CN110933016B - Login authentication method and device for call center system - Google Patents

Login authentication method and device for call center system Download PDF

Info

Publication number
CN110933016B
CN110933016B CN201811098582.6A CN201811098582A CN110933016B CN 110933016 B CN110933016 B CN 110933016B CN 201811098582 A CN201811098582 A CN 201811098582A CN 110933016 B CN110933016 B CN 110933016B
Authority
CN
China
Prior art keywords
login
authentication
account
request information
authentication request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811098582.6A
Other languages
Chinese (zh)
Other versions
CN110933016A (en
Inventor
张自然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201811098582.6A priority Critical patent/CN110933016B/en
Publication of CN110933016A publication Critical patent/CN110933016A/en
Application granted granted Critical
Publication of CN110933016B publication Critical patent/CN110933016B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The invention discloses a login authentication method and device of a call center system, and relates to the technical field of computers. One embodiment of the method comprises the following steps: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number; if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account number, and performing login authentication according to the dynamic password; if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account number, and performing login authentication according to the static password. The embodiment can realize a strong authentication mode combining dynamic authentication and static authentication, improves the overall security of the system, reduces the use risk of service personnel, and has more flexible and convenient authentication mode.

Description

Login authentication method and device for call center system
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a login authentication method and device for a call center system.
Background
With the rapid development of voice telephone (i.e., voIP over internet protocol, voice over Internet Protocol) services over internet protocol, various large communication operators and many industries and enterprises in China have established their own VoIP systems. VoIP provides cheap communication charge and a convenient and quick communication mode, and simultaneously reduces the cost of purchasing equipment and personnel maintenance of enterprises.
With the popularization and use of VoIP, the security problem is also becoming a focus of attention. Voice call transmissions often involve relatively private content, and facilities in the network often become targets of attacks, various means of attack are now and then the security of the system is checked. Most enterprises have not considered protecting their communications deployment facilities because they are unaware of the losses that communications, video conferences and other inherent risks may bring, thereby increasing the likelihood of being attacked. However, due to the characteristics of real-time property and confidentiality of the VoIP, it has higher requirements for security than other data services.
In order to avoid or reduce the probability of being attacked, this is typically done by authenticating the identity of the requesting party for the data or service. Because the call center system is composed of a plurality of components, different components coordinate to complete a certain business process, and therefore verification of identity legitimacy of a requester can be added in a certain business process or a certain business processes so as to enhance the security of the VoIP system. The currently common authentication method is to use a user name and a static password for authentication. For example: when the soft telephone or the seat operator logs in the telephone traffic system, the service end performs identity verification on the request user, and because the telephone traffic system is provided with a built-in user management module, the account information of the user is configured in the telephone traffic system in advance, the user can log in the telephone traffic system through the soft telephone and then dial or perform other operations. The soft phone refers to application software deployed on a client such as a PC (personal computer ) or a mobile phone for dialing a phone.
In the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art:
1. the maintenance cost is too high
The daily password maintenance is generally acted by transportation and security management staff, a system with huge traffic volume is adopted, the corresponding back-end seat customer service volume is huge, a considerable number of passwords are maintained, the periodic replacement of the passwords is a huge project, and the corresponding cost is very high;
2. low safety and easy cracking
The invariance of the static passwords greatly improves the risk of being cracked, and a great amount of password maintenance easily causes password conflict events to occur, or immeasurable losses are caused when the passwords are not replaced for a long time and are acquired by illegal personnel artificially;
3. is not easy to memorize and is difficult to use
The regular replacement of different passwords is easy to cause the seat personnel to have difficulty in memorizing and forget and misuse;
4. business mixing and high vulnerability risk
The business system bears the security work, the mixed mode adds the security risk of the system, the loophole of one component is likely to be linked to the security of other components, the security risk is high, and the operation load of the system is increased.
Disclosure of Invention
In view of this, the embodiment of the invention provides a login authentication method and device for a call center system, which can realize a strong authentication mode combining dynamic authentication and static authentication, improve the overall security of the system, reduce the use risk of service personnel, and have more flexible and convenient authentication modes.
To achieve the above object, according to one aspect of the embodiments of the present invention, there is provided a login authentication method of a call center system.
A login authentication method for a call center system, comprising: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number; if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account number, and performing login authentication according to the dynamic password; if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account number, and performing login authentication according to the static password.
Optionally, before the authentication mode is obtained according to the login authentication request information, the method further includes: and acquiring a service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises a soft phone login and a seat login.
Optionally, if the service type is soft phone login, the login authentication request is sent through the user switch, and after login authentication is completed, an authentication result is returned to the user switch.
Optionally, if the service type is a soft phone login, the account is a login account of the soft phone, and before the authentication mode is obtained according to the login authentication request information, the method further includes: and confirming that the login account of the soft phone is not logged in.
Optionally, if the service type is the agent login, the login authentication request is sent through the computer phone integrated system, and after the login authentication is completed, an authentication result is returned to the computer phone integrated system.
Optionally, if the service type is that the agent logs in, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; before the authentication mode is acquired according to the login authentication request information, the method further comprises the following steps: and confirming that the login account number of the agent is not logged in, and that the login account number of the soft phone corresponding to the agent is logged in and not occupied.
Optionally, before the authentication mode is obtained according to the login authentication request information, the method further includes: and confirming that the account number exists in the call center system.
According to another aspect of the embodiments of the present invention, there is provided a login authentication apparatus of a call center system.
A login authentication device of a call center system, comprising: the authentication mode acquisition module is used for acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number; the dynamic password authentication module is used for acquiring the generated dynamic password according to the account number and carrying out login authentication according to the dynamic password if the authentication mode is dynamic password authentication; and the static password authentication module is used for acquiring a pre-stored static password according to the account number and carrying out login authentication according to the static password if the authentication mode is static password authentication.
Optionally, the method further comprises a service type determining module for: before the authentication mode is acquired according to the login authentication request information, acquiring a service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises a soft phone login and a seat login.
Optionally, if the service type is soft phone login, the login authentication request is sent through the user switch, and after login authentication is completed, an authentication result is returned to the user switch.
Optionally, if the service type is a soft phone login, the account is a login account of the soft phone, and the apparatus further includes a first status confirmation module, configured to: before the authentication mode is acquired according to the login authentication request information, the login account of the soft phone is confirmed to be not logged in.
Optionally, if the service type is the agent login, the login authentication request is sent through the computer phone integrated system, and after the login authentication is completed, an authentication result is returned to the computer phone integrated system.
Optionally, if the service type is that the agent logs in, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; and, the apparatus further comprises a second status confirmation module for: before an authentication mode is acquired according to the login authentication request information, confirming that a login account of the agent is not logged in, and that a login account of a soft phone corresponding to the agent is logged in and not occupied.
Optionally, the system further comprises a third state confirmation module for: before an authentication mode is acquired according to login authentication request information, the account number existing in the call center system is confirmed.
According to yet another aspect of an embodiment of the present invention, an electronic device for login authentication of a call center system is provided.
An electronic device for login authentication of a call center system, comprising: one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors realize the login authentication method of the call center system provided by the embodiment of the invention.
According to yet another aspect of an embodiment of the present invention, a computer-readable medium is provided.
A computer readable medium having stored thereon a computer program which when executed by a processor implements a login authentication method for a call center system provided by an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits: by determining the login authentication mode of the call center system according to the login authentication request information and authenticating the user according to the authentication mode, the validity verification of the login information of the user according to the authentication type in the login authentication request can be realized, so that the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system of the invention realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, and the authentication mode is more flexible and convenient; the SVSC is introduced to realize that the security authentication of the service can be independent, the authentication platform is self-managed, the maintenance is easy, the labor cost is reduced, and the controllability is enhanced; in addition, since the original PBX already has a module supporting radius protocol, the security control service SVSC also supports radius protocol to realize the authentication process, thus the seamless fusion with the original network application infrastructure can be satisfied, the docking difficulty is reduced, and the deployment is flexible.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the overall deployment of a call center system in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram of the main steps of a login authentication method of a call center system according to an embodiment of the present invention;
FIG. 3 is a flowchart of an implementation of a login authentication method according to a first embodiment of the present invention;
FIG. 4 is a flowchart of a handset login process according to a second embodiment of the invention;
fig. 5 is a seat login flow chart according to a third embodiment of the present invention;
FIG. 6 is a schematic diagram of the main modules of a login authentication device of a call center system according to an embodiment of the present invention;
FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 8 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the introduction of the implementation process of the technical scheme of the invention, the industry terms mainly related include the following:
config Server: the configuration server is abbreviated as CFG and is mainly used for configuring relevant contents such as agents, extensions, routing points, queues, skills and the like and providing configured information for CTIs and PBXs;
CTI Server: the CTI is computer telephony integration Computer Telephony Integration, and obtains configuration information from the CFG according to an own protocol, and interacts with Message Server for calling and seat state event messages;
PBX: a private branch exchange, also called a private branch exchange, is an acronym for Private Branch Exchange, which is used to complete the telephone exchange inside an enterprise and between the enterprise and a public telecommunication network;
message Server: a message server, abbreviated as "MS", for forwarding request and response information in the form of a queue;
IVR: the interactive voice response Interactive Voice Response can enter the service center only by telephone, can listen to mobile phone entertainment products according to operation prompts, and can play related information according to content input by a user;
SBC: session border controller or session controller Session Border Controller is a VoIP call control product for environments where telephones are transported entirely by VoIP without a gateway;
smart VoIP Security Control: the intelligent voice safety control is abbreviated as SVSC, and provides multi-factor authentication, stream identification protection, encryption and decryption, intelligent analysis and interception and other safety integrated control of multi-dimensional interaction for guaranteeing the safety of traffic system service;
OTP Server: the dynamic authentication server is abbreviated as OTP and is used for authenticating dynamic passwords and can be linked with other server-side equipment to authenticate by means of short messages, mails and the like;
OpenSIPS: is a mature open source SIP server, which is called OPS for short;
SIP: session Initiation Protocol session initiation protocol, a multimedia communication protocol formulated by IETF (Internet Engineering Task Force );
radius: remote Authentication Dial In User Service, remote user dial authentication service, remote user dial authentication system is defined by RFC2865, RFC2866, is currently the most widely used AAA protocol;
SSL: secure Sockets Layer, secure sockets layer, is a security protocol that provides security and data integrity for network communications;
ESL: event Socket Link, event socket link, is a communication transmission mode of the network layer;
soft phone: refers to application software deployed on a client such as a PC (personal computer ) or a mobile phone for dialing a phone;
seat: the call center seat, also called a seat or a seat representative, is generally composed of a seat computer, seat software, a seat headset, service personnel and the like. The call center seat realizes the relevant control function through seat software and hardware equipment so as to achieve the purpose of customer service, and belongs to the category of customer service.
Currently, the mainstream call center system in the market is a CTI call center system based on a board mode, and is mainly applied to places where users only need local call center functions. The service flow of the agent login is as follows: before logging in the call center system through the browser, the customer service agent needs to add own account information (including account numbers and passwords) in CFG (Config Server) in advance, and then configures corresponding PBX information. When logging in, firstly, a customer service agent uses a soft telephone to log in an extension number to a PBX, and the PBX requests a CFG to acquire extension information, if the information exists, the login is successful; then, the agent fills in own account information through the login interface, wherein the information is account information configured in the CFG, and if the account information input during the agent login is correct and the registered extension number is registered at the soft phone terminal, the agent login is successful.
According to the business flow, when the existing call center system performs login authentication, static password verification is mainly performed according to the account number and the password stored in the configuration file, and verification is mainly performed in the process of agent login, so that the security is low and the call center system is easy to crack. In addition, the existing login authentication method has the defects of high authentication information maintenance cost, difficult memory, easy forgetting and misuse, mixed service, high vulnerability risk and the like.
In order to solve the technical problems, the invention provides a login authentication method of a call center system, which changes the original static password authentication mode on the basis of the existing business flow, uses a strong authentication scheme to ensure the safety of the call center, reduces the occurrence of security malignant events such as violent cracking, internal secret leakage, counterfeiting, monitoring and the like, thereby enhancing the safety of authentication management; the security authentication and the telephone traffic service are isolated, so that the coupling between systems is reduced, the probability of accidents is reduced, the deployment flexibility is facilitated, the management and the maintenance are easy, and meanwhile, the independent security system also supports the replacement and the combination of a plurality of authentication modes, and the selection range of the authentication is widened, so that the service system has better scalability; by using the strong authentication scheme, a user can conveniently use the method without specially memorizing own passwords, the possibility of errors is reduced, and meanwhile, the user can be effectively controlled and managed by inquiring the online authentication record of the user, so that the convenience of use is improved.
Fig. 1 is a schematic diagram of the overall deployment of a call center system in accordance with an embodiment of the present invention. In fig. 1, a plurality of system services are involved, and basically all the system services participate in a login authentication process, which mainly includes: config Server, message Server, CTI Server, PBX, IVR, SBC, SVSC, OTP, etc. Data communication between these system services is performed according to a specified communication protocol, for example: data communication is performed between the SBC and the OPS based on a SIP link, data communication is performed between the SVSC and the OPS based on an SSL protocol such as PBX, OTP, CFG, data communication is performed between the SVSC and the CTI based on an ESL, and the like.
The invention changes the original authentication mode by expanding and adding new safety control equipment based on the original architecture of the call center system. The added security control device is SVSC and OTP, strong authentication such as dynamic password authentication can be provided through the linkage use of SVSC and OTP, the security degree of the strong authentication (strong authentication) is high, and the verification program uses the technology of public cryptography to identify the two communication parties.
In view of the fact that the original PBX already has a module supporting radius protocol, the security control service SVSC also supports radius protocol to realize the authentication process, so that seamless fusion with the original network application infrastructure can be met, and the docking difficulty is reduced.
OTP Server can be realized by adopting the existing manufacturer equipment in the market, and can be developed or set according to the needs. The OTP client uses the mobile phone token application APP or the password Key to acquire a dynamic password to log in the soft phone.
The following describes a specific implementation procedure of login authentication of a call center system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of main steps of a login authentication method of a call center system according to an embodiment of the present invention. As shown in fig. 2, the login authentication method of the call center system according to the embodiment of the present invention mainly includes the following steps S201 to S203.
Step S201: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number;
step S202: if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account number, and performing login authentication according to the dynamic password;
step S203: if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account number, and performing login authentication according to the static password.
According to the technical scheme and the service flow of the agent login, when the agent customer service logs in the call center system, the agent customer service needs to log in the soft phone first and then log in the agent, and the agent can be regarded as a display end of the soft phone. In order to better ensure the system safety, the invention can respectively carry out login authentication in two processes of logging in the soft phone and logging in the seat.
The authentication mode can be selected by the user when the user sends a login authentication request, or can be configured by a system, for example, some users can be configured to be static password authentication, and other users can be configured to be dynamic password authentication. The invention is not limited in this regard.
If the user selects the authentication mode by himself before sending the login authentication request, the user can input an account number and a password by himself and send the login authentication request when the authentication type selected by the user is static password authentication; when the authentication type selected by the user is dynamic password authentication, the dynamic authentication Server OTP Server is triggered to generate a dynamic password and send the dynamic password to a dynamic authentication client, for example, a mobile token application APP, and then the user inputs the received dynamic password and sends a login authentication request.
If the login authentication mode is configured by the system, when the user logs in, after the user account is input, the authentication type corresponding to the user is queried from the system configuration database. If the authentication type corresponding to a certain user is static password authentication, the user can input an account number and a password by himself and send a login authentication request; if the authentication type corresponding to a certain user is dynamic password authentication, the dynamic authentication Server OTP Server is directly triggered to generate a dynamic password and send the dynamic password to the dynamic authentication client, and then the user inputs the received dynamic password and sends a login authentication request.
According to one embodiment of the present invention, before the authentication mode is obtained according to the login authentication request information, the method further includes: and acquiring a service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises a soft phone login and a seat login. In the embodiment of the present invention, the processing procedure of the authentication request of two service types, that is, the soft phone login and the agent login, is not described. In addition, it should be understood by those skilled in the art that the service types are not limited to the types listed in the embodiments of the present invention, and other service types may be set as required in specific applications, and corresponding authentication steps may be added for different service types.
In one embodiment of the present invention, if the service type is soft phone login, a login authentication request is sent through the private branch exchange, and after the login authentication is completed, an authentication result is returned to the private branch exchange.
According to one embodiment of the present invention, if the service type is soft phone login, the account is a login account of the soft phone, and before the authentication mode is obtained according to the login authentication request information, the method further includes: and confirming that the login account number of the soft phone is not logged in. The login account number of the soft phone when logging in is the corresponding extension number.
In another embodiment of the present invention, if the service type is agent login, a login authentication request is sent through the computer telephony integration system, and after the login authentication is completed, an authentication result is returned to the computer telephony integration system.
According to another embodiment of the present invention, if the service type is that the agent logs in, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; before the authentication mode is acquired according to the login authentication request information, the method further comprises the following steps: and confirming that the login account number of the agent is not logged in, and that the login account number of the soft phone corresponding to the agent is logged in and not occupied. According to the service flow of the seat login described above, before the seat is logged in, the soft phone needs to be logged in first, the seat can be logged in only when the soft phone is logged in and is not occupied, and the seat can not be logged in as much if the soft phone is occupied.
According to the embodiment of the invention, before the authentication mode is acquired according to the login authentication request information, the account number in the call center system needs to be confirmed.
According to steps S201 to S203, validity verification can be performed on the login information of the user according to the authentication type in the login authentication request, so as to ensure validity of user authentication. Different from the existing static password authentication mode, the call center system of the invention realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, and the authentication mode is more flexible and convenient; the SVSC is introduced to realize that the security authentication of the service can be independent, the authentication platform is self-managed, the maintenance is easy, the labor cost is reduced, and the controllability is enhanced; in addition, since the original PBX already has a module supporting radius protocol, the security control service SVSC also supports radius protocol to realize the authentication process, thus the seamless fusion with the original network application infrastructure can be satisfied, the docking difficulty is reduced, and the deployment is flexible.
The implementation of the invention is described below in connection with specific embodiments.
Fig. 3 is a flowchart of an implementation of the login authentication method according to the first embodiment of the present invention. As shown in fig. 3, the main flow of login authentication by the security control service system SVSC includes:
step S301: acquiring a login authentication request sent by a user;
step S302: acquiring an account number included in a login authentication request;
step S303: and interacting with the CFG, and judging whether information corresponding to the account exists in the system. If not, indicating that the account is not set, and prompting the user that login fails; if yes, the account is set, and step S304 is executed;
step S304: and acquiring the service type included in the login authentication request, and judging the service type. If the service type is soft phone login, step S305 is executed, and if the service type is agent login, step S306 is executed;
step S305: if the service type is soft phone login, the account is the login account of the soft phone (namely, extension number), and the login state of the login account of the soft phone is judged through interaction with the PBX. If the login state is logged in, prompting the user that the account is logged in, wherein the login fails; if the login status is not logged in, step S307 is executed;
Step S306: if the service type is the agent login, the account is the login account of the agent, and the login account of the soft phone corresponding to the agent in the login authentication request is required to be obtained at the moment, and then, through interaction with the PBX, whether the soft phone account is logged in or not is judged; and then, through interaction with CTI, judging whether the login state of the login account of the seat and the login account of the soft phone are occupied. If the login account of the seat is not logged in, the login account of the soft phone is logged in and is not occupied, step S307 is executed, otherwise, the login is failed;
step S307: and acquiring an authentication mode included in the login authentication request, and judging the authentication mode. If the authentication mode is static password authentication, executing step S308; if the authentication mode is dynamic password authentication, executing step S310;
step S308: acquiring an account number and a password included in the login authentication request, acquiring a static password corresponding to the account number from the CFG according to the account number, and executing step S309;
step S309: comparing the obtained static password with the password included in the login authentication request, and if the static password is the same as the password, passing the authentication and successfully logging in; otherwise, the authentication is not passed and the login fails;
Step S310: acquiring an account number and a password included in the login authentication request, acquiring a dynamic password corresponding to the account number from the OTP according to the account number, and executing step S311;
step S311: comparing the obtained dynamic password with the password included in the login authentication request, and if the dynamic password is the same as the password, passing the authentication and successfully logging in; otherwise, the authentication is not passed and the login fails.
It should be understood by those skilled in the art that the implementation procedure shown in fig. 3 is only one embodiment of the present invention, and the protection scope of the present invention is not limited by the fact that the service type included in the login authentication request may be acquired first and then the account information included in the login authentication request is acquired.
Fig. 4 is a flowchart of a handset login procedure according to a second embodiment of the invention. As shown in fig. 4, which shows a process of a user logging in a soft Phone through a SIP Phone, the method mainly includes the following steps:
step S401: a user initiates a soft Phone login request to Opensips through a SIP Phone, and the Opensips forwards the login request to the PBX;
step S402: the PBX sends a login authentication request to a security control service system SVSC;
step S403: the SVSC acquires a soft phone login account according to the login authentication request information and interacts with the CFG to confirm account information;
Step S404: after the account information is confirmed, the SVSC interacts with the PBX to confirm the login state of the soft phone login account;
step S405: after the login state is confirmed to be not logged in, the SVSC acquires an authentication mode according to login authentication request information;
step S406: if the authentication mode is static password authentication, an authentication request is sent to the CFG for authentication, and after the authentication is completed, the CFG returns an authentication result;
step S407: if the authentication mode is dynamic password authentication, an authentication request is sent to the OTP for authentication, and after the authentication is completed, the OTP returns an authentication result.
Fig. 5 is a seat login flow chart according to a third embodiment of the present invention. As shown in fig. 5, which shows a process of the user performing the agent login, the method mainly comprises the following steps:
step S501: a user initiates a seat login request to an MS, and the MS forwards the login request to a CTI;
step S502: the CTI sends a login authentication request to a security control service system SVSC;
step S503: the SVSC acquires an agent login account and a soft phone login account used by the agent request according to the login authentication request information, and interacts with the CFG to confirm the login state of the agent login account;
Step S504: after the account information is confirmed, the SVSC interacts with the PBX to confirm the login state of the soft phone login account;
step S505: after the login state of the soft phone login account is confirmed to be logged in, the SVSC interacts with the CTI to confirm the login state of the seat login account and confirm the occupancy state of the soft phone login account;
step S506: when the login state of the seat login account is confirmed to be unregistered and the occupation state of the soft phone login account is confirmed to be unoccupied, the SVSC acquires an authentication mode according to login authentication request information;
step S507: if the authentication mode is static password authentication, an authentication request is sent to the CFG for authentication, and after the authentication is completed, the CFG returns an authentication result;
step S508: if the authentication mode is dynamic password authentication, an authentication request is sent to the OTP for authentication, and after the authentication is completed, the OTP returns an authentication result.
In the description of the second and third embodiments shown in fig. 4 and 5, since the service type has been defined, the operation of making the service type determination is not mentioned in the login authentication process, and it should be understood by those skilled in the art that the step of making the service type determination may be added in the specific implementation. Additionally, in a third embodiment, the MS is configured to provide a buffer queue to meet the communication requirements between CTI and AGENT.
In addition, in the description of the embodiment of the present invention, the OTP is only used for performing dynamic password authentication, but it should be understood by those skilled in the art that the OTP supports not only dynamic password authentication but also static password authentication, and the static password authentication can be performed using the OTP by saving the account number and the password configured in the CFG to the OTP. In the description of the embodiments of the present application, CFG is still used for static password authentication in order to be compatible with existing systems and save the operations of data transfer. Those skilled in the art will appreciate that in implementation, the dynamic password authentication and the static password authentication may be performed on one server or may be performed separately on different servers, which is not limited by the present invention.
Fig. 6 is a schematic diagram of main modules of a login authentication device of a call center system according to an embodiment of the present invention. As shown in fig. 6, the login authentication device 600 of the call center system according to the embodiment of the present invention mainly includes an authentication mode obtaining module 601, a dynamic password authentication module 602, and a static password authentication module 603.
The authentication mode obtaining module 601 is configured to obtain an authentication mode according to login authentication request information, where the authentication mode includes dynamic password authentication and static password authentication, and the login authentication request information includes an account number;
The dynamic password authentication module 602 is configured to obtain the generated dynamic password according to the account number and perform login authentication according to the dynamic password if the authentication mode is dynamic password authentication;
the static password authentication module 603 is configured to obtain a pre-stored static password according to the account number if the authentication mode is static password authentication, and perform login authentication according to the static password.
According to an embodiment of the present invention, the login authentication device 600 of the call center system may further include a service type determining module (not shown in the figure) for:
before the authentication mode is acquired according to the login authentication request information, the service type corresponding to the login authentication request is acquired according to the login authentication request information, wherein the service type comprises a soft phone login and a seat login.
According to one embodiment of the present invention, if the service type is soft phone login, a login authentication request is sent through the private branch exchange, and after the login authentication is completed, an authentication result is returned to the private branch exchange.
According to another embodiment of the present invention, if the service type is a soft phone login, the account is a soft phone login account, and the login authentication device 600 of the call center system may further include a first status confirmation module (not shown in the figure) for:
Before the authentication mode is acquired according to the login authentication request information, the login account number of the soft phone is confirmed to be not logged in.
According to one embodiment of the invention, if the service type is seat login, a login authentication request is sent through the computer phone integrated system, and after the login authentication is completed, an authentication result is returned to the computer phone integrated system.
According to another embodiment of the present invention, if the service type is that the agent logs in, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent;
also, the login authentication device 600 of the call center system may further include a second status confirmation module (not shown in the figure) for:
before the authentication mode is acquired according to the login authentication request information, confirming that the login account of the agent is not logged in, and that the login account of the soft phone corresponding to the agent is logged in and not occupied.
According to yet another embodiment of the present invention, the login authentication device 600 of the call center system may further include a third status confirmation module (not shown in the figure) for:
before the authentication mode is acquired according to the login authentication request information, the account number existing in the call center system is confirmed.
According to the technical scheme of the embodiment of the invention, the login authentication mode of the call center system is determined according to the login authentication request information, and the identity authentication is carried out on the user according to the authentication mode, so that the validity verification of the login information of the user according to the authentication type in the login authentication request can be realized, and the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system of the invention realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, and the authentication mode is more flexible and convenient; the SVSC is introduced to realize that the security authentication of the service can be independent, the authentication platform is self-managed, the maintenance is easy, the labor cost is reduced, and the controllability is enhanced; in addition, since the original PBX already has a module supporting radius protocol, the security control service SVSC also supports radius protocol to realize the authentication process, thus the seamless fusion with the original network application infrastructure can be satisfied, the docking difficulty is reduced, and the deployment is flexible.
Fig. 7 illustrates an exemplary system architecture 700 of a login authentication method of a call center system or a login authentication apparatus of a call center system to which an embodiment of the present invention can be applied.
As shown in fig. 7, a system architecture 700 may include terminal devices 701, 702, 703, a network 704, and a server 705. The network 704 is the medium used to provide communication links between the terminal devices 701, 702, 703 and the server 705. The network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 705 via the network 704 using the terminal devices 701, 702, 703 to receive or send messages or the like. Various communication client applications such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 701, 702, 703.
The terminal devices 701, 702, 703 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 705 may be a server providing various services, such as a background management server (by way of example only) providing support for shopping-type websites browsed by users using the terminal devices 701, 702, 703. The background management server may analyze and process the received data such as the product information query request, and feedback the processing result (e.g., the target push information, the product information—only an example) to the terminal device.
It should be noted that, the login authentication method of the call center system provided in the embodiment of the present invention is generally executed by the server 705, and accordingly, the login authentication device of the call center system is generally disposed in the server 705.
It should be understood that the number of terminal devices, networks and servers in fig. 7 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 8, there is illustrated a schematic diagram of a computer system 800 suitable for use in implementing a terminal device or server in accordance with an embodiment of the present invention. The terminal device or server shown in fig. 8 is only an example, and should not impose any limitation on the functions and scope of use of the embodiments of the present invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU) 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to the bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 801.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described units or modules may also be provided in a processor, for example, as: a processor comprises an authentication mode acquisition module, a dynamic password authentication module and a static password authentication module. The names of the units or modules do not limit the units or modules themselves in some cases, and for example, the authentication method acquisition module may also be described as "a module for acquiring an authentication method based on login authentication request information".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number; if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account number, and performing login authentication according to the dynamic password; if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account number, and performing login authentication according to the static password.
According to the technical scheme of the embodiment of the invention, the login authentication mode of the call center system is determined according to the login authentication request information, and the identity authentication is carried out on the user according to the authentication mode, so that the validity verification of the login information of the user according to the authentication type in the login authentication request can be realized, and the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system of the invention realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, and the authentication mode is more flexible and convenient; the SVSC is introduced to realize that the security authentication of the service can be independent, the authentication platform is self-managed, the maintenance is easy, the labor cost is reduced, and the controllability is enhanced; in addition, since the original PBX already has a module supporting radius protocol, the security control service SVSC also supports radius protocol to realize the authentication process, thus the seamless fusion with the original network application infrastructure can be satisfied, the docking difficulty is reduced, and the deployment is flexible.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (14)

1. A login authentication method for a call center system, comprising:
acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number;
if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account number, and performing login authentication according to the dynamic password;
if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account number, and performing login authentication according to the static password;
before the authentication mode is obtained according to the login authentication request information, the method further comprises the following steps: acquiring service types corresponding to the login authentication request according to the login authentication request information, so as to respectively perform login authentication for different service types, wherein the service types comprise soft phone login and seat login;
If the service type is soft phone login, sending the login authentication request through a user switch, wherein the account is a login account of the soft phone;
and if the service type is the seat login, sending the login authentication request through a computer phone integrated system, wherein the account is the login account of the seat, and the login authentication request information also comprises the login account of the soft phone corresponding to the seat.
2. The method of claim 1, wherein if the service type is soft phone login, returning the authentication result to the private branch exchange after login authentication is completed.
3. The method according to claim 1 or 2, wherein if the service type is a soft phone login, before obtaining the authentication mode according to the login authentication request information, the method further comprises:
and confirming that the login account of the soft phone is not logged in.
4. The method of claim 1, wherein if the service type is agent login, returning the authentication result to the computer telephony integration system after login authentication is completed.
5. The method according to claim 1 or 4, wherein if the service type is agent login, before acquiring the authentication mode according to the login authentication request information, the method further comprises:
And confirming that the login account number of the agent is not logged in, and that the login account number of the soft phone corresponding to the agent is logged in and not occupied.
6. The method of claim 1, further comprising, prior to obtaining the authentication mode based on the login authentication request information:
and confirming that the account number exists in the call center system.
7. A login authentication device for a call center system, comprising:
the authentication mode acquisition module is used for acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account number;
the dynamic password authentication module is used for acquiring the generated dynamic password according to the account number and carrying out login authentication according to the dynamic password if the authentication mode is dynamic password authentication;
the static password authentication module is used for acquiring a pre-stored static password according to the account number and carrying out login authentication according to the static password if the authentication mode is static password authentication;
the service type determining module is used for acquiring a service type corresponding to the login authentication request according to the login authentication request information before acquiring an authentication mode according to the login authentication request information so as to respectively perform login authentication aiming at different service types, wherein the service types comprise a soft phone login and a seat login; if the service type is soft phone login, sending the login authentication request through a user switch, wherein the account is a login account of the soft phone; and if the service type is the seat login, sending the login authentication request through a computer phone integrated system, wherein the account is the login account of the seat, and the login authentication request information also comprises the login account of the soft phone corresponding to the seat.
8. The apparatus of claim 7, wherein if the service type is soft phone login, the authentication result is returned to the private branch exchange after login authentication is completed.
9. The apparatus according to claim 7 or 8, wherein if the service type is soft phone login, the apparatus further comprises a first status confirmation module configured to:
before the authentication mode is acquired according to the login authentication request information, the login account of the soft phone is confirmed to be not logged in.
10. The apparatus of claim 7, wherein if the service type is agent login, the authentication result is returned to the computer telephony integration system after login authentication is completed.
11. The apparatus according to claim 7 or 10, wherein if the service type is agent login, the apparatus further comprises a second status confirmation module configured to:
before an authentication mode is acquired according to the login authentication request information, confirming that a login account of the agent is not logged in, and that a login account of a soft phone corresponding to the agent is logged in and not occupied.
12. The apparatus of claim 7, further comprising a third status confirmation module configured to:
Before an authentication mode is acquired according to login authentication request information, the account number existing in the call center system is confirmed.
13. An electronic device for login authentication of a call center system, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-6.
14. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-6.
CN201811098582.6A 2018-09-20 2018-09-20 Login authentication method and device for call center system Active CN110933016B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811098582.6A CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811098582.6A CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Publications (2)

Publication Number Publication Date
CN110933016A CN110933016A (en) 2020-03-27
CN110933016B true CN110933016B (en) 2023-06-23

Family

ID=69856193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811098582.6A Active CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Country Status (1)

Country Link
CN (1) CN110933016B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520805B (en) * 2022-01-20 2024-01-16 厦门亿联网络技术股份有限公司 Conference system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217599A (en) * 2008-01-14 2008-07-09 中兴通讯股份有限公司 A logging on method from attendant console user end to server
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN108401080A (en) * 2017-02-07 2018-08-14 北京京东尚科信息技术有限公司 Control method of attending a banquet and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9369580B2 (en) * 2014-03-31 2016-06-14 Avaya Inc. System and method to detect and correct IP phone mismatch in a contact center

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217599A (en) * 2008-01-14 2008-07-09 中兴通讯股份有限公司 A logging on method from attendant console user end to server
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN108401080A (en) * 2017-02-07 2018-08-14 北京京东尚科信息技术有限公司 Control method of attending a banquet and system

Also Published As

Publication number Publication date
CN110933016A (en) 2020-03-27

Similar Documents

Publication Publication Date Title
US11399044B2 (en) System and method for connecting a communication to a client
US9882723B2 (en) Method and system for authentication
US9239999B2 (en) System and method for random voice communications through a social network
CN107249004B (en) Identity authentication method, device and client
US20120163241A1 (en) Seamlessly conferencing a previously-connected telephone call
US9065684B2 (en) IP phone terminal, server, authenticating apparatus, communication system, communication method, and recording medium
US20170019402A1 (en) Authorization Activation
US8959581B2 (en) Switching apparatus, authentication server, authentication system, authentication method, and computer program product
US9065903B2 (en) User-based authentication for realtime communications
CN102893572A (en) Device for registering client computing devices for online communication sessions
JP2006295673A (en) Call system, proxy dial server device, proxy dial method used therefor, and program thereof
EP3140955A1 (en) Collaborative business communication information system
US20130035079A1 (en) Method and system for establishing data commuication channels
CN107204873A (en) A kind of method and relevant device for switching target domain name resolution server
US20130244622A1 (en) Method and System for Transferring Mobile Device Contact Information
CN108809807B (en) Creating communication sessions in heterogeneous systems
US20070254637A1 (en) Device, Method and Computer Program Product Readable Medium for Establishing a Communication Session
US11463429B2 (en) Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow
CN110933016B (en) Login authentication method and device for call center system
TW201448558A (en) Simple communication method and system thereof
US20140273980A1 (en) Voicemail migration
US10477362B1 (en) Interface and authorization for cross-network communications
US10063596B2 (en) Devices for managing data associated with an audio communication
US20150281946A1 (en) Communication Agent Method
CN104917910A (en) VoIP (Voice over Internet Protocol) call making, certifying and processing method, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant