System, method and computer program product for validating software agents in a robotic process automation system

By using public/private encryption key pairs and hash value verification, the problem of credential leakage and authentication of software agents in RPA systems is solved, and secure online information source access and data transaction record storage are achieved.

CN116210024BActive Publication Date: 2026-07-10VISA INTERNATIONAL SERVICE ASSOCIATION

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
VISA INTERNATIONAL SERVICE ASSOCIATION
Filing Date
2021-09-15
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

In existing RPA systems, software agents face risks of credential leakage and failure to pass knowledge-based authentication methods when accessing online information sources, resulting in insecure access to secure information.

Method used

Using public/private encryption key pairs, hash values ​​are generated and compared to determine the identity of the software agent, allowing or denying its access to online information sources, and storing data transaction records in a data structure.

Benefits of technology

It enables secure access to online information sources, prevents credential leakage, and allows software agents to access secure information without storing credentials, adapting to knowledge-based authentication methods.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116210024B_ABST
    Figure CN116210024B_ABST
Patent Text Reader

Abstract

A system is provided that includes at least one processor programmed or configured to: provide a client device for accessing an online information source; send a private encryption key of a public / private encryption key pair to a software agent of the client device; receive a first hash value from the software agent, wherein the first hash value is generated using the private encryption key; receive a second hash value from the software agent; determine, based on the first hash value and the second hash value received from the software agent, whether to allow the software agent to access the online information source; process a request involving the software agent for access to the online information source; and store a data record associated with a data transaction involving the online information source in a data structure. Methods and computer program products are also provided.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Cross-reference to related applications

[0002] This application claims priority to U.S. Patent Application No. 17 / 022,267, filed September 16, 2020, the disclosure of which is incorporated herein by reference in its entirety. Technical Field

[0003] This disclosure generally relates to the detection of software agents, and in some non-limiting embodiments or aspects, to systems, methods, and computer program products for verifying software agents in robotic process automation systems to allow access to information. Background Technology

[0004] A software agent can be a computer program that acts on behalf of an entity (e.g., a user or another computer program) in an agency relationship. In some cases, a software agent may have the authority (e.g., on behalf of an entity with which it has an agency relationship) to determine which action (if any) is appropriate. Software agents can be commonly referred to as automated programs, derived from word robots. Software agents may include physical manifestations, such as when the execution of an action by the software agent is paired with the actions of a device, such as a robot body. In some cases, software agents may include services without physical manifestations, such as virtual assistants (e.g., chatbots running on smartphones) or other computing devices. Software agents can be autonomous or work in conjunction with other software agents or other users (e.g., humans, people, individuals, etc.). In some cases, software agents may interact with users, for example, in a human-robot interaction environment, and software agents may possess human-like qualities, such as natural language understanding, speech, personality, and / or humanoid forms.

[0005] Robotic Process Automation (RPA) can take the form of process automation techniques based on using software agents to perform tasks that would otherwise be performed by a user (e.g., a human as the user). In some cases, RPA systems can develop tasks by observing users performing tasks within the graphical user interface (GUI) of a software application. The RPA system can then employ one or more software agents to automate the task by repeating it directly within the GUI. In other cases, RPA systems can use one or more software agents to access information from online sources.

[0006] In some cases, when an RPA system attempts to use a software agent to access secure information from an online source such as a financial institution, the online source may need to authenticate and authorize the software agent before allowing it access. In this example, the online source may require the software agent to provide access credentials such as a username and password for authentication and authorization.

[0007] However, providing a username and password to a software agent may allow it to access excessive information. Additionally, the software agent may be unable to use access credentials because it might need to store them in an insecure location. Storing access credentials could undermine the purpose and benefits of using them, as they could be stolen. Furthermore, if the online source uses knowledge-based authentication and / or stepwise authentication methods such as multi-factor authentication, the software agent may be unable to access secure information from the online source. For example, if a knowledge-based or multi-factor authentication query requires a response that changes over time or relies on human intuition to provide a response, the software agent may be unable to respond appropriately to the query. Summary of the Invention

[0008] Therefore, improved systems, methods, and computer program products for validating software agents in robotic process automation (RPA) systems are disclosed.

[0009] According to some non-limiting embodiments or aspects, a system is provided, comprising: at least one processor programmed or configured to: provide a client device for accessing an online information source; send a private encryption key from a public / private encryption key pair to a software agent of the client device; receive a first hash value from the software agent of the client device, wherein the first hash value is generated using the private encryption key; receive a second hash value from the software agent of the client device; determine, based on the first and second hash values ​​received from the software agent of the client device, whether to allow the software agent to access the online information source; process a request for access to the online information source involving the software agent of the client device, wherein when processing the request for access to the online information source, at least one processor is programmed or configured to: allow the software agent to perform a data transaction involving the online information source based on the determination that the software agent of the client device is allowed to access the online information source; and store data records associated with the data transaction involving the online information source in a data structure.

[0010] According to some non-limiting embodiments or aspects, a computer-implemented method is provided, comprising: providing a client device for accessing an online information source using at least one processor; sending a private encryption key from a public / private encryption key pair to a software agent of the client device using at least one processor; receiving a first hash value from the software agent of the client device using at least one processor, wherein the first hash value is generated using the private encryption key; receiving a second hash value from the software agent of the client device using at least one processor; determining, based on the first hash value and the second hash value received from the software agent of the client device, that the software agent is permitted to access the online information source; processing, using at least one processor, a request for access to the online information source involving the software agent of the client device, wherein processing the request for access to the online information source includes: allowing the software agent to perform a data transaction involving the online information source based on the determination that the software agent of the client device is permitted to access the online information source; and storing, using at least one processor, a data record associated with the data transaction involving the online information source in a data structure.

[0011] According to some non-limiting embodiments or aspects, a computer program product is provided, the computer program product comprising at least one non-transitory computer-readable medium, the at least one non-transitory computer-readable medium comprising one or more instructions, the one or more instructions causing the at least one processor, when executed, to: provide a client device for accessing an online information source; send a private encryption key from a public / private encryption key pair to a software agent of the client device; receive a first hash value from the software agent of the client device, wherein the first hash value is generated using the private encryption key; receive a second hash value from the software agent of the client device; determine, based on the first hash value and the second hash value received from the software agent of the client device, whether to allow the software agent to access the online information source; process a request for access to the online information source involving the software agent of the client device, wherein when processing the request for access to the online information source, the at least one processor is programmed or configured to: allow the software agent to perform a data transaction involving the online information source based on the determination that the software agent of the client device is allowed to access the online information source; and store data records associated with the data transactions involving the online information source in a distributed ledger.

[0012] Other non-limiting embodiments or aspects are set forth in the following numbered clauses:

[0013] Clause 1: A system comprising: at least one processor programmed or configured to: provide a client device for accessing an online information source; send a private encryption key from a public / private encryption key pair to a software agent of the client device; receive a first hash value from the software agent of the client device, wherein the first hash value is generated using the private encryption key; receive a second hash value from the software agent of the client device; determine, based on the first hash value and the second hash value received from the software agent of the client device, whether to allow the software agent to access the online information source; process a request for access to the online information source involving the software agent of the client device, wherein when processing the request for access to the online information source, the at least one processor is programmed or configured to: allow the software agent to perform a data transaction involving the online information source based on the determination that the software agent of the client device is allowed to access the online information source; and store data records associated with the data transaction involving the online information source in a data structure.

[0014] Clause 2: In the system described in Clause 1, wherein when the data record associated with the data transaction involving the online information source is stored in the data structure, the at least one processor is programmed or configured to store the data record associated with the data transaction involving the online information source in a distributed ledger.

[0015] Clause 3: In a system according to Clause 1 or 2, wherein the at least one processor is further programmed or configured to: store the first hash value and an identifier of the software agent of the client device in the data structure; and wherein, when determining whether to allow the software agent of the client device to access the online information source, the at least one processor is programmed or configured to: retrieve the first hash value from the data structure based on the identifier of the software agent of the client device; compare the second hash value received from the software agent with the first hash value retrieved from the data structure; and determine, based on determining that the second hash value received from the software agent corresponds to the first hash value retrieved from the data structure, to allow the software agent of the client device to access the online information source.

[0016] Clause 4: A system according to any one of Clauses 1 to 3, wherein when the second hash value is received from the software agent of the client device, the at least one processor is programmed or configured to: receive from the software agent the request for access to the online information source, wherein the request for access to the online information source includes the second hash value and data associated with the software agent of the client device.

[0017] Clause 5: A system according to any one of Clauses 1 to 4, wherein when determining whether to allow the software agent of the client device to access the online information source, the at least one processor is programmed or configured to: determine whether to allow the software agent of the client device to access the online information source based on the first hash value, the second hash value, and data associated with the software agent of the client device included in the request to access the online information source; and wherein when processing the request to access the online information source involving the software agent of the client device, the at least one processor is programmed or configured to: allow the software agent to perform the data transaction involving a specific type of data included in the online information source based on the data associated with the software agent of the client device.

[0018] Clause 6: A system according to any one of Clauses 1 to 5, wherein when the second hash value is received from the software agent of the client device, the at least one processor is programmed or configured to: receive from the software agent a request for access to sensitive data included in the online information source, wherein the request for access to the sensitive data included in the online information source includes the second hash value.

[0019] Clause 7: A system according to any one of Clauses 1 to 6, wherein the at least one processor is further programmed or configured to: send an inquiry to the software agent of the client device; and receive a response to the inquiry from the software agent of the client device; wherein when determining whether to allow the software agent of the client device to access the online information source, the at least one processor is programmed or configured to: determine whether to allow the software agent of the client device to access the sensitive data included in the online information source based on the first hash value, the second hash value, and the response to the inquiry from the software agent of the client device.

[0020] Clause 8: A system according to any one of Clauses 1 to 7, wherein the at least one processor is further programmed or configured to: receive an initial access request from the client device, wherein the initial access request is an authorization request for the software agent of the client device to access the online information source; and wherein when the private encryption key of the public / private encryption key pair is sent to the software agent of the client device, the at least one processor is programmed or configured to: send the private encryption key of the public / private encryption key pair to the software agent of the client device based on receiving the initial access request from the client device.

[0021] Clause 9: A computer-implemented method comprising: providing a client device for accessing an online information source using at least one processor; sending a private encryption key from a public / private encryption key pair to a software agent of the client device using at least one processor; receiving a first hash value from the software agent of the client device using at least one processor, wherein the first hash value is generated using the private encryption key; receiving a second hash value from the software agent of the client device using at least one processor; determining, based on the first hash value and the second hash value received from the software agent of the client device, that the software agent is permitted to access the online information source; processing, using at least one processor, a request for access to the online information source relating to the software agent of the client device, wherein processing the request for access to the online information source includes: allowing the software agent to perform a data transaction relating to the online information source based on the determination that the software agent of the client device is permitted to access the online information source; and storing, using at least one processor, a data record associated with the data transaction relating to the online information source in a data structure.

[0022] Clause 10: The method according to Clause 9, wherein storing the data record associated with the data transaction involving the online information source in the data structure comprises: storing the data record associated with the data transaction involving the online information source in a distributed ledger.

[0023] Clause 11: The method according to Clause 9 or 10 further comprises: storing the first hash value and an identifier of the software agent of the client device in a data structure, wherein determining that the software agent of the client device is permitted to access the online information source comprises: retrieving the first hash value from the data structure based on the identifier of the software agent of the client device; comparing a second hash value received from the software agent with the first hash value retrieved from the data structure; and determining that the software agent of the client device is permitted to access the online information source based on determining that the second hash value received from the software agent corresponds to the first hash value retrieved from the data structure.

[0024] Clause 12: The method according to any one of Clauses 9 to 11, wherein receiving the second hash value from the software agent comprises: receiving a request from the software agent for access to the online information source, wherein the request for access to the online information source includes the second hash value and data associated with the software agent of the client device.

[0025] Clause 13: The method according to any one of Clauses 9 to 12 further comprises: wherein determining that the software agent of the client device is permitted to access the online information source includes: determining that the software agent of the client device is permitted to access the online information source based on the first hash value, the second hash value, and data associated with the software agent of the client device included in the request to access the online information source; and wherein processing the request to access the online information source involving the software agent of the client device includes: allowing the software agent to perform the data transaction involving a specific type of data included in the online information source based on the data associated with the software agent of the client device.

[0026] Clause 14: The method according to any one of Clauses 9 to 13 further includes: sending an inquiry question to the software agent of the client device; and receiving a response to the inquiry question from the software agent of the client device; wherein determining that the software agent of the client device is permitted to access the online information source includes: determining that the software agent of the client device is permitted to access sensitive data included in the online information source based on the first hash value from the software agent of the client device, the second hash value, and the response to the inquiry question.

[0027] Clause 15: The method according to any one of Clauses 9 to 14 further comprises: receiving an initial access request from the client device, wherein the initial access request is an authorization request for the software agent of the client device to access the online information source; and wherein sending the private encryption key of the public / private encryption key pair to the software agent of the client device comprises: sending the private encryption key of the public / private encryption key pair to the software agent of the client device based on receiving the initial access request from the client device.

[0028] Clause 16: A computer program product comprising at least one non-transitory computer-readable medium, the at least one non-transitory computer-readable medium comprising one or more instructions, the one or more instructions causing the at least one processor, when executed by at least one processor, to: provide a client device for accessing an online information source; send a private encryption key from a public / private encryption key pair to a software agent of the client device; receive a first hash value from the software agent of the client device, wherein the first hash value is generated using the private encryption key; receive a second hash value from the software agent of the client device; determine, based on the first hash value and the second hash value received from the software agent of the client device, whether to allow the software agent to access the online information source; process a request for access to the online information source involving the software agent of the client device, wherein when processing the request for access to the online information source, the at least one processor is programmed or configured to: allow the software agent to perform a data transaction involving the online information source based on the determination that the software agent of the client device is allowed to access the online information source; and store data records associated with the data transaction involving the online information source in a distributed ledger.

[0029] Clause 17: A computer program product according to Clause 16, wherein one or more instructions causing the at least one processor to receive the second hash value from the software agent of the client device cause the at least one processor to: receive from the software agent a request to access the online information source, wherein the request to access the online information source includes the second hash value and data associated with the software agent of the client device.

[0030] Clause 18: A computer program product according to Clause 16 or 17, wherein one or more instructions causing the at least one processor to determine whether to allow the software agent of the client device to access the online information source cause the at least one processor to: determine whether to allow the software agent of the client device to access the online information source based on the first hash value, the second hash value, and data associated with the software agent of the client device included in the request to access the online information source; and wherein the at least one processor to process the one or more instructions relating to the software agent of the client device regarding the request to access the online information source cause the at least one processor to: allow the software agent to perform the data transaction relating to a specific type of data included in the online information source based on the data associated with the software agent of the client device.

[0031] Clause 19: A computer program product pursuant to any one of Clauses 16 to 18, wherein one or more instructions causing the at least one processor to receive the second hash value from the software agent of the client device cause the at least one processor to: receive from the software agent a request for access to sensitive data included in the online information source, wherein the request for access to the sensitive data included in the online information source includes the second hash value.

[0032] Clause 20: A computer program product according to any one of Clauses 16 to 19, wherein the at least one processor is further programmed or configured to: send an inquiry to the software agent of the client device; and receive a response to the inquiry from the software agent of the client device; wherein the one or more instructions causing the at least one processor to determine whether to allow the software agent of the client device to access the online information source cause the at least one processor to: determine whether to allow the software agent of the client device to access the sensitive data included in the online information source based on the first hash value, the second hash value, and the response to the inquiry from the software agent of the client device.

[0033] The operational methods and manufacturing economics of these and other features and characteristics of this disclosure, as well as the combinations of related structural elements and parts, will become more apparent after considering the following description and appended claims with reference to the accompanying drawings, all of which form part of this specification, wherein similar reference numerals in the drawings indicate corresponding parts. However, it should be clearly understood that the drawings are for illustrative and descriptive purposes only and are not intended to be construed as limiting the scope of this disclosure. Unless the context clearly requires otherwise, the singular forms “a” and “described” as used in this specification and claims include plural indicators. Attached Figure Description

[0034] Figure 1 A diagram is a non-limiting embodiment or aspect of a system for verifying software agents in a robotic process automation (RPA) system;

[0035] Figure 2 yes Figure 1 A diagram of a non-limiting embodiment or aspect of a component of one or more devices and / or one or more systems;

[0036] Figure 3 This is a flowchart of a non-limiting embodiment or aspect of a process for verifying the software agent of an RPA system;

[0037] Figure 4A and 4B It is a diagram of a non-limiting embodiment or aspect of a distributed ledger; and

[0038] Figure 5A-5G This is a diagram illustrating a non-limiting embodiment or aspect of a process for verifying software agents in an RPA system. Detailed Implementation

[0039] For descriptive purposes, the terms “end,” “upper,” “lower,” “right,” “left,” “vertical,” “horizontal,” “top,” “bottom,” “lateral,” “longitudinal,” and their derivatives are intended to refer to the orientation of this disclosure as shown in the accompanying drawings. However, it should be understood that various alternative variations and sequences of steps may be employed in this disclosure, except where explicitly specified otherwise. It should also be understood that the specific apparatus and processes illustrated in the drawings and described in the following description are merely exemplary embodiments or aspects of this disclosure. Therefore, unless otherwise indicated, specific dimensions and other physical characteristics relating to the embodiments or aspects or facets of the embodiments disclosed herein should not be considered limiting.

[0040] The terms "aspects," "components," "elements," "elements," "structures," "actions," "steps," "functions," and "instructions" used herein should not be construed as critical or essential unless explicitly stated otherwise. Furthermore, as used herein, the article "a" is intended to include one or more items and is interchangeable with "one or more" and "at least one." Additionally, as used herein, the term "set" is intended to include one or more items (e.g., related items, unrelated items, combinations of related and unrelated items, etc.) and is interchangeable with "one or more" or "at least one." Where only one item is desired, the term "a" or similar language is used. Also, as used herein, the terms "having" and similar expressions are intended to be open-ended terms. Furthermore, unless explicitly stated otherwise, the phrase "based on" is intended to mean "at least partially based on."

[0041] As used herein, the terms "communication" and "transmission" can refer to the receipt, acceptance, sending, transmission, provisioning, etc., of information (e.g., data, signals, messages, instructions, commands, etc.). Communication between one unit (e.g., a device, system, component of a device or system, combination thereof, etc.) and another unit means that the first unit is able to receive information directly or indirectly from and / or transmit (e.g., send) information to the other unit. This can refer to a direct or indirect connection that is inherently wired and / or wireless. Furthermore, although the transmitted information may be modified, processed, relayed, and / or routed between the first and second units, the two units can also communicate with each other. For example, the first unit can communicate with the second unit even if it passively receives information and does not actively send information to the second unit. As another example, the first unit can communicate with the second unit if at least one intermediate unit (e.g., a third unit located between the first and second units) processes information received from the first unit and sends the processed information to the second unit. In some non-limiting embodiments or aspects, a message can refer to a network packet (e.g., a data packet, etc.) that includes data.

[0042] As used herein, the terms “issuer,” “issuer institution,” “issuer bank,” or “payment device issuer” can refer to one or more entities that provide accounts to individuals (e.g., users, customers, etc.) for making payment transactions such as credit payment transactions and / or debit payment transactions. For example, an issuer institution may provide a customer with an account identifier, such as a primary account number (PAN), that uniquely identifies one or more accounts associated with said customer. In some non-limiting embodiments or aspects, an issuer may be associated with a bank identification number (BIN) that uniquely identifies the issuer institution. As used herein, “issuer system” can refer to one or more computer systems operated by or on behalf of an issuer, such as a server executing one or more software applications. For example, an issuer system may include one or more authorization servers for authorizing transactions.

[0043] As used herein, the term "account identifier" can refer to one or more types of identifiers associated with an account (e.g., a primary account number (PAN) associated with an account, a card number associated with an account, a payment card number associated with an account, a token associated with an account, etc.). In some non-limiting embodiments or aspects, the issuer may provide an account identifier (e.g., PAN, token, etc.) to a user (e.g., an account holder) that uniquely identifies one or more accounts associated with that user. The account identifier may be embodied in a payment device (e.g., a physical instrument for making payment transactions, such as a payment card, credit card, debit card, gift card, etc.) and / or may be electronic information conveyed to the user, which the user can use for electronic payment transactions. In some non-limiting embodiments or aspects, the account identifier may be an original account identifier, wherein the original account identifier is provided to the user when an account associated with the account identifier is created. In some non-limiting embodiments or aspects, the account identifier may be a supplementary account identifier, which may include an account identifier provided to the user after the original account identifier has been provided to the user. For example, a supplementary account identifier may be provided to the user if the original account identifier has been forgotten, stolen, etc. In some non-limiting embodiments or aspects, the account identifier may be directly or indirectly associated with an issuing authority, such that the account identifier may be a token mapped to a PAN or other type of account identifier. The account identifier may be any combination of alphanumeric characters, characters, and / or symbols, etc.

[0044] As used herein, the term "token" can refer to an account identifier used as a substitute for or replacement of another account identifier (e.g., a PAN). A token can be associated with a PAN or another original account identifier in one or more data structures (e.g., one or more databases, etc.) such that the token can be used for payment transactions without directly using the original account identifier. In some non-limiting embodiments or aspects, an original account identifier such as a PAN can be associated with multiple tokens for different individuals or purposes. In some non-limiting embodiments or aspects, a token can be associated with a PAN or other account identifiers in one or more data structures such that the token can be used for transactions without directly using the PAN or other account identifiers. In some examples, an account identifier such as a PAN can be associated with multiple tokens for different uses or purposes.

[0045] As used herein, the term "merchant" can refer to one or more entities (e.g., operators of retail businesses) that provide goods and / or services and / or access to goods and / or services to users (e.g., customers, consumers) based on transactions such as payment transactions. As used herein, "merchant system" can refer to one or more computer systems operated by or on behalf of a merchant, such as servers executing one or more software applications. As used herein, the term "product" can refer to one or more goods and / or services provided by a merchant.

[0046] As used herein, the term "point-of-sale (POS) device" can refer to one or more devices that a merchant can use to conduct transactions (e.g., payment transactions) and / or process transactions. For example, a POS device may include one or more client devices. Alternatively or additionally, a POS device may include peripheral devices, card readers, scanning devices (e.g., barcode scanners), Communication receivers, near field communication (NFC) receivers, radio frequency identification (RFID) receivers and / or other contactless transceivers or receivers, contact-based receivers, payment terminals, etc.

[0047] As used herein, the term "point-of-sale (POS) system" can refer to one or more client devices and / or peripheral devices used by a merchant to conduct transactions. For example, a POS system may include one or more POS devices, and / or other similar devices that can be used to conduct payment transactions. In some non-limiting embodiments or aspects, a POS system (e.g., a merchant POS system) may include one or more server computers programmed or configured to process online payment transactions via web pages, mobile applications, etc.

[0048] As used herein, the term "transaction service provider" can refer to an entity that receives transaction authorization requests from merchants or other entities and, in some cases, provides payment guarantees through an agreement between the transaction service provider and the issuing institution. For example, a transaction service provider may include a payment network, such as... American Or any other entity that processes transactions. As used herein, the term "transaction service provider system" can refer to one or more computer systems operated by or on behalf of a transaction service provider, such as a transaction service provider system executing one or more software applications. A transaction service provider system may include one or more processors and, in some non-limiting embodiments or aspects, may be operated by or on behalf of a transaction service provider.

[0049] As used herein, the term "payment device" can refer to payment cards (such as credit or debit cards), gift cards, smart cards, smart media, pay cards, healthcare cards, wristbands, machine-readable media containing account information, keychain devices or pendants, RFID transponders, retailer discount or membership cards, etc. Payment devices may include volatile or non-volatile memory to store information (e.g., account identifiers, account holder's name, etc.).

[0050] As used herein, the terms "client" and "client device" can refer to one or more computing devices, such as processors, storage devices, and / or similar computer components that access services available from a server. In some non-limiting embodiments or aspects, "client device" can refer to one or more devices that facilitate payment transactions, such as POS devices and / or POS systems used by merchants. In some non-limiting embodiments or aspects, a client device can include electronic devices configured to communicate with one or more networks and / or facilitate payment transactions, such as, but not limited to, one or more desktop computers, one or more portable computers (e.g., tablet computers), one or more mobile devices (e.g., cellular phones, smartphones, personal digital assistants (PDAs), wearable devices such as watches, glasses, lenses, and / or clothing), and / or other similar devices. Furthermore, "client" can also refer to an entity that owns, utilizes, and / or operates a client device to facilitate payment transactions with a transaction service provider, such as a merchant.

[0051] As used herein, the term "server" can refer to one or more computing devices, such as processors, storage devices, and / or similar computer components, that communicate with client devices and / or other computing devices on a network such as the Internet or a private network, and in some examples, facilitate communication between other servers and / or client devices.

[0052] As used herein, the term "system" may refer to one or more computing devices or combinations of computing devices, such as, but not limited to, processors, servers, client devices, software applications, and / or other similar components. Furthermore, as used herein, references to "server" or "processor" may refer to the server and / or processor previously stated to perform the preceding steps or functions, different servers and / or processors, and / or combinations of servers and / or processors. For example, as used in the specification and claims, a first server and / or first processor stated to perform a first step or function may refer to the same or different servers and / or processors stated to perform a second step or function.

[0053] Improved systems, methods, and computer program products for verifying software agents in an RPA system are provided. In some non-limiting embodiments or aspects, a system, such as an RPA management system, may include: at least one processor programmed or configured to: provide a client device for accessing an online information source; send a private encryption key from a public / private encryption key pair to a software agent of the client device; receive a hash value from the software agent of the client device, wherein the hash value is generated using the private encryption key; determine, based on the hash value received from the software agent of the client device, whether to allow the software agent to access the online information source; process requests for access to the online information source involving the software agent of the client device; and store data records associated with data transactions performed by the software agent of the client device in a data structure.

[0054] In this way, in non-limiting embodiments or aspects of the system, the system can prevent the software agent from accessing excessive information from online information sources. Additionally, the system can allow the software agent to access online information sources without using access credentials, and therefore eliminates the need for the software agent to store access credentials in insecure locations. Furthermore, non-limiting embodiments or aspects of the system can also allow the software agent to access secure information (e.g., sensitive data) from online sources. In this way, the system can allow the software agent to access online information sources that are part of a legacy system without reconfiguring the online information sources and / or moving them to the updated system.

[0055] Now for reference Figure 1 , Figure 1 This is a diagram of an example environment 100 in which the apparatus, systems, methods, and / or products described herein can be implemented. Figure 1 As shown, environment 100 includes a robotic process automation (RPA) management system 102, an RPA database device 104, a network server 106, one or more software agents 110-1 to 110-N (N≥1) (hereinafter collectively referred to as "software agents 110", and individually as "software agent 110"), and a communication network 112. The RPA management system 102, RPA database device 104, network server 106, and software agents 110 can be interconnected via wired connections, wireless connections, or a combination of wired and wireless connections (e.g., establishing communication connections).

[0056] RPA management system 102 may include one or more devices configured to communicate with web server 106, client device 108, and / or software agent 110 via communication network 112. For example, RPA management system 102 may include one or more computing devices, such as one or more servers, one or more server groups, etc. In some non-limiting embodiments or aspects, RPA management system 102 may be associated with a transaction service provider.

[0057] RPA database device 104 may include one or more devices configured to communicate with RPA management system 102. For example, RPA database device 104 may include one or more computing devices, such as one or more servers. In some non-limiting embodiments or aspects, RPA management system 102 may store data (e.g., data records) in and / or retrieve data from RPA database device 104. In some non-limiting embodiments or aspects, RPA database device 104 may be associated with a transaction service provider.

[0058] Web server 106 may include one or more devices configured to communicate with RPA management system 102, client device 108, and / or software agent 110 via communication network 112. For example, web server 106 may include one or more servers, one or more server groups, etc. In some non-limiting embodiments or aspects, web server 106 may be associated with a transaction service provider (e.g., a transaction service provider also associated with RPA management system 102). In some non-limiting embodiments or aspects, web server 106 may be a component of RPA management system 102. In some non-limiting embodiments or aspects, web server 106 may include devices separate from RPA management system 102.

[0059] Client device 108 may include one or more devices configured to communicate with RPA management system 102 and / or web server 106 via communication network 112. For example, client device 108 may include a smartphone, tablet, laptop, desktop computer, etc. In some non-limiting embodiments or aspects, client device 108 may be associated with a user (e.g., an individual operating client device 108). For example, client device 108 may be associated with a user performing an operation using client device 108 (e.g., an operation associated with accessing online resources or online services). In some non-limiting embodiments or aspects, client device 108 may subscribe to services associated with accessing online information sources provided by a transaction service provider (e.g., a transaction service provider associated with RPA management system 102).

[0060] Software agent 110 (e.g., each software agent in software agent 110) may include one or more devices configured to communicate with RPA management system 102 and / or web server 106 via communication network 112. For example, software agent 110 may include a smartphone, tablet, laptop, desktop computer, etc. In some non-limiting embodiments or aspects, software agent 110 may include one or more devices configured to perform operations associated with a software agent (e.g., an automated program) within the RPA system. In some non-limiting embodiments or aspects, software agent 110 may be a component of client device 108. In some non-limiting embodiments or aspects, software agent 110 may include devices separate from client device 108.

[0061] The communication network 112 may include one or more wired and / or wireless networks. For example, the communication network 112 may include cellular networks (e.g., Long Term Evolution (LTE) networks, third-generation (3G) networks, fourth-generation (4G) networks, Code Division Multiple Access (CDMA) networks, etc.), Public Land Mobile Networks (PLMN), Local Area Networks (LAN), Wide Area Networks (WAN), Metropolitan Area Networks (MAN), Telephone Networks (e.g., Public Switched Telephone Network (PSTN)), Private Networks, Special Purpose Networks, Intranets, the Internet, Fiber-based Networks, Cloud Computing Networks, etc., and / or combinations of some or all of these or other types of networks.

[0062] Provided as an example Figure 1 The number and arrangement of systems and / or devices are shown. Additional systems and / or devices, fewer systems and / or devices, different systems and / or devices, or devices may exist in conjunction with... Figure 1 The systems and / or devices shown are arranged in different ways. Furthermore, they can be implemented within a single system and / or a single device. Figure 1 The two or more systems and / or devices shown, or Figure 1 The single system or device shown may be implemented as multiple distributed systems or devices. Alternatively, a group of systems or devices in environment 100 (e.g., one or more systems, one or more devices) may perform one or more functions described as being performed by another group of systems or devices in environment 100.

[0063] Now for reference Figure 2 , Figure 2This is a diagram illustrating example components of device 200. Device 200 may correspond to one or more devices of RPA management system 102, web server 106, client device 108, and / or software agent 110. In some non-limiting embodiments or aspects, RPA management system 102, web server 106, client device 108, and / or software agent 110 may include at least one device 200 and / or at least one component of device 200. Figure 2 As shown, device 200 may include bus 202, processor 204, memory 206, storage component 208, input component 210, output component 212, and communication interface 214.

[0064] Bus 202 may include components that enable communication between components of device 200. In some non-limiting embodiments or aspects, processor 204 may be implemented in hardware, software, or a combination of hardware and software. For example, processor 204 may include a processor (e.g., a central processing unit (CPU), graphics processing unit (GPU), accelerated processing unit (APU), etc.), microprocessor, digital signal processor (DSP), and / or any processing component that can be programmed to perform functions (e.g., a field-programmable gate array (FPGA), application-specific integrated circuit (ASIC), etc.). Memory 206 may include random access memory (RAM), read-only memory (ROM), and / or another type of dynamic or static storage device (e.g., flash memory, magnetic memory, optical memory, etc.) that stores information and / or instructions for use by processor 204.

[0065] Storage component 208 may store information and / or software associated with the operation and use of device 200. For example, storage component 208 may include hard disk (e.g., magnetic disk, optical disk, magneto-optical disk, solid-state disk, etc.), compressed optical disk (CD), digital versatile optical disk (DVD), floppy disk, cassette tape, magnetic tape and / or another type of computer-readable medium, and corresponding drives.

[0066] Input component 210 may include components that allow device 200 to receive information, such as via user input (e.g., touchscreen display, keyboard, keypad, mouse, buttons, switches, microphone, camera, etc.). Alternatively, input component 210 may include sensors for sensing information (e.g., Global Positioning System (GPS) components, accelerometers, gyroscopes, actuators, etc.). Output component 212 may include components that provide output information from device 200 (e.g., display, speaker, one or more light-emitting diodes (LEDs), etc.).

[0067] Communication interface 214 may include transceiver components (e.g., transceiver, separate receiver and transmitter, etc.) that enable device 200 to communicate with other devices, for example, via a wired connection, a wireless connection, or a combination of wired and wireless connections. Communication interface 214 may allow device 200 to receive information from another device and / or provide information to another device. For example, communication interface 214 may include an Ethernet interface, an optical interface, a coaxial interface, an infrared interface, a radio frequency (RF) interface, a universal serial bus (USB) interface, etc. Interfaces, cellular network interfaces, etc.

[0068] Apparatus 200 can perform one or more processes described herein. Apparatus 200 can perform these processes based on software instructions stored in a computer-readable medium, such as memory 206 and / or storage component 208, executed by processor 204. Computer-readable medium (e.g., non-transient computer-readable medium) is defined herein as a non-transient memory device. A non-transient memory device includes memory space located within a single physical storage device or memory space distributed across multiple physical storage devices.

[0069] Software instructions may be read from another computer-readable medium or from another device into memory 206 and / or storage component 208 via communication interface 214. When executed, the software instructions stored in memory 206 and / or storage component 208 may cause processor 204 to perform one or more processes described herein. Alternatively or additionally, hard-wired circuitry may be used in place of or in combination with the software instructions to perform one or more processes described herein. Therefore, the embodiments or aspects described herein are not limited to any particular combination of hardware circuitry and software.

[0070] The memory 206 and / or storage component 208 may include a data storage device or one or more data structures (e.g., a database). The device 200 is capable of receiving information from the data storage device or one or more data structures in the memory 206 and / or storage component 208, storing information in the data storage device or one or more data structures, conveying information to the data storage device or one or more data structures, or searching for information stored therein. For example, the information may include input data, output data, transaction data, account data, or any combination thereof.

[0071] supply Figure 2 The number and arrangement of components shown are for illustrative purposes only. In some non-limiting embodiments or aspects, with Figure 2Compared to those shown, device 200 may include additional components, fewer components, different components, or components arranged in a different manner. Alternatively, a set of components of device 200 (e.g., one or more components) may perform one or more functions described as being performed by another set of components of device 200.

[0072] Now for reference Figure 3 , Figure 3 This is a flowchart of a non-limiting embodiment or aspect of a process 300 for verifying software agents in an RPA system. In some non-limiting embodiments or aspects, one or more functions described regarding process 300 may be performed by the RPA management system 102 (e.g., wholly, partially, etc.). In some non-limiting embodiments or aspects, one or more steps of process 300 may be performed by another apparatus or group of apparatuses (e.g., wholly, partially, etc.) separate from and / or including the RPA management system 102, such as RPA database apparatus 104, web server 106, client apparatus 108, and / or software agents 110 (e.g., one or more software agents among software agents 110).

[0073] like Figure 3As shown, in step 302, process 300 may include providing a client device for access. For example, RPA management system 102 may provide a client device 108 for accessing online services (e.g., online services associated with online information sources) and / or online resources (e.g., online resources associated with online information sources) provided by a transaction service provider (e.g., the transaction service provider operating RPA management system 102 and / or web server 106). In some non-limiting embodiments or aspects, RPA management system 102 may provide a client for accessing online services and / or online resources by issuing a digital certificate to client device 108 for authentication of client device 108. For example, RPA management system 102 may provide a client for accessing online services and / or online resources by issuing a digital certificate to client device 108 for mutual authentication of client device 108 (e.g., mutual transport layer security (mTLS) authentication). In some non-limiting embodiments or aspects, RPA management system 102 may provide a client device 108 for accessing online services and / or online resources based on authentication of client device 108. For example, the RPA management system 102 may provide access to online services and / or online resources to client device 108 based on verifying the identity of the user associated with client device 108 (e.g., the financial institution operating client device 108). In some non-limiting embodiments or aspects, the RPA management system 102 may verify the identity of the user associated with client device 108 based on, for example, a financial institution identifier (e.g., a bank identification number (BIN), bank identifier (BID), or other user identifiers).

[0074] In some non-limiting embodiments or aspects, the RPA management system 102 may provide client device 108 for accessing online services and / or online resources based on an authentication request from client device 108. For example, the RPA management system 102 may provide client device 108 for accessing online services and / or online resources based on a request received from client device 108. In some non-limiting embodiments or aspects, the authentication request from client device 108 may include data associated with the requested operation (e.g., permission to access an online service) and / or an identifier of the user associated with client device 108. In some non-limiting embodiments or aspects, the RPA management system 102 may send a digital certificate issued to client device 108 based on (e.g., in response to) the authentication request from client device 108. In some non-limiting embodiments or aspects, the RPA management system 102 may send an authentication response based on (e.g., in response to) the authentication request from client device 108, wherein the authentication response may include a digital certificate issued to client device 108.

[0075] In some non-limiting embodiments or aspects, the RPA management system 102 may provide a client device 108 for accessing online information sources (e.g., online services or online resources associated with online information sources). For example, the RPA management system 102 may provide a client device 108 for accessing online information sources associated with the web server 106.

[0076] In some non-limiting embodiments or aspects, online information sources may include non-sensitive data sources and / or sensitive data sources. In some non-limiting embodiments or aspects, online information sources may include transaction data sources associated with payment transactions processed by a transaction service provider (e.g., a transaction service provider operating RPA management system 102 and / or web server 106). In some non-limiting embodiments or aspects, transaction data associated with payment transactions (e.g., transactions involved in credit accounts) may include sensitive data associated with a party participating in the payment transaction. For example, transaction data associated with a payment transaction may include Payment Card Industry (PCI) information (e.g., the account number of the account holder participating in the payment transaction, the expiration date of the account holder participating in the payment transaction, the card verification value (CVV) of the payment device (e.g., payment card) participating in the payment transaction, etc.), the account holder's Personally Identifiable Information (PII) (e.g., the account holder's name, address, email address, telephone number, social security number, etc.) and / or other sensitive data associated with the account holder participating in the payment transaction.

[0077] In some non-limiting embodiments or aspects, the RPA management system 102 may provide one or more client devices 108 (e.g., one or more client devices 108). For example, the RPA management system 102 may provide one or more clients for accessing online information sources (e.g., online information sources associated with transaction service providers) based on subscriptions by one or more client devices that allow access to online information sources.

[0078] In some non-limiting embodiments or aspects, the RPA management system 102 may provide one or more software agents 110 (e.g., one or more software agents 110 associated with client device 108) for accessing online information sources. For example, the RPA management system 102 may provide one or more software agents 110 for accessing online information sources by providing software agent credential data associated with access credentials for the online information source. In some non-limiting embodiments or aspects, the software agent credential data associated with access credentials for the online information source may include data associated with the software agent's identifier, such as a software agent identifier (e.g., a unique identifier for the software agent), data associated with the software agent's role, such as a software agent role identifier (e.g., a unique identifier of the operation to be performed by the software agent and / or an indication of a specific type of data upon which the software agent will perform the operation), and / or a private encryption key from a public / private encryption key pair to be assigned to one or more software agents 110. In some non-limiting embodiments or aspects, the RPA management system 102 may generate public / private encryption key pairs to be assigned to one or more software agents 110. In some non-limiting embodiments or aspects, software agent credential data associated with access credentials to an online information source may be used by the RPA management system 102 to determine whether to allow one or more software agents 110 to access the online information source.

[0079] In some non-limiting embodiments or aspects, the RPA management system 102 may provide access to one or more software agents 110 for accessing an online information source based on an initial access request. For example, the RPA management system 102 may provide access to one or more software agents 110 for accessing an online information source based on an initial access request received from a client device 108. In some non-limiting embodiments or aspects, the initial access request is an authorization request for one or more software agents 110 of the client device 108 to access the online information source. In some non-limiting embodiments or aspects, the initial access request may include data associated with a digital certificate issued to the client device 108, data associated with an identifier of the client device 108, data associated with one or more identifiers of one or more software agents 110, and / or data associated with one or more roles of one or more software agents 110 (e.g., operations to be performed by one or more software agents).

[0080] In some non-limiting embodiments or aspects, the RPA management system 102 may receive an initial access request from the client device 108, and the RPA management system 102 may generate software agent credential data associated with the access credentials of the online information source. The RPA management system 102 may send the software agent credential data associated with the access credentials of the online information source to the client device 108. In some non-limiting embodiments or aspects, the RPA management system 102 may send an initial access response to the client device 108, wherein the initial access response includes the software agent credential data associated with the access credentials of the online information source. In some non-limiting embodiments or aspects, the RPA management system 102 may send a private encryption key from a public / private encryption key pair to be assigned to one or more software agents 110 based on (e.g., in response to) the initial access request from the client device 108.

[0081] In some non-limiting embodiments or aspects, the RPA management system 102 may store software agent credential data associated with access credentials for one or more software agents 110 to an online information source. For example, the RPA management system 102 may store software agent credential data such that software agent credential data (e.g., software agent identifier, software agent role identifier, and / or a private encryption key in a public / private encryption key pair) is assigned to one or more software agents 110. In some non-limiting embodiments or aspects, the RPA management system 102 may store the software agent credential data in an RPA database device 104.

[0082] like Figure 3 As shown, in step 304, process 300 may include receiving an initial hash value from a software agent associated with the client device. For example, RPA management system 102 may receive an initial hash value from software agent 110 associated with client device 108. In some non-limiting embodiments or aspects, RPA management system 102 may receive an initial (e.g., first) hash value from software agent 110 associated with client device 108 as part of the initialization process of software agent 110. In such examples, RPA management system 102 may receive the initial hash value from software agent 110 before software agent 110 requests access to an online information source (e.g., requests access to an online information source for data transactions to retrieve information from the online information source). In some non-limiting embodiments or aspects, RPA management system 102 may receive one or more initial hash values ​​from one or more software agents 110 associated with client device 108.

[0083] In some non-limiting embodiments or aspects, an initial hash value may be generated (e.g., generated by the software agent 110) using a private encryption key associated with the software agent 110. For example, the initial hash value may be generated using a private encryption key generated by the RPA management system 102 and assigned to the software agent 110 (e.g., a private encryption key for software agent credential data associated with access credentials for an online information source). In some non-limiting embodiments or aspects, the initial hash value may be generated using the private encryption key as a hash value based on the software agent credential data associated with access credentials for an online information source assigned to the software agent 110 (e.g., the hash value of the software agent credential data). For example, the initial hash value may be generated as a hash value of data associated with an identifier of the software agent 110 (e.g., a software agent identifier assigned to the software agent 110), data associated with a role of the software agent (e.g., a software agent role identifier assigned to the software agent 110), and / or a hash value of a private encryption key assigned to the software agent 110. Alternatively, the initial hash value can be generated as a hash value of the Internet Protocol address of the software agent 110, the Media Access Control (MAC) address of the software agent 110, and / or other identification parameters of the software agent 110 (e.g., device fingerprint, machine fingerprint, browser fingerprint, etc.).

[0084] In some non-limiting embodiments or aspects, the RPA management system 102 may store the initial hash value received from the software agent 110. For example, the RPA management system 102 may store the initial hash value in a data structure of the RPA database device 104, wherein the initial hash value is stored together with data associated with the software agent 110 (e.g., assigned to said data), such as the software agent identifier of the software agent 110, the software agent role identifier of the software agent 110, and / or the private encryption key of the software agent 110.

[0085] like Figure 3As shown, in step 306, process 300 may include determining whether to allow the software agent to access the online information source. For example, the RPA management system 102 may determine whether to allow the software agent 110 to access the online information source (e.g., determine whether to authenticate the software agent 110 to access the online information source). In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow access to the online information source based on a request to access the online information source (e.g., as part of a request to access the online information source for data transactions to retrieve information from the online information source). For example, the RPA management system 102 may determine whether to allow access to the online information source based on data included in the request to access the online information source sent by the software agent 110. In some non-limiting embodiments or aspects, the request to access the online information source may include a hash value (e.g., a hash value received after an initial hash value, a second hash value, etc.) and / or data associated with the software agent 110, such as data associated with the role of the software agent 110. In some non-limiting embodiments or aspects, the RPA management system 102 may receive hash values ​​and / or data associated with the software agent 110, and the RPA management system 102 may determine whether to allow access to online information sources based on the hash values ​​and / or data associated with the software agent 110.

[0086] In some non-limiting embodiments or aspects, a private encryption key associated with software agent 110 can be used to generate a hash value included in a request for access to an online information source as a hash value based on software agent credential data associated with access credentials for the online information source assigned to software agent 110 (e.g., the hash value of the software agent credential data). For example, the hash value can be generated as data associated with an identifier of software agent 110 (e.g., a software agent identifier assigned to software agent 110), data associated with a role of the software agent (e.g., a software agent role identifier assigned to software agent 110), and / or a hash value assigned to a private encryption key of software agent 110. Alternatively or additionally, the hash value can be generated as a hash value of the Internet Protocol address of software agent 110, the MAC address of software agent 110, and / or other identifying parameters of software agent 110 (e.g., device fingerprint, machine fingerprint, browser fingerprint, etc.). In some non-limiting embodiments or aspects, the RPA management system 102 may receive a request for access to an online information source sent by the software agent 110, and the RPA management system 102 may obtain a hash value from the request. In some non-limiting embodiments or aspects, the RPA management system 102 may retrieve an initial hash value from the data structure of the RPA database device 104. For example, the RPA management system 102 may retrieve an initial hash value from the data structure based on a hash value received from the software agent 110.

[0087] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow access to an online information source based on a hash value sent by the software agent 110. For example, the software agent 110 may send a hash value as part of a request to access the online information source to the RPA management system 102. The RPA management system 102 may receive the hash value from the software agent 110, and the RPA management system 102 may compare the hash value received as part of the request to access the online information source with a hash value assigned to the software agent 110 (e.g., an initial hash value) (e.g., a hash value stored in the RPA database device 104 assigned to the software agent 110). If the RPA management system 102 determines that the hash value received as part of the request to access the online information source corresponds to the hash value assigned to the software agent 110, the RPA management system 102 may determine that the software agent 110 is allowed to access the online information source. If the RPA management system 102 determines that the hash value received as part of a request to access an online information source does not correspond to the hash value assigned to the software agent 110, the RPA management system 102 may determine that the software agent 110 is not allowed to access the online information source.

[0088] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow access to an online information source based on a hash value received as part of a request to access an online information source and data associated with software agent 110. For example, software agent 110 may send a hash value to the RPA management system 102 along with data associated with the role of software agent 110, such as a software agent role identifier, as part of the request to access an online information source. The RPA management system 102 may receive the hash value received as part of the request to access an online information source and the data associated with the role of software agent 110, and the RPA management system 102 may compare the hash value and the data associated with the role of software agent 110 with a hash value (e.g., an initial hash value) assigned to software agent 110 and the data associated with the role of software agent 110. If the RPA management system 102 determines that the hash value received as part of a request to access an online information source and the data associated with the role of software agent 110 correspond to the hash value and data associated with the role of software agent 110, then the RPA management system 102 may determine to allow software agent 110 to access the online information source. If the RPA management system 102 determines that the hash value received as part of a request to access an online information source and the data associated with the role of software agent 110 do not correspond to the hash value and data associated with the role of software agent 110, then the RPA management system 102 may determine to disallow software agent 110 to access the online information source.

[0089] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow the first software agent 110 to access the online information source based on a hash value received as part of a request from the first software agent 110 to access the online information source and a hash value received from the second software agent 110. For example, the first software agent 110 may send a hash value as part of its request to access the online information source to the RPA management system 102. The RPA management system 102 may receive the hash value from the software agent 110, and the RPA management system 102 may compare the hash value received as part of the request to access the online information source with a hash value assigned to the software agent 110 (e.g., an initial hash value) (e.g., a hash value stored in the RPA database device 104 assigned to the software agent 110). If the RPA management system 102 determines that the hash value received as part of the request from the first software agent 110 corresponds to a hash value assigned to the first software agent 110, the RPA management system 102 may request the hash value from the second software agent 110. If the RPA management system 102 determines that the hash value received from the second software agent 110 corresponds to the hash value assigned to the second software agent 110, then the RPA management system 102 may determine to allow the first software agent 110 to access the online information source.

[0090] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow the software agent 110 to access sensitive data included in an online information source (e.g., a sensitive data source included in the online information source). For example, the software agent 110 may send a request to the RPA management system 102 for access to sensitive data included in the online information source. The RPA management system 102 may receive the request, and the RPA management system 102 may determine that the request is for access to sensitive data included in the online information source. The RPA management system 102 may send one or more queries to the software agent 110, and the software agent 110 may receive the one or more queries. The software agent 110 may generate a hash value (e.g., using a private encryption key associated with the software agent 110 to generate a hash value based on software agent credential data associated with access credentials for the online information source assigned to the software agent 110) and a response to the one or more queries, and the software agent 110 may send the hash value and the response to the one or more queries to the RPA management system 102. In some non-limiting embodiments or aspects, one or more query questions may include previously agreed knowledge-based query questions, query questions including one-time random number expressions, and / or general query questions that can be solved by the software agent 110.

[0091] In the above example, the RPA management system 102 can determine whether to allow the software agent 110 to access sensitive data included in the online information source based on the hash value and the response to one or more queries received from the software agent 110. In some non-limiting embodiments or aspects, if the RPA management system 102 determines that the hash value received from the software agent 110 and the response to one or more queries correspond to the hash value assigned to the software agent 110 and the expected response to one or more queries, then the RPA management system 102 can determine that the software agent 110 is allowed to access the sensitive data included in the online information source. If the RPA management system 102 determines that the hash value received from the software agent 110 and / or the response to one or more queries do not correspond to the hash value assigned to the software agent 110 and / or the expected response to one or more queries, then the RPA management system 102 can determine that the software agent 110 is not allowed to access the sensitive data included in the online information source.

[0092] In some non-limiting embodiments or aspects, the RPA management system 102 may send one or more queries to the software agent 110 based on a hash value received as part of a request for access to sensitive data included in an online information source by the first software agent 110. For example, the RPA management system 102 may receive a hash value, and the RPA management system 102 may determine whether the hash value corresponds to a hash value assigned to the software agent 110. If the RPA management system 102 determines that the hash value corresponds to a hash value assigned to the software agent 110, the RPA management system 102 may send one or more queries to the software agent 110. If the RPA management system 102 determines that the hash value does not correspond to a hash value assigned to the software agent 110, the RPA management system 102 may not send one or more queries to the software agent 110.

[0093] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow the software agent 110 to access sensitive data included in an online information source based on responses to one or more queries received from the software agent 110. For example, the RPA management system 102 may receive responses to one or more queries received from the software agent 110, and the RPA management system 102 may determine whether the responses received from the software agent 110 to the one or more queries correspond to expected responses to the one or more queries. If the RPA management system 102 determines that the responses received from the software agent 110 to the one or more queries correspond to expected responses to the one or more queries, then the RPA management system 102 may determine that the software agent 110 is allowed to access the sensitive data included in the online information source. If the RPA management system 102 determines that the responses received from the software agent 110 to the one or more queries do not correspond to expected responses to the one or more queries, then the RPA management system 102 may determine that the software agent 110 is not allowed to access the sensitive data included in the online information source.

[0094] like Figure 3 As shown, in step 308 (which was "No" in step 306), process 300 may include denying access to the software agent. For example, the RPA management system 102 may deny software agent 110 access to an online information source based on determining that access is not permitted. In some non-limiting embodiments or aspects, the RPA management system 102 may send a message to the client device 108 based on the RPA management system 102 denying software agent 110 access to the online information source. In some non-limiting embodiments or aspects, the message may include an indication of the reason associated with the RPA management system 102 determining that access to the online information source is not permitted.

[0095] like Figure 3 As shown, in step 310 (which is "Yes" in step 306), process 300 may include processing requests involving software agents. For example, RPA management system 102 may process requests involving software agent 110 for access to online information sources. In some non-limiting embodiments or aspects, RPA management system 102 may receive requests for access to online information sources from software agent 110 and determine, based on data included in the request, whether to allow software agent 110 to access the online information source. RPA management system 102 may process requests from software agent 110 for access to online information sources based on the determination that software agent 110 is allowed to access the online information source.

[0096] In some non-limiting embodiments or aspects, the RPA management system 102 may process requests for access to online information sources by allowing software agent 110 to perform operations. For example, the RPA management system 102 may process a request for access to an online information source based on the software agent role identifier of software agent 110 by allowing software agent 110 to perform operations (e.g., accessing an online information source and performing data transactions involving the online information source). In some non-limiting embodiments or aspects, the RPA management system 102 may process requests for access to online information sources based on data associated with the role of software agent 110. For example, the RPA management system 102 may process a request for access to an online information source based on data associated with the role of software agent 110 included in the request. In some non-limiting embodiments or aspects, the RPA management system 102 may allow software agent 110 to perform operations on specific types of data included in the online information source (e.g., only on said specific types of data) based on data associated with the role of software agent 110.

[0097] In some non-limiting embodiments or aspects, the RPA management system 102 may determine, based on data associated with the role of the software agent 110, specific types of data included in online information sources that allow the software agent 110 to perform operations on it. For example, the RPA management system 102 may obtain data associated with the role of the software agent 110 from a request to access an online information source, and the RPA management system 102 may determine, based on the data obtained by the RPA management system 102, specific types of data included in online information sources that allow the software agent 110 to perform operations on it.

[0098] In some non-limiting embodiments or aspects, the RPA management system 102 may determine whether to allow software agent 110 to access a specific type of data included in an online information source (e.g., determine whether to authorize software agent 110 to access a specific type of data included in an online information source). For example, the RPA management system 102 may obtain data associated with the role of software agent 110 from a request to access an online information source. The RPA management system 102 may determine whether the data associated with the role of software agent 110 corresponds to data assigned to software agent 110 associated with the role of software agent 110 (e.g., data stored in a data structure and assigned to software agent 110 associated with the role of software agent 110). If the RPA management system 102 determines that the data associated with the role of software agent 110 corresponds to data assigned to software agent 110 associated with the role of software agent 110, then the RPA management system 102 may determine whether to allow software agent 110 to access the specific type of data included in the online information source. If the RPA management system 102 determines that the data associated with the role of software agent 110 does not correspond to the data assigned to software agent 110 and associated with the role of software agent 110, then the RPA management system 102 may determine that software agent 110 is not allowed to access a specific type of data included in the online information source.

[0099] In some non-limiting embodiments or aspects, the RPA management system 102 may allow the software agent 110 to access online information sources and perform data transactions involving those sources. For example, the RPA management system 102 may allow the software agent 110 to access online information sources and perform data transactions involving obtaining data included in the online information source (e.g., data associated with a user of the client device 108 included in the online information source), copying the data, deleting the data, adding to the data, performing calculations on the data, etc. In some non-limiting embodiments or aspects, the RPA management system 102 may generate data records (e.g., software agent data records) associated with data transactions involving the software agent. For example, the RPA management system 102 may generate data records related to data transactions involving online information sources based on data transactions performed by the software agent 110. In some non-limiting embodiments or aspects, the data record may include data associated with the data transaction. For example, data records may include data associated with the time and / or date of data transactions conducted by software agent 110, data associated with the role of software agent 110, data associated with the identifier of software agent 110, a private encryption key associated with software agent 110 (e.g., assigned to the software agent), and / or data associated with hash values ​​received from software agent 110 (e.g., data associated with hash values ​​received from software agent 110 as part of a request for access to an online information source).

[0100] like Figure 3 As shown, in step 312, process 300 may include storing data records associated with the software agent. For example, RPA management system 102 may store data records associated with data transactions performed by software agent 110 involving online information sources. In some non-limiting embodiments or aspects, RPA management system 102 may store data records of data transactions performed by software agent 110 involving online information sources in a data structure. For example, RPA management system 102 may store data records of data transactions performed by software agent 110 involving online information sources in a distributed ledger, such as blockchain (e.g., distributed ledger 400). In this way, RPA management system 102 can store data records of data transactions performed by software agent 110 more securely and variably than storing data records in a data structure that does not involve a distributed ledger. In some non-limiting embodiments or aspects, RPA management system 102 may allow software agent 110 and / or client device 108 to access the distributed ledger.

[0101] Now for reference Figure 4A and 4B , Figure 4A and 4BThis is a diagram of a non-limiting embodiment or aspect of a distributed ledger 400 used by an RPA management system 102 to store data records of data transactions involving online information sources conducted by a software agent 110. (See diagram for details.) Figure 4A As shown, the distributed ledger 400 may include multiple blocks 402, 404, and 406 constituting a blockchain. Each block 402, 404, and 406 may include hash records 422, 442, and 462, which may include hash values ​​of information included in the previous block of the blockchain. Alternatively or additionally, each block 402, 404, and 406 may include software agent data records 424, 444, and 464, representing data associated with transactions performed by a software agent (e.g., software agent 110). Figure 4B As shown, software agent data record 424 may include multiple sub-records 424-2, 424-4, 424-6, and 424-8. In some non-limiting embodiments or aspects, sub-record 424-2 may include data associated with a secret and / or data associated with a private encryption key of the software agent performing a transaction associated with software agent data record 424. In some non-limiting embodiments or aspects, sub-record 424-4 may include data associated with an identifier of the software agent performing a transaction associated with software agent data record 424 (e.g., a software agent identifier of the software agent). Alternatively or additionally, sub-record 424-4 may include data associated with a software agent role identifier of the software agent performing a transaction associated with software agent data record 424, data associated with a software agent identifier of the software agent performing a transaction associated with software agent data record 424, and / or data associated with a hash value received from the software agent performing a transaction associated with software agent data record 424. In some non-limiting embodiments or aspects, software agent data records 444, 464 may be the same as or similar to software agent data record 424. For example, software agent data records 444, 464 may include the same or similar sub-records as software agent data record 424.

[0102] Now for reference Figure 5A-5G , Figure 5A-5G This is a diagram of a non-limiting embodiment or aspect of an implementation scheme 500 related to the process of verifying a software agent in an RPA system. (See diagram for example.) Figure 5A As indicated by reference numeral 505, the RPA management system 102 can receive authentication requests from client device 108. In some non-limiting embodiments or aspects, the authentication request may include data associated with the requested operation (e.g., permission to access an online service) and / or an identifier of the user associated with client device 108. Figure 5BAs indicated by reference numeral 510, the RPA management system 102 may send a digital certificate to the client device 108. In some non-limiting embodiments or aspects, the RPA management system 102 may send a digital certificate issued to the client device 108 based on (e.g., in response to) a verification request from the client device 108. In some non-limiting embodiments or aspects, the RPA management system 102 may send a verification response based on (e.g., in response to) a verification request from the client device 108, and the verification response may include the digital certificate issued to the client device 108.

[0103] like Figure 5C As indicated by reference numeral 515, the RPA management system 102 can receive an initialization access request from the client device 108. In some non-limiting embodiments or aspects, the initialization access request is an authorization request for the software agent 110 of the client device 108 to access an online information source. In some non-limiting embodiments or aspects, the initialization access request may include data associated with a digital certificate issued to the client device 108, data associated with an identifier of the client device 108 (e.g., an identifier of the user of the client device 108), data associated with one or more identifiers of the software agent 110, and data associated with the role of the software agent 110 (e.g., the operation to be performed by the software agent). Figure 5D As shown by reference numeral 520, the RPA management system 102 can generate software proxy credential data associated with access credentials of online information sources, and the RPA management system 102 can store software proxy credential data associated with access credentials of online information sources.

[0104] like Figure 5D As further shown by reference numeral 525, the RPA management system 102 may send multiple private encryption keys to the client device 108 (e.g., the software agent 110 of the client device 108). In some non-limiting embodiments or aspects, the multiple private encryption keys may be included in software agent credential data associated with access credentials of an online information source generated by the RPA management system 102. In some non-limiting embodiments or aspects, the RPA management system 102 may send multiple private encryption keys upon receiving an initial access request from the client device 108.

[0105] like Figure 5EAs indicated by reference numeral 530, the RPA management system 102 may receive an initial hash value from the software agent 110. In some non-limiting embodiments or aspects, the RPA management system 102 may receive the initial hash value from the software agent 110 before the software agent 110 sends a request to access an online information source (e.g., a request to access an online information source for data transactions to retrieve information from the online information source). In some non-limiting embodiments or aspects, the initial hash value may be generated (e.g., generated by the software agent 110, generated by the RPA management system 102) using a private encryption key associated with each software agent 110. Figure 5E As further shown by reference numeral 535, the RPA management system 102 can store the initial hash value received from the software agent 110.

[0106] like Figure 5F As indicated by reference numeral 540, the RPA management system 102 may receive a hash value (e.g., a second hash value) from software agent 110-1 as part of a request to access an online information source. In some non-limiting embodiments or aspects, the request to access an online information source may include the hash value and data associated with software agent 110-1 of client device 108 (e.g., the software agent 110-1 that sent the request to access the online information source). Figure 5F As further shown by reference numeral 545, the RPA management system 102 can determine whether the software agent 110-1 is allowed to access online information sources based on the hash value received from the software agent 110-1.

[0107] like Figure 5G As indicated by reference numeral 550, the RPA management system 102 can store data records associated with data transactions performed by the software agent 110-1. In some non-limiting embodiments or aspects, the RPA management system 102 can store data records associated with data transactions performed by the software agent 110-1 involving online information sources in a distributed ledger, such as a blockchain (e.g., distributed ledger 400), and copies of the data records can be stored in the RPA database device 104.

[0108] Although the above systems, methods, and computer program products have been described in detail for illustrative purposes based on embodiments or aspects currently considered most practical and preferred, it should be understood that such details are for illustrative purposes only, and this disclosure is not limited to the described embodiments or aspects. Rather, this disclosure is intended to cover modifications and equivalent arrangements that fall within the scope of the appended claims. For example, it should be understood that this disclosure contemplates, as far as possible, that one or more features of any embodiment or aspect may be combined with one or more features of any other embodiment or aspect.

Claims

1. A system for verifying software agents in a robotic process automation system, comprising: At least one processor, which is programmed or configured to: The client device receives an initial access request for accessing an online information source via its automated software agent; Based on receiving the initial access request, software agent certificate data associated with the access certificate to the online information source is generated, wherein the software agent certificate data associated with the access certificate to the online information source includes a private encryption key of a public / private encryption key pair, wherein the private encryption key is assigned to the automated software agent of the client device; The private encryption key in the public / private encryption key pair is sent to the automated software agent of the client device; The client device receives a first hash value from its automated software agent, wherein the first hash value is generated by the client device using the private encryption key; The first hash value is stored in the database as the hash value assigned to the automated software agent of the client device; Processing requests for access to the online information source from the automated software agent of the client device, wherein when processing the request for access to the online information source, the at least one processor is programmed or configured to: The client device receives a second hash value and data associated with the role of the automated software agent included in the request to access the online information source, wherein the second hash value is generated by the client device using the private encryption key; Based on the hash value assigned to the automated software agent of the client device and the second hash value received from the automated software agent of the client device, it is determined whether the automated software agent is allowed to access the online information source, wherein when determining whether to allow access to the online information source, the at least one processor is programmed or configured to: Determine whether the second hash value received from the automation software agent of the client device corresponds to the hash value assigned to the automation software agent of the client device; Based on the data associated with the role of the automated software agent, a specific type of data included in the online information source is determined, wherein the automated software agent will perform operations on the specific type of data; Based on the determination that the automated software agent of the client device is allowed to access the online information source, the automated software agent is allowed to conduct data transactions involving specific types of data included in the online information source; as well as Data records associated with the data transactions involving the online information source are stored in a data structure.

2. The system of claim 1, wherein when the data record associated with the data transaction relating to the online information source is stored in the data structure, the at least one processor is programmed or configured to: The data records associated with the data transactions involving the online information source are stored in a distributed ledger.

3. The system of claim 1, wherein when determining whether to allow the automated software agent of the client device to access the online information source, the at least one processor is programmed or configured to: The first hash value is retrieved from the data structure based on the identifier of the automated software agent of the client device; The second hash value received from the software agent is compared with the first hash value retrieved from the data structure; as well as Based on the determination that the second hash value received from the automated software agent corresponds to the first hash value retrieved from the data structure, it is determined that the automated software agent of the client device is allowed to access the online information source.

4. The system of claim 1, wherein when the second hash value is received from the automated software agent of the client device, the at least one processor is programmed or configured to: The automated software agent receives the request to access the online information source, wherein the request to access the online information source includes the second hash value and the data associated with the role of the automated software agent of the client device.

5. The system of claim 1, wherein the at least one processor is further programmed or configured to: The automated software agent that sends the query to the client device; and Receive a response to the query from the automated software agent of the client device; When determining whether to allow the automated software agent of the client device to access the online information source, the at least one processor is programmed or configured to: Based on the first hash value, the second hash value, and the response to the query question from the automated software agent of the client device, it is determined whether the automated software agent of the client device is allowed to access the data included in the online information source.

6. A method for verifying a computer implementation of a software agent in a robotic process automation system, comprising: Using at least one processor, an initial access request for accessing an online information source is received from a client device by an automated software agent of the client device; Using at least one processor, based on receiving the initial access request, software agent certificate data associated with an access certificate to an online information source is generated, wherein the software agent certificate data associated with the access certificate to the online information source includes a private encryption key of a public / private encryption key pair, wherein the private encryption key is assigned to the automated software agent of the client device; An automated software agent of the client device sends the private encryption key from the public / private encryption key pair to the client device using at least one processor; The first hash value is received from the automated software agent of the client device by at least one processor, wherein the first hash value is generated using the private encryption key; The first hash value is stored in a database using at least one processor as the hash value assigned to the automated software agent of the client device; At least one processor processes a request for access to the online information source from the automated software agent relating to the client device, wherein processing the request for access to the online information source includes: The client device receives a second hash value and data associated with the role of the automated software agent included in the request to access the online information source, wherein the second hash value is generated by the client device using the private encryption key; Based on the hash value assigned to the automated software agent of the client device and the second hash value received from the automated software agent of the client device, it is determined whether the automated software agent is allowed to access the online information source, wherein when determining whether to allow access to the online information source, the at least one processor is programmed or configured to: Determine whether the second hash value received from the automation software agent of the client device corresponds to the hash value assigned to the automation software agent of the client device; Based on the data associated with the role of the automated software agent, a specific type of data included in the online information source is determined, wherein the automated software agent will perform operations on the specific type of data; Based on the determination that the automated software agent of the client device is permitted to access the online information source, the automated software agent is permitted to conduct data transactions involving specific types of data included in the online information source; and At least one processor stores data records associated with the data transactions involving the online information source in a data structure.

7. The method of claim 6, wherein storing the data record associated with the data transaction involving the online information source in the data structure comprises: The data records associated with the data transactions involving the online information source are stored in a distributed ledger.

8. The method of claim 6, wherein determining whether to allow the automated software agent of the client device to access the online information source comprises: The first hash value is retrieved from the data structure based on the identifier of the automated software agent of the client device; The second hash value received from the automated software agent is compared with the first hash value retrieved from the data structure; as well as Based on the determination that the second hash value received from the automated software agent corresponds to the first hash value retrieved from the data structure, it is determined that the automated software agent of the client device is allowed to access the online information source.

9. The method of claim 6, wherein receiving the second hash value from the automated software agent comprises: The automated software agent receives the request to access the online information source, wherein the request to access the online information source includes the second hash value and the data associated with the role of the automated software agent of the client device.

10. The method of claim 6, further comprising: The automated software agent that sends the query questions to the client device; as well as Receive a response to the query from the automated software agent of the client device; The determination that the automated software agent of the client device is allowed to access the online information source includes: Based on the first hash value, the second hash value, and the response to the query question from the automated software agent of the client device, it is determined that the automated software agent of the client device is permitted to access the data included in the online information source.

11. A computer program product for verifying software agents in a robotic process automation system, the computer program product comprising at least one non-transient computer-readable medium, the at least one non-transient computer-readable medium comprising one or more instructions, the one or more instructions causing the at least one processor, when executed by at least one processor, to: The client device receives an initial access request for accessing an online information source via its automated software agent; Based on receiving the initial access request, software agent certificate data associated with the access certificate to the online information source is generated, wherein the software agent certificate data associated with the access certificate to the online information source includes a private encryption key of a public / private encryption key pair, wherein the private encryption key is assigned to the automated software agent of the client device; The private encryption key in the public / private encryption key pair is sent to the automated software agent of the client device; The client device receives a first hash value from its automated software agent, wherein the first hash value is generated using the private encryption key; Receive a second hash value from the automated software agent of the client device; Based on the first hash value and the second hash value received from the automated software agent of the client device, determine whether to allow the automated software agent to access the online information source; Processing requests for access to the online information source from the automated software agent of the client device, wherein when processing the request for access to the online information source, the at least one processor is programmed or configured to: The client device receives a second hash value and data associated with the role of the automated software agent included in the request to access the online information source, wherein the second hash value is generated by the client device using the private encryption key; Based on the hash value assigned to the automated software agent of the client device and the second hash value received from the automated software agent of the client device, it is determined whether the automated software agent is allowed to access the online information source, wherein when determining whether to allow access to the online information source, the at least one processor is programmed or configured to: Determine whether the second hash value received from the automation software agent of the client device corresponds to the hash value assigned to the automation software agent of the client device; Based on the data associated with the role of the automated software agent, a specific type of data included in the online information source is determined, wherein the automated software agent will perform operations on the specific type of data; Based on the determination that the automated software agent of the client device is allowed to access the online information source, the automated software agent is allowed to conduct data transactions involving specific types of data included in the online information source; as well as Data records associated with the data transactions involving the online information source are stored in a distributed ledger.

12. The computer program product of claim 11, wherein the one or more instructions causing the at least one processor to receive the second hash value from the automated software agent of the client device cause the at least one processor to: The automated software agent receives the request to access the online information source, wherein the request to access the online information source includes the second hash value and data associated with the role of the automated software agent of the client device.

13. The computer program product of claim 11, wherein the at least one processor is further programmed or configured to: The automated software agent that sends the query to the client device; and Receive a response to the query from the automated software agent of the client device; The one or more instructions that enable the at least one processor to determine whether to allow the automated software agent of the client device to access the online information source cause the at least one processor to: Based on the first hash value, the second hash value, and the response to the query question from the automated software agent of the client device, it is determined whether the automated software agent of the client device is allowed to access the data included in the online information source.