Patent Grant
10853097
This disclosure relates generally to the field of data processing systems and more particularly to interaction with information on remote computers.
Robotic process automation (RPA) is the application of technology that allows employees in a company to configure a computer software or a “robot” to capture and interpret existing applications for processing a transaction, manipulating data, triggering responses and communicating with other digital systems. Conventional RPA systems employ software robots to interpret the user interface of third party applications and to execute steps identically to a human user.
RPA systems employ a variety of recorders to record human implemented actions performed when interacting with a computer application. Such recorders include capability to understand and capture objects and controls in windows displayed on a computer screen, such as: (i) text from drop-down menus; (ii) list boxes; buttons; status from radio buttons and check boxes; (iii) mouse click actions. A variant on such recorders is a screen recorder which record a task or a series of actions on a computer when: (i) building simple tasks for process that involve mouse clicks and keyboard operations; (ii) running an automated process (the task to be recorded) on the same computer on which it was recorded.
While such recorders are quite useful in automating business processes, they are vulnerable to exposing sensitive data, particularly environments such as BFSIs (Banking, Financial Services, and Insurance). While automating a task, capturing such sensitive data (e.g. customer account, IDs etc.) may pose a security risk.
The secure recording’ feature disclosed herein permits flexibility, and hence increased security of information, such as in BFSI environments, when employing RPA. An RPA system provides a first operation mode by permitting full screen images created by an application program, wherein each full screen image of the full screen images comprises one or more data fields, and each field has a label associated therewith. The full screen images are viewable by a user of the robotic process automation system. The RPA system also provides a secure recording mode that is responsive to an operator accessible setting, that prevents presentation of the full screen images, and that permits presentation of one or more selected data fields and associated labels within one or more of the full screen images.
Additional aspects related to the invention will be set forth in part in the description which follows, an in part will be apparent to those skilled in the art from the description or may be learned by practice of the invention. Aspects of the invention may be realized and attained by means of the elements and combinations of various elements and aspects particularly pointed out in the following detailed description and the appended claims.
It is to be understood that both the foregoing and the following descriptions are exemplary and explanatory only and are not intended to limit the claimed invention or application thereof in any manner whatsoever.
The accompanying drawings, which are incorporated in and constitute a part of this specification exemplify the embodiments of the present invention and, together with the description, serve to explain and illustrate principles of the inventive techniques disclosed herein. Specifically:
In the following detailed description, reference will be made to the accompanying drawings, in which identical functional elements are designated with like numerals. The aforementioned accompanying drawings show by way of illustration, and not by way of limitation, specific embodiments and implementations consistent with principles of the present invention. These implementations are described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other implementations may be utilized and that structural changes and/or substitutions of various elements may be made without departing from the scope and spirit of present invention. The following detailed description is, therefore, not to be construed in a limited sense.
While automating a business process when using a recorder in an RPA system, the commands can capture important details such as object value, image, text, inner HTMLs etc. In environments such as BFSIs (Banking, Financial Services, and Insurance); while automating a task, capturing sensitive data (e.g. customer account, IDs etc.) may pose a security risk. The secure recording embodiment disclosed herein reduces the risk by not permitting capture of sensitive data.
In one aspect a robotic process automation system includes data storage for storing a plurality of bots. Each bot includes one or more configurable commands arranged to perform assigned tasks. A processor is operatively coupled to the data storage and configured to execute instructions that when executed cause the processor to provide to a user a plurality of recorders to permit the user to create one or more bots for storage in the data storage. The instructions implement a smart recorder to permit capture of user interface controls and objects generated by one or more applications, wherein the applications are characterized by one or more application frameworks. The instructions also implement a web recorder to permit capture of pattern-based tasks for web-based applications by automatically, in response to user inputs, extracting web data spread across multiple pages generated by a web-based application. The instructions also implement a screen recorder to permit capture of tasks entered by a user by way of mouse clicks and keyboard operations to one or more screens generated by an application. The instructions also implement a secure recording mode, selectable by an administrator of the robotic process automation system, for preventing capture by the robotic process automation system of an entire screen of information generated by an application-to-be-automated while the user is operating the smart recorder, the web recorder or the screen recorder. The robotic process automation system permits the administrator to permit display to the user of selected fields of information, along with associated labels generated by the application-to-be-automated. In certain embodiments, the robotic process automation system permits the administrator to permit partial display to the user of selected fields of information, along with associated labels generated by the application-to-be-automated. In certain other embodiments, the robotic process automation system permits the administrator to permit display to a first user of a first set of selected fields of information, along with associated labels generated by the application-to-be-automated, and permits display to a second user of a second set of selected fields of information, along with associated labels generated by the application-to-be-automated, wherein the first set of selected fields and the second set of selected fields, differ by a least one field.
In another aspect, a method for securing information in a robotic process automation system includes providing a first operation mode by permitting full screen images created by an application program, wherein each full screen image of the full screen images comprises one or more data fields, with each field having a label associated therewith, wherein the full screen images are viewable by a user of the robotic process automation system. A secure recording mode is provided that is responsive to an operator accessible setting, that prevents presentation of the full screen images, and that permits presentation of one or more selected data fields and associated labels within one or more of the full screen images. In certain embodiments, the operator accessible setting comprises a second setting that causes partial presentation of data fields that are not selected by the administrator. In certain other embodiments, the operator accessible setting comprises a third setting that permits presentation of a first set of one or more selected data fields and associated labels within one or more of the full screen images to a first user and that permits presentation of a second set of one or more selected data fields and associated labels within one or more of the full screen images to a second user, wherein the first set of selected data fields and the second set of selected data fields, differ by a least one field.
In another aspect, a robotic process automation system includes a first recorder to enable recordation by a user of the robotic process automation system of a sequence of interactions with an application that operates independently of the robotic process automation system and that generates one or more screens of information, with certain of the screens including one or more fields to permit input of information to the application. The first recorder operates to cause capture and storage of an image of each screen of information generated by the application that contains a field for input of information. The first recorder also operates to cause capture of an image of each field and associated label contained on each screen of information. The robotic process automation system further includes a secure recorder, selectable by an administrator, that prevents the first recorder from capturing an image of an entire screen of information generated by the application, and that permits capture of an image of any field, and associated label, permitted by the administrator to be captured by the user. In certain embodiments, the secure recorder causes partial display of information in any field other than fields permitted by the administrator to be captured by the user. In other embodiments, the secure recorder is selectable by the administrator to operate in a multi-user mode wherein the administrator permits a first set of fields to be captured by a first user and wherein the administrator permits a second set of fields, that partially overlaps with the first set of fields, or that does not overlap with the first set of fields, to be captured by a second user.
The application 104 is executed by a computer system 110 which includes processing capability and storage. The computer system 110 also executes a local instance of automation controller software 111 that may be enabled by a system administrator 113 to enable operation of a RPA system 10, which may be remotely located from system 110, user 102 and/or system administrator 112. Automation controller 111, resident on computer system 110, operates in conjunction with RPA system 10, to interact with computer system 110. The RPA system 10 sends automation commands and queries to the automation controller 111, while respecting the security compliance protocols of computer system 110.
RPA system, seen generally at 10, operates to permit automation of one or more computer implemented business processes. The RPA system 10 implements a bot creator 112 that is used by an RPA user 114, to create one or more bots that are used to automate various business processes executed by one or more computer applications such as application 109. RPA user 114 may access application 109 remotely and may see the same screen 104 as seen by user 102. In certain embodiments, a compliance boundary 116 may be implemented in connection with remote access module 118. Compliance boundary 116 represents a logical boundary, across which, any transfer of data or other information is controlled by agreements between parties. In certain embodiments, remote access module 118 may operate to prevent RPA user 114 from performing certain tasks on system 110, by way of example and not limitation, copying files, loading cookies, or transmitting data from computer system 110, through or beyond compliance boundary 116 via the internet or via any other output device that would violate the security protocols established by the computer system 110. The remote access module 118 may take the form of remote desktop products available from Citrix or Microsoft, which permit connection to a remote computer, such as computer system 110, to establish a communication link between system 10 and system 110 to permit apps, files, and network resources to be made available from computer system 110 to computer system 10.
RPA system 10, which is executed by processing capability and associated storage operates to enable RPA user 114 to employ various recorders provided by bot creator 113 to capture various processes implemented by one or more applications, such as application 109. The bot creator 113 preferably includes a variety of recorders that permit recording of various inputs performed by for example a user of application 109 to enable automation by replay of the recorded inputs. For example, entry of data into various fields 106, 107 and 108 may be captured by bot 120 generated by user (bot creator) 113. In operation, if user 113 wishes to automate the entry of data into fields in screen 105, the bot 120 will capture an image of screen 105 and will capture an image of the various fields selected by user 114 for capture. For example, in
In certain instances, administrator 112 may choose to prevent RPA user 114 from viewing certain information, such as for example to ensure compliance with various regulatory restrictions. In certain implementations of system 10, the system 110 on which application 104 runs may be located remotely from RPA user 114. For example, system 110 may be located in country A which limits storage of data pertaining to BFSIs of residents of country A to within country A. In such a situation, RPA user 114, who may be in country B, may be permitted to view such data but storage of such data, or portions thereof, may occur outside of country A in the process of operation of system 10 (which may be in country B or another country C). In such a situation, secure recording may be enabled in system 10.
In such an instance, administrator 112 may employ commands implemented by RPA system 10 to enable secure recorder 120 to disable viewing of all information generated by application 104 by RPA user 114. If the administrator 112 wishes to have certain processes implemented by application 104 to be automated, the administrator 112 may employ field selection module 122, provided by bot creator 113, to enable viewing of specific fields selected by administrator 112 for viewing by RPA user 114.
RPA system 10 includes software robot (bot) creator 113 which operates to enable user 114 to automate tasks by use of configurable commands arranged to perform the assigned tasks. Bot creator 113 generates an execution file, such as bot 120 by processing operations that may include reading a task file, scanning for event dependencies and embedding files and links needed for remote execution of the execution file, storing the dependencies in a dependency file, scanning for security, such as insuring the compliance boundary parameters are present and functional, and verifying the task file for proper formatting.
Bot creator 113 includes secure recording module 120 which may be enabled by administrator 112 to prevent screen images such as seen at 105 from being captured by user 114. With secure recording enabled, the RPA system 10 may be configured to permit capture of individual fields, such as seen at screen 124. In secure recording mode, individual fields may be designated for viewing and capture by user 114 by way of field selection module 122. For example, the RPA system 10 may be configured to permit capture of information in a manner that obscures Personally Identifiable Information (PII). For example, a social security number or driver's license number may be prevented from being captured in its entirety but in certain configurations, selected portions, such as the last four digits, may be permitted to be captured. An example is seen at 124 where name and city fields 106 and 108 are visible to user 114 for capture but address field 107 is not visible and therefore not available for capture. This is achieved by enabling secure recording mode by secure recording module 120, which disables presentation of entire screens generated by application 104 to user 114. The fields that are permitted to be viewed and possibly captured by user 114 are enabled by way of field selection module 122 which permits administrator 112, or someone authorized by administrator 112, to identify the fields in screens generated by the application 104 that may be visible and able to be captured by user 114 in secure recording mode. Field selection module 122 interacts with application 104 to permit administrator 112 to designate fields employed by the application, such as for example, fields 106, 107 and 108, preferably by interactive means, such as by graphically selecting the desired fields permitted to be viewed by user 114, or alternatively, by selecting the desired fields that user 114 is not permitted to view. The fields selected by the administrator for display/viewing by user 114 are caused to be stored by the field selection module 122 for use by secure recorder 120 during generation of secure bot 126. In an alternative embodiment, the field selection module causes to be stored the fields identified by the administrator to be excluded from use by the secure recorder 120.
Enabling secure recorder 120 causes generation of secure bot 126 which operates to prevent capture of the entire screen of information 105 as captured by bot 120. Instead secure bot 126 captures only the fields permitted to be captured by administrator 112. As seen in
RPA system 10 preferably includes a variety of recording capability to facilitate task automation by user 114. Three recorders are shown in
Certain details of operation of the RPA system 10 are provided in U.S. patent application Ser. No. 14/988,877, filed on Jan. 6, 2016 and assigned to the assignee of the present application, which is hereby incorporated by reference. The bots 120 and 126 contain one or more of a series of tasks having commands, and other instructions having variables, executable by application 104. In one embodiment bot creator 113 creates bots 120 and 126 by assembling tasks into execution files, which may require validating the tasks and organizing nested tasks, including collecting nested task information for each task, and accounting for all dependencies to ensure that files, tasks, and environments for running on system 110. At least one or more dependencies will, subject to a system 110 set of compliance boundary parameters, enable RPA system 10 to create specific adapters that enable automated application 104 to be executed, when the adapters are incorporated into the system 110.
If secure recording is enabled, as determined at 204, then at 214, only the fields designated via field selection module by or under control of administrator 112 are captured. In secure recording mode capture of the entire screen image 105 is not permitted. As seen, only fields 106 and 108 are visible and therefore available for capture. At 216, field identification, as described above in connection with 210 is performed with the results stored to secure bot 126. Finally, at 218, user interactions as described above in connection with 212 is performed.
Computing system 500 may have additional features such as for example, storage 510, one or more input devices 514, one or more output devices 512, and one or more communication connections 516. An interconnection mechanism (not shown) such as a bus, controller, or network interconnects the components of the computing system 500. Typically, operating system software (not shown) provides an operating system for other software executing in the computing system 500, and coordinates activities of the components of the computing system 500.
The tangible storage 510 may be removable or non-removable, and includes magnetic disks, magnetic tapes or cassettes, CD-ROMs, DVDs, or any other medium which can be used to store information in a non-transitory way and which can be accessed within the computing system 500. The storage 510 stores instructions for the software implementing one or more innovations described herein.
The input device(s) 514 may be a touch input device such as a keyboard, mouse, pen, or trackball, a voice input device, a scanning device, or another device that provides input to the computing system 500. For video encoding, the input device(s) 514 may be a camera, video card, TV tuner card, or similar device that accepts video input in analog or digital form, or a CD-ROM or CD-RW that reads video samples into the computing system 500. The output device(s) 512 may be a display, printer, speaker, CD-writer, or another device that provides output from the computing system 500.
The communication connection(s) 516 enable communication over a communication medium to another computing entity. The communication medium conveys information such as computer-executable instructions, audio or video input or output, or other data in a modulated data signal. A modulated data signal is a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media can use an electrical, optical, RF, or other carrier.
The innovations can be described in the general context of computer-executable instructions, such as those included in program modules, being executed in a computing system on a target real or virtual processor. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Computer-executable instructions for program modules may be executed within a local or distributed computing system. It should be understood that functions/operations shown in this disclosure are provided for purposes of explanation of operations of certain embodiments. The implementation of the functions/operations performed by any particular module may be distributed across one or more systems and computer programs and are not necessarily contained within a particular computer program and/or computer system.
The terms “system” and “computing device” are used interchangeably herein. Unless the context clearly indicates otherwise, neither term implies any limitation on a type of computing system or computing device. In general, a computing system or computing device can be local or distributed and can include any combination of special-purpose hardware and/or general-purpose hardware with software implementing the functionality described herein.
While the invention has been described in connection with a preferred embodiment, it is not intended to limit the scope of the invention to the particular form set forth, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents as may be within the spirit and scope of the invention as defined by the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5949999 | Song et al. | Sep 1999 | A |
| 5983001 | Boughner et al. | Nov 1999 | A |
| 6133917 | Feigner et al. | Oct 2000 | A |
| 6389592 | Ayres et al. | May 2002 | B1 |
| 6427234 | Chambers et al. | Jul 2002 | B1 |
| 6473794 | Guheen et al. | Oct 2002 | B1 |
| 6496979 | Chen et al. | Dec 2002 | B1 |
| 6640244 | Bowman-Amuah | Oct 2003 | B1 |
| 6704873 | Underwood | Mar 2004 | B1 |
| 6898764 | Kemp | May 2005 | B2 |
| 7091898 | Arling et al. | Aug 2006 | B2 |
| 7246128 | Jordahl | Jul 2007 | B2 |
| 7441007 | Kirkpatrick et al. | Oct 2008 | B1 |
| 7533096 | Rice et al. | May 2009 | B2 |
| 7568109 | Powell, Jr. et al. | Jul 2009 | B2 |
| 7765525 | Davidson et al. | Jul 2010 | B1 |
| 7805317 | Khan et al. | Sep 2010 | B2 |
| 7805710 | North | Sep 2010 | B2 |
| 7810070 | Nasuti et al. | Oct 2010 | B2 |
| 7846023 | Evans et al. | Dec 2010 | B2 |
| 8028269 | Bhatia et al. | Sep 2011 | B2 |
| 8056092 | Allen et al. | Nov 2011 | B2 |
| 8095910 | Nathan et al. | Jan 2012 | B2 |
| 8132156 | Malcolm | Mar 2012 | B2 |
| 8234622 | Meijer et al. | Jul 2012 | B2 |
| 8438558 | Adams | May 2013 | B1 |
| 8443291 | Ku et al. | May 2013 | B2 |
| 8464240 | Fritsch et al. | Jun 2013 | B2 |
| 8498473 | Chong et al. | Jul 2013 | B2 |
| 8504803 | Shukla | Aug 2013 | B2 |
| 8682083 | Kumar et al. | Mar 2014 | B2 |
| 8769482 | Batey et al. | Jul 2014 | B2 |
| 8965905 | Ashmore et al. | Feb 2015 | B2 |
| 9213625 | Schrage | Dec 2015 | B1 |
| 9278284 | Ruppert et al. | Mar 2016 | B2 |
| 9444844 | Edery et al. | Sep 2016 | B2 |
| 9462042 | Shukla et al. | Oct 2016 | B2 |
| 20030033590 | Leherbauer | Feb 2003 | A1 |
| 20030101245 | Srinivasan et al. | May 2003 | A1 |
| 20030159089 | DiJoseph | Aug 2003 | A1 |
| 20040083472 | Rao et al. | Apr 2004 | A1 |
| 20040172526 | Tann et al. | Sep 2004 | A1 |
| 20040210885 | Wang et al. | Oct 2004 | A1 |
| 20040243994 | Nasu | Dec 2004 | A1 |
| 20050188357 | Derks et al. | Aug 2005 | A1 |
| 20050204343 | Kisamore et al. | Sep 2005 | A1 |
| 20050257214 | Moshir et al. | Nov 2005 | A1 |
| 20060095276 | Axelrod et al. | May 2006 | A1 |
| 20060150188 | Roman et al. | Jul 2006 | A1 |
| 20070101291 | Forstall et al. | May 2007 | A1 |
| 20070112574 | Greene | May 2007 | A1 |
| 20080005086 | Moore | Jan 2008 | A1 |
| 20080028392 | Chen et al. | Jan 2008 | A1 |
| 20080209392 | Able et al. | Aug 2008 | A1 |
| 20080222454 | Kelso | Sep 2008 | A1 |
| 20080263024 | Landschaft et al. | Oct 2008 | A1 |
| 20090037509 | Parekh et al. | Feb 2009 | A1 |
| 20090103769 | Milov et al. | Apr 2009 | A1 |
| 20090172814 | Khosravi et al. | Jul 2009 | A1 |
| 20090199160 | Vaitheeswaran et al. | Aug 2009 | A1 |
| 20090217309 | Grechanik et al. | Aug 2009 | A1 |
| 20090249297 | Doshi et al. | Oct 2009 | A1 |
| 20090313229 | Fellenstein et al. | Dec 2009 | A1 |
| 20090320002 | Peri-Glass et al. | Dec 2009 | A1 |
| 20100023602 | Martone | Jan 2010 | A1 |
| 20100023933 | Bryant et al. | Jan 2010 | A1 |
| 20100100605 | Allen et al. | Apr 2010 | A1 |
| 20100235433 | Ansari et al. | Sep 2010 | A1 |
| 20110022578 | Fotev | Jan 2011 | A1 |
| 20110145807 | Molinie et al. | Jun 2011 | A1 |
| 20110197121 | Kletter | Aug 2011 | A1 |
| 20110276568 | Fotev | Nov 2011 | A1 |
| 20110276946 | Pletter | Nov 2011 | A1 |
| 20110302570 | Kurimilla et al. | Dec 2011 | A1 |
| 20120042281 | Green | Feb 2012 | A1 |
| 20120124062 | Macbeth et al. | May 2012 | A1 |
| 20120310914 | Khan | Dec 2012 | A1 |
| 20120330940 | Caire et al. | Dec 2012 | A1 |
| 20130173648 | Tan et al. | Jul 2013 | A1 |
| 20130290318 | Shapira et al. | Oct 2013 | A1 |
| 20140181705 | Hey et al. | Jun 2014 | A1 |
| 20150082280 | Betak et al. | Mar 2015 | A1 |
| 20150347284 | Hey et al. | Dec 2015 | A1 |
| 20160019049 | Kakhandiki et al. | Jan 2016 | A1 |
| 20160078368 | Kakhandiki et al. | Mar 2016 | A1 |
| 20180074931 | Garcia | Mar 2018 | A1 |
| 20180197123 | Parimelazhagan | Jul 2018 | A1 |
| Entry |
|---|
| Kakhandiki, Abhijit, ‘Record’ Is Critical for Enterprise—Grade RPA, Sep. 21, 2016, https://www.automationanywhere.com/blog/product-insights/record-is-critical-for-enterprise-grade-rpa (Year: 2016). |
| B. P. Kasper “Remote: A Means of Remotely Controlling and Storing Data from a HAL Quadrupole Gas Analyzer Using an IBM-PC Compatible Computer” , Nov. 15, 1995, Space and Environment Technology Center. |
| Zhifang et al., Test automation on mobile device, May 2010, 7 pages. |
| Hu et al., Automating GUI testing for Android applications, May 2011, 7 pages. |
| Tom Yeh, Tsung-Hsiang Chang, and Robert C. Miller, Sikuli: Using GUI Screenshots for Search and Automation, Oct. 4-7, 2009, 10 pages. |
| Bergen et al., RPC automation: making legacy code relevant, May 2013, 6 pages. |
