined to be authorized to deploy the specific preexisting bot with credentials of the authorized class of user then, an execution device is identified, from a set of available devices, upon which the specific preexisting bot will execute. An authorization token is issued for the execution device to uniquely identify the execution device and to authorize the execution device to communicate with the robotic process automation system. In response to a request by the execution device the specific preexisting bot and credentials corresponding to the authorized class of user are provided to the execution device. The specific preexisting bot executes on the execution device automatically without input from any individual corresponding to the authorized class of user.
Further details may be seen in
The RPA system 10 checks the deployment credentials at 106 of the deployment user 102 with a user management service 108 to ensure that the deployment user 102 has the authority to cause execution of the specified bot with the credentials of the specified class of user. For example, within an organization, the submission of a request for an invoice processing bot to operate with the credentials of an accounts payable user may be limited to a manager level individual in the organization's accounts payable department. Similarly, the onboarding of a newly hired employee may be limited to human resources personnel, and/or the hiring manager. If the deployment user 102 does not have the appropriate credentials to cause deployment of the requested bot with the specified class of user, then the process in
The system 10 retrieves and provides to the selected device 114 the specified bot, seen as BR 1, from a bot repository 116. The system 10 also at 118 retrieves and provides to the selected device 114 the user credentials 115 required to run the specified bot BR1. For example, the user credentials 115 may include login information (login ID, password) required for the applications and other services 116 that the specified bot BR1 will be required to access. The specified bot BR1 then executes on the selected device 114 to interact as programmed with various user level applications and other services 120 to process specified tasks. Examples of such tasks, are invoices, new hire onboarding documents and expense reports. These are simple examples and many other task types may be processed with RPA system 10. The tasks will often be stored as files, and often as image encoded files (e.g. PDF, TIFF) which may need to be scanned and processed to extract and to recognize the information stored therein. Further aspects of such scanning and processing may be found in pending patent application, which is assigned to the assignee of the present application, entitled “AUTOMATIC KEY/VALUE PAIR EXTRACTION FROM DOCUMENT IMAGES USING DEEP LEARNING”, which was filed in the U.S. Patent and Trademark Office on Dec. 29, 2017, and assigned Ser. No. 15/858,976, and which is hereby incorporated in its entirety by reference.
In certain embodiments, the node manager 212 provides three functions. First is a discovery service that establishes and maintains a connection to the control room 201. Second, the node manager 212 provides an autologin service that provides a vehicle to allow the control room 201 to login or to create a user session by launching user session manager 214. Third, the node manager 212 provides a logging function to stream all logging data back to the control room 201.
In certain embodiments, the user session manager provides five functions. First is a health service that maintains and provide a detailed logging of bot execution including monitoring memory and CPU usage by the bot. Second is a message queue for exchange of data between bots executed within the same user session. Third is a deployment service that connects to the control room 201 (repository service 220) to request with the bot identifier download of the requested bot BR1. The deployment service also ensures that the environment is ready for bot execution such as by making available dependent libraries. Fourth is a bot launcher which reads metadata associated with requested bot BR1 and launches an appropriate container and begins execution of the requested bot. Fifth is a debugger service that can be used to debug bot code.
The centralized credential vault (CV) 218 operates to securely store all credentials and provision them to bots on an on-demand basis. The CV preferably implements NIST controls IA-2 to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). Since sensitive credentials need not be stored in bots or on bot runner systems, the CV facilitates a logical separation of credentials from the bots. CV variables are created from a control room and are instantly available to all the bot creators and bot runners registered with the respective CR. The CV adds flexibility and dynamic character to bots since only the credential references are present in the bots and not the credentials. When bots are moved from one environment to another environment, absolutely no change is needed in bots. Bots can seamlessly pick up the credential values applicable for the new environment from the CR of that environment. Additionally, the CR automatically stores configuration related sensitive data into the CV by default. Additional details of the credential vault 218 are described in pending U.S. patent application Ser. No. 15/957,917 entitled “ROBOTIC PROCESS AUTOMATION SYSTEM AND METHOD WITH SECURE CREDENTIAL VAULT” which is assigned to the assignee of the present application and which is hereby incorporated by reference in its entirety.
In certain instances, some or all of the devices in device pool 113 may be located remotely from the control room 201 and may even be part of another organization. In such an instance, compliance boundary 234 may be employed to represent a logical boundary, across which, any transfer of data or other information is controlled by agreements between parties. In certain embodiments, a remote access module (not shown) within the control room 201 may operate to prevent any bot from performing certain tasks on system 10, by way of example and not limitation, copying files, loading cookies, or transmitting data from RPA system 10, through or beyond compliance boundary 234 via the internet or via any other output device that would violate the security protocols established by the RPA system 10. The remote access module may take the form of remote desktop products available from Citrix or Microsoft, which permit connection to a remote computer, such as RPA system 10, to establish a communication link between system 10 and a remotely located device to permit apps, files, and network resources to be made available from computer system 10 to the remotely located device. Additional details of operation of an embodiment of RPA system 10 and in particular the compliance boundary 234 are described in U.S. Pat. No. 9,954,819, entitled “SYSTEM AND METHOD FOR COMPLIANCE BASED AUTOMATION” and assigned to the assignee of the present application, which is hereby incorporated by reference.
In certain embodiments where large numbers of automation tasks are required to be performed within a specified period of time, the deployment of bots may be performed in accordance with methods and systems described in pending patent application, which is assigned to the assignee of the present application, entitled “ROBOTIC PROCESS AUTOMATION SYSTEM WITH SERVICE LEVEL AGREEMENT BASED AUTOMATION”, filed on Apr. 20, 2018, assigned application Ser. No. 15/957,915, and which is hereby incorporated by reference in its entirety.
The embodiments herein can be implemented in the general context of computer-executable instructions, such as those included in program modules, being executed in a computing system on a target real or virtual processor. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Computer-executable instructions for program modules may be executed within a local or distributed computing system. The computer-executable instructions, which may include data, instructions, and configuration parameters, may be provided via an article of manufacture including a computer readable medium, which provides content that represents instructions that can be executed. A computer readable medium may also include a storage or database from which content can be downloaded. A computer readable medium may also include a device or product having content stored thereon at a time of sale or delivery. Thus, delivering a device with stored content, or offering content for download over a communication medium may be understood as providing an article of manufacture with such content described herein.
Computing system 300 may have additional features such as for example, storage 310, one or more input devices 314, one or more output devices 312, and one or more communication connections 316. An interconnection mechanism (not shown) such as a bus, controller, or network interconnects the components of the computing system 300. Typically, operating system software (not shown) provides an operating system for other software executing in the computing system 300, and coordinates activities of the components of the computing system 300.
The tangible storage 310 may be removable or non-removable, and includes magnetic disks, magnetic tapes or cassettes, CD-ROMs, DVDs, or any other medium which can be used to store information in a non-transitory way, and which can be accessed within the computing system 300. The storage 310 stores instructions for the software implementing one or more innovations described herein.
The input device(s) 314 may be a touch input device such as a keyboard, mouse, pen, or trackball, a voice input device, a scanning device, or another device that provides input to the computing system 300. For video encoding, the input device(s) 314 may be a camera, video card, TV tuner card, or similar device that accepts video input in analog or digital form, or a CD-ROM or CD-RW that reads video samples into the computing system 300. The output device(s) 312 may be a display, printer, speaker, CD-writer, or another device that provides output from the computing system 300.
The communication connection(s) 316 enable communication over a communication medium to another computing entity. The communication medium conveys information such as computer-executable instructions, audio or video input or output, or other data in a modulated data signal. A modulated data signal is a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media can use an electrical, optical, RF, or other carrier.
The terms “system” and “computing device” are used interchangeably herein. Unless the context clearly indicates otherwise, neither term implies any limitation on a type of computing system or computing device. In general, a computing system or computing device can be local or distributed and can include any combination of special-purpose hardware and/or general-purpose hardware with software implementing the functionality described herein.
While the invention has been described in connection with a preferred embodiment, it is not intended to limit the scope of the invention to the particular form set forth, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents as may be within the spirit and scope of the invention as defined by the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5949999 | Song et al. | Sep 1999 | A |
| 5983001 | Boughner et al. | Nov 1999 | A |
| 6133917 | Feigner et al. | Oct 2000 | A |
| 6389592 | Ayres et al. | May 2002 | B1 |
| 6427234 | Chambers et al. | Jul 2002 | B1 |
| 6473794 | Guheen et al. | Oct 2002 | B1 |
| 6496979 | Chen et al. | Dec 2002 | B1 |
| 6640244 | Bowman-Amuah | Oct 2003 | B1 |
| 6704873 | Underwood | Mar 2004 | B1 |
| 6898764 | Kemp | May 2005 | B2 |
| 6954747 | Wang et al. | Oct 2005 | B1 |
| 7091898 | Arling et al. | Aug 2006 | B2 |
| 7246128 | Jordahl | Jul 2007 | B2 |
| 7398469 | Kisamore et al. | Jul 2008 | B2 |
| 7441007 | Kirkpatrick et al. | Oct 2008 | B1 |
| 7533096 | Rice et al. | May 2009 | B2 |
| 7568109 | Powell et al. | Jul 2009 | B2 |
| 7571427 | Wang et al. | Aug 2009 | B2 |
| 7765525 | Davidson et al. | Jul 2010 | B1 |
| 7805317 | Khan et al. | Sep 2010 | B2 |
| 7805710 | North | Sep 2010 | B2 |
| 7810070 | Nasuti et al. | Oct 2010 | B2 |
| 7846023 | Evans et al. | Dec 2010 | B2 |
| 8028269 | Bhatia et al. | Sep 2011 | B2 |
| 8056092 | Allen et al. | Nov 2011 | B2 |
| 8095910 | Nathan et al. | Jan 2012 | B2 |
| 8132156 | Malcolm | Mar 2012 | B2 |
| 8209738 | Nicol et al. | Jun 2012 | B2 |
| 8234622 | Meijer et al. | Jul 2012 | B2 |
| 8245215 | Extra | Aug 2012 | B2 |
| 8352464 | Fotev | Jan 2013 | B2 |
| 8396890 | Lim | Mar 2013 | B2 |
| 8438558 | Adams | May 2013 | B1 |
| 8443291 | Ku et al. | May 2013 | B2 |
| 8464240 | Fritsch et al. | Jun 2013 | B2 |
| 8498473 | Chong et al. | Jul 2013 | B2 |
| 8504803 | Shukla | Aug 2013 | B2 |
| 8631458 | Banerjee | Jan 2014 | B1 |
| 8682083 | Kumar et al. | Mar 2014 | B2 |
| 8713003 | Fotev | Apr 2014 | B2 |
| 8769482 | Batey et al. | Jul 2014 | B2 |
| 8819241 | Washbur | Aug 2014 | B1 |
| 8832048 | Lim | Sep 2014 | B2 |
| 8874685 | Hollis et al. | Oct 2014 | B1 |
| 8943493 | Schneider | Jan 2015 | B2 |
| 8965905 | Ashmore et al. | Feb 2015 | B2 |
| 9104294 | Forstall et al. | Aug 2015 | B2 |
| 9213625 | Schrage | Dec 2015 | B1 |
| 9278284 | Ruppert et al. | Mar 2016 | B2 |
| 9444844 | Edery et al. | Sep 2016 | B2 |
| 9462042 | Shukla et al. | Oct 2016 | B2 |
| 9571332 | Subramaniam et al. | Feb 2017 | B2 |
| 9621584 | Schmidt et al. | Apr 2017 | B1 |
| 9946233 | Brun et al. | Apr 2018 | B2 |
| 10768977 | Paul | Sep 2020 | B1 |
| 20020073160 | Purcell | Jun 2002 | A1 |
| 20030033590 | Leherbauer | Feb 2003 | A1 |
| 20030101245 | Srinivasan et al. | May 2003 | A1 |
| 20030159089 | DiJoseph | Aug 2003 | A1 |
| 20040083472 | Rao et al. | Apr 2004 | A1 |
| 20040172526 | Tann et al. | Sep 2004 | A1 |
| 20040210885 | Wang et al. | Oct 2004 | A1 |
| 20040243994 | Nasu | Dec 2004 | A1 |
| 20050188357 | Derks et al. | Aug 2005 | A1 |
| 20050204343 | Kisamore et al. | Sep 2005 | A1 |
| 20050257214 | Moshir et al. | Nov 2005 | A1 |
| 20060095276 | Axelrod et al. | May 2006 | A1 |
| 20060150188 | Roman et al. | Jul 2006 | A1 |
| 20070101291 | Forstall et al. | May 2007 | A1 |
| 20070112574 | Greene | May 2007 | A1 |
| 20080005086 | Moore | Jan 2008 | A1 |
| 20080028392 | Chen et al. | Jan 2008 | A1 |
| 20080209392 | Able et al. | Aug 2008 | A1 |
| 20080222454 | Kelso | Sep 2008 | A1 |
| 20080263024 | Landschaft et al. | Oct 2008 | A1 |
| 20090037509 | Parekh et al. | Feb 2009 | A1 |
| 20090103769 | Milov et al. | Apr 2009 | A1 |
| 20090172814 | Khosravi et al. | Jul 2009 | A1 |
| 20090199160 | Vaitheeswaran et al. | Aug 2009 | A1 |
| 20090217309 | Grechanik et al. | Aug 2009 | A1 |
| 20090249297 | Doshi et al. | Oct 2009 | A1 |
| 20090313229 | Fellenstein et al. | Dec 2009 | A1 |
| 20090320002 | Peri-Glass et al. | Dec 2009 | A1 |
| 20100023602 | Martone | Jan 2010 | A1 |
| 20100023933 | Bryant et al. | Jan 2010 | A1 |
| 20100100605 | Allen et al. | Apr 2010 | A1 |
| 20100138015 | Colombo et al. | Jun 2010 | A1 |
| 20100235433 | Ansari et al. | Sep 2010 | A1 |
| 20110022578 | Fotev | Jan 2011 | A1 |
| 20110145807 | Molinie et al. | Jun 2011 | A1 |
| 20110197121 | Kletter | Aug 2011 | A1 |
| 20110276568 | Fotev | Nov 2011 | A1 |
| 20110276946 | Pletter | Nov 2011 | A1 |
| 20110302570 | Kurimilla et al. | Dec 2011 | A1 |
| 20120042281 | Green | Feb 2012 | A1 |
| 20120124062 | Macbeth et al. | May 2012 | A1 |
| 20120284323 | Gamaley | Nov 2012 | A1 |
| 20120330940 | Caire et al. | Dec 2012 | A1 |
| 20130173648 | Tan et al. | Jul 2013 | A1 |
| 20130290318 | Shapira et al. | Oct 2013 | A1 |
| 20140181705 | Hey et al. | Jun 2014 | A1 |
| 20150082280 | Betak et al. | Mar 2015 | A1 |
| 20150347284 | Hey et al. | Dec 2015 | A1 |
| 20160019049 | Kakhandiki et al. | Jan 2016 | A1 |
| 20160078368 | Kakhandiki et al. | Mar 2016 | A1 |
| 20180046796 | Wright | Feb 2018 | A1 |
| 20180322403 | Ron | Nov 2018 | A1 |
| 20190089697 | Delaney | Mar 2019 | A1 |
| 20190171513 | Purushothaman | Jun 2019 | A1 |
| 20190200519 | Chrysanthakopoulos | Jul 2019 | A1 |
| Number | Date | Country |
|---|---|---|
| 2018017214 | Jan 2018 | WO |
| Entry |
|---|
| Szymon Rozga, Practical Bot Development, 2018, Apress (Year: 2018). |
| International Search Report for PCT/2020/025531. |
| Written Opinion of the International Searching Authority for PCT/2020/025531. |
| Al Sallami, Load Balancing in Green Cloud Computation, Proceedings of the World Congress on Engineering 2013 vol. II, WCE 2013, 2013, pp. 1-5 (Year: 2013). |
| B. P. Kasper “Remote: A Means of Remotely Controlling and Storing Data from a HAL Quadrupole Gas Analyzer Using an IBM-PC Compatible Computer”, Nov. 15, 1995, Space and Environment Technology Center. |
| Bergen et al., RPC automation: making legacy code relevant, May 2013, 6 pages. |
| Hu et al., Automating GUI testing for Android applications, May 2011, 7 pages. |
| Konstantinou et al., An architecture for virtual solution composition and deployment in infrastructure clouds, 9 pages (Year: 2009). |
| Nyulas et al., An Ontology-Driven Framework for Deploying JADE Agent Systems, 5 pages (Year: 2008). |
| Tom Yeh, Tsung-Hsiang Chang, and Robert C. Miller, Sikuli: Using GUI Screenshots for Search and Automation, Oct. 4-7, 2009, 10 pages. |
| Yu et al., Deploying and managing Web services: issues, solutions, and directions, 36 pages (Year: 2008). |
| Zhifang et al., Test automation on mobile device, May 2010, 7 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20200310844 A1 | Oct 2020 | US |
