With the advancement in automation and, more recently, in Artificial Intelligence (AI), human labor is being replaced by machines in almost all industrial sectors. Particularly, recent times have seen use of AI to replace human labor for accurately performing repetitive business tasks at cheap rates. Such automation of business processes, referred to as robotic process automation (RPA) involves the use of AI driven software referred to as RPA bots for achieving high quality of service and delivery at a substantially low cost. Therefore, RPA bots may be AI driven computer software that can be initially trained to repetitively perform certain tasks such as, for example. data entry and data sanity checks.
For example, in case of the business process outsourcing (BPO) industry, the RPA bots can be used to automate various back-office operations, such as automation of data transfer between systems, automating quality assurance, or improving time to serve client requests by automating responses in a customer support setup, or auto-suggesting responses to customer-support agents.
As part of disposing their functions, the RPA bots may, in few cases at least, require to access certain systems in which access to the content is restricted. For example, an entity, such as an individual, a system, an application, or a process, may be permitted to access the content if the entity, either as an individual or as part of a bigger group of members, has been granted privileges to access the content associated with such restricted-access system. One mechanism for providing privileged access to the RPA bots is by the use of an access key or a password provided to the RPA bot for access to a certain kind of content.
For instance, an access provider of the restricted-access system can obtain a request from either a RPA bot or an administrator or a supervisor of the RPA bot. The access provider may run a validation check on the RPA bot and once the requisite validation checks have been performed and cleared by the RPA bot, the RPA bot can be granted an access key to access the restricted-access system and its content. Therefore, in operation, the RPA bot is provided with the access key to restricted-access content on the restricted-access system, and each time the RPA bot is to access that content, the RPA bot can use that access key to obtain access.
However, such an access accorded to the RPA bot may leave the restricted-access content vulnerable to security attacks. For instance, when the RPA bot is provided with the access key for exercising privileged access, the steadfastness of the restricted-access system is as good as the security mechanism of the RPA bot. In other words, if the security mechanism of the RPA bot is compromised and the access key is obtained by an unauthorized entity, such as a rogue RPA bot, then that unauthorized entity automatically gains access to the restricted-access content that was originally accessible to the originally authorized RPA bot. In other words, the security of the restricted-access system is pivoted on a single-breach point, i.e., the access key available with the RPA bot. Therefore, such privileged access provisioned to the RPA bot presents a technical problem of the hazard of making the restricted-access system vulnerable to a security breach, bringing the restricted-access system in a precarious position. This disclosure seeks to address at least the above technical problem in a technical manner.