CN110933016A - Login authentication method and device of call center system - Google Patents

Login authentication method and device of call center system Download PDF

Info

Publication number
CN110933016A
CN110933016A CN201811098582.6A CN201811098582A CN110933016A CN 110933016 A CN110933016 A CN 110933016A CN 201811098582 A CN201811098582 A CN 201811098582A CN 110933016 A CN110933016 A CN 110933016A
Authority
CN
China
Prior art keywords
login
authentication
account
request information
authentication request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811098582.6A
Other languages
Chinese (zh)
Other versions
CN110933016B (en
Inventor
张自然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201811098582.6A priority Critical patent/CN110933016B/en
Publication of CN110933016A publication Critical patent/CN110933016A/en
Application granted granted Critical
Publication of CN110933016B publication Critical patent/CN110933016B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a login authentication method and device of a call center system, and relates to the technical field of computers. One embodiment of the method comprises: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account; if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account, and performing login authentication according to the dynamic password; if the authentication mode is static password authentication, a pre-stored static password is obtained according to the account, and login authentication is performed according to the static password. The implementation mode can realize a strong authentication mode combining dynamic authentication and static authentication, improves the overall safety of the system, reduces the use risk of business personnel, and is more flexible and convenient.

Description

Login authentication method and device of call center system
Technical Field
The invention relates to the technical field of computers, in particular to a login authentication method and device for a call center system.
Background
With the rapid development of Voice over internet protocol (VoIP) services, various communication operators and many industries and enterprises in China have already built their VoIP systems. VoIP provides cheap communication cost and a convenient and fast communication mode, and meanwhile, the cost of purchasing equipment and maintaining personnel of enterprises is reduced.
With the widespread use of VoIP, the security problem thereof is becoming the focus of attention. Voice call transmission often involves relatively private content, and facilities in a network often become targets of attack, and various attack means constantly test the security of the system. Most enterprises do not consider protecting their communications deployment facilities because they are unaware of the loss that may be incurred by communications, video conferencing, and other inherent risks, thereby increasing the likelihood of being attacked. However, due to the characteristics of real-time performance and confidentiality, VoIP has higher requirements on security than other data services.
In order to avoid the attack or reduce the probability of the attack, the method is generally implemented by authenticating the requester of the data or service. Because the call center system is composed of a plurality of components, different components coordinate to complete a certain business process, the verification of the identity validity of a requesting party can be added in one or more business processes to enhance the safety of the VoIP system. The currently commonly used authentication method is authentication by using a user name and a static password. For example: when the soft phone or the attendant logs in the telephone traffic system, the server side performs identity authentication on the user, and because the telephone traffic system is provided with a built-in user management module, account information of the user is configured in the telephone traffic system in advance, the user can log in the telephone traffic system through the soft phone and then dial or perform other operations. The soft phone refers to application software for dialing a telephone number, which is deployed on a client side such as a PC (personal computer) side or a mobile phone side.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
1. maintenance cost is too high
The daily password maintenance is generally performed by operation and maintenance and safety management personnel, a system with huge traffic is provided, the corresponding customer service amount of the back-end seat is also huge, a considerable amount of passwords need to be maintained, the regular replacement of the passwords is a huge project, and the corresponding cost is also very high;
2. the security is low and easy to be cracked
The invariability of the static password can greatly improve the risk of cracking, and a great deal of password maintenance can easily cause password conflict events, or the password is not changed for a long time and is acquired artificially by illegal personnel to cause immeasurable loss;
3. is difficult to remember and use
The regular replacement of different passwords easily makes the memory of the seat personnel difficult, and the seat personnel are easy to forget and misuse;
4. mixed services and high vulnerability risk
The business system undertakes the safety work of the part, the mixed mode invisibly increases the safety risk of the system, the vulnerability of one component is possibly involved in the safety of other components, the safety risk is high, and the operation load of the system is increased.
Disclosure of Invention
In view of this, embodiments of the present invention provide a login authentication method and apparatus for a call center system, which can implement a strong authentication mode combining dynamic authentication and static authentication, improve the overall security of the system, reduce the use risk of service personnel, and make the authentication mode more flexible and convenient.
To achieve the above object, according to an aspect of an embodiment of the present invention, a login authentication method for a call center system is provided.
A login authentication method of a call center system comprises the following steps: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account; if the authentication mode is dynamic password authentication, acquiring a generated dynamic password according to the account, and performing login authentication according to the dynamic password; and if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account, and performing login authentication according to the static password.
Optionally, before obtaining the authentication manner according to the login authentication request information, the method further includes: and acquiring the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login.
Optionally, if the service type is soft phone login, the login authentication request is sent through a user switch, and after the login authentication is completed, an authentication result is returned to the user switch.
Optionally, if the service type is a soft phone login, the account is a login account of the soft phone, and before obtaining the authentication manner according to the login authentication request information, the method further includes: and confirming that the login account of the soft phone is not logged in.
Optionally, if the service type is agent login, the login authentication request is sent through the computer telephone integrated system, and after the login authentication is completed, the authentication result is returned to the computer telephone integrated system.
Optionally, if the service type is agent login, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; before acquiring the authentication mode according to the login authentication request information, the method further comprises the following steps: and confirming that the login account of the agent is not logged in, and that the login account of the soft phone corresponding to the agent is logged in and is unoccupied.
Optionally, before obtaining the authentication manner according to the login authentication request information, the method further includes: confirming that the account number exists in the call center system.
According to another aspect of the embodiments of the present invention, a login authentication device for a call center system is provided.
A login authentication device of a call center system includes: the authentication mode acquisition module is used for acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account; the dynamic password authentication module is used for acquiring a generated dynamic password according to the account and performing login authentication according to the dynamic password if the authentication mode is dynamic password authentication; and the static password authentication module is used for acquiring a pre-stored static password according to the account and performing login authentication according to the static password if the authentication mode is static password authentication.
Optionally, the system further comprises a service type determining module, configured to: before obtaining the authentication mode according to the login authentication request information, obtaining the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login.
Optionally, if the service type is soft phone login, the login authentication request is sent through a user switch, and after the login authentication is completed, an authentication result is returned to the user switch.
Optionally, if the service type is softphone login, the account is a login account of the softphone, and the apparatus further includes a first status confirmation module, configured to: and before the authentication mode is acquired according to the login authentication request information, confirming that the login account of the soft phone is not logged in.
Optionally, if the service type is agent login, the login authentication request is sent through the computer telephone integrated system, and after the login authentication is completed, the authentication result is returned to the computer telephone integrated system.
Optionally, if the service type is agent login, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; and, the apparatus further comprises a second status confirmation module configured to: before the authentication mode is obtained according to the login authentication request information, the fact that the login account of the agent is not logged in is confirmed, and the login account of the soft phone corresponding to the agent is logged in and is unoccupied.
Optionally, the system further comprises a third status confirmation module, configured to: and before the authentication mode is acquired according to the login authentication request information, confirming that the account exists in the call center system.
According to another aspect of the embodiment of the invention, an electronic device for login authentication of a call center system is provided.
An electronic device for login authentication of a call center system, comprising: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the login authentication method of the call center system provided by the embodiment of the invention.
According to yet another aspect of embodiments of the present invention, a computer-readable medium is provided.
A computer-readable medium, on which a computer program is stored, the program, when executed by a processor, implementing a login authentication method for a call center system provided by an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits: the login authentication mode of the call center system is determined according to the login authentication request information, and the identity of the user is authenticated according to the authentication mode, so that the validity verification of the login information of the user can be realized according to the authentication type in the login authentication request, and the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, so that the authentication mode is more flexible and convenient; the safety control service system SVSC is introduced to realize independent safety certification of the service, and the certification platform is self-managed, easy to maintain, labor cost is reduced, and controllability is enhanced; in addition, in view of the fact that the original PBX already has a module supporting the radius protocol, the security control service SVSC also supports the radius protocol to realize the authentication process, so that seamless integration with the original network application infrastructure can be met, the docking difficulty is reduced, and the deployment is flexible.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the overall deployment of a call center system of an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating the main steps of a login authentication method of a call center system according to an embodiment of the present invention;
FIG. 3 is a flowchart of an implementation of a login authentication method according to a first embodiment of the present invention;
FIG. 4 is a flow chart of soft phone login in a second embodiment of the present invention;
FIG. 5 is a agent login flowchart of a third embodiment of the present invention;
fig. 6 is a schematic diagram of main blocks of a login authentication device of a call center system according to an embodiment of the present invention;
FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 8 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the description of the implementation process of the technical scheme of the invention, the main related industry terms comprise the following terms:
config Server: a configuration server, abbreviated as 'CFG', which is mainly used for configuring the relevant contents of seats, extensions, routing points, queues, skills and the like and providing configured information for CTI and PBX;
CTI Server: the computer and telephone integrated system is abbreviated as CTI, the CTI is computer and telephone integrated ComputerTelephony Integration, the CTI system obtains configuration information from CFG according to the self-owned protocol and interacts with the messageServer for calling type and seat state type event messages;
PBX: private Branch Exchange, also called a SPC Exchange, is an abbreviation of Private Branch Exchange, which is used to perform telephone exchanges both inside the enterprise and with the public telecommunication network;
message Server: the message server, abbreviated as 'MS', is used for forwarding the request and response information in the form of a queue;
IVR: the Interactive Voice Response can enter the service center only by using a telephone, can listen to mobile phone entertainment products according to operation prompts, and can play related information according to contents input by a user;
SBC: session Border Controller or Session Border Controller, which is a VoIP call control product, is used in an environment where a phone is completely transmitted by VoIP without a gateway;
smart VoIP Security Control: intelligent voice safety control, abbreviated as 'SVSC', provides multi-factor authentication, stream identification protection, encryption and decryption, intelligent analysis and interception and other multi-dimensional interactive safety integrated control for ensuring the safety of the service of the telephone traffic system;
OTP Server: the dynamic authentication server, abbreviated as OTP, is used for authenticating the dynamic password, and can also be linked with other server-side equipment to authenticate in the modes of short messages, mails and the like;
OpenSIPS: is a mature open source SIP server, which is called OPS for short;
SIP: session Initiation Protocol, which is a multimedia communication Protocol established by IETF (internet engineering Task Force);
radius: remote Authentication Dial In User Service, Remote User dialing Authentication system defined by RFC2865, RFC2866, is currently the most widely applied AAA protocol;
SSL: secure Sockets Layer, a Secure socket Layer, is a security protocol that provides security and data integrity for network communications;
ESL: event Socket Link, is a communication transmission mode of network layer;
a soft phone: the application software is deployed on a client side such as a PC (personal computer) side or a mobile phone side and is used for dialing a telephone;
a seat: refers to a call center seat, also called a desk seat or a seat representative, and generally comprises a seat computer, seat software, a seat headset, service personnel and the like. The call center seat realizes related control functions through seat software and hardware equipment so as to achieve the purpose of customer service, and belongs to the category of customer service.
Currently, a mainstream call center system in the market is a CTI call center system based on a board card mode, and is mainly applied to a place where a user only needs a local call center function. The service process of the agent login comprises the following steps: before logging in a call center system through a browser, a customer service agent needs to add own account information (including an account number and a password) in a CFG (configuration Server) in advance, and then configures corresponding PBX information. When logging in, firstly, the customer service seat uses a soft phone to log in an extension number to the PBX, the PBX requests the CFG to obtain extension information, and if the extension number exists, the logging in is successful; and then, the agent fills in own account information through a login interface, wherein the account information is account information configured in the CFG, and if the account information input during the agent login is correct and the logged extension number is logged in at the soft phone end, the agent login is successful.
Through the service flow, the existing call center system mainly performs static password verification according to the account number and the password stored in the configuration file when login authentication is performed, and mainly performs verification in the process of agent login, so that the safety is low and the system is easy to crack. In addition, the existing login authentication mode has the defects of high authentication information maintenance cost, difficulty in memory, easiness in forgetting and misusing, service mixing, high vulnerability risk and the like.
In order to solve the technical problems, the invention provides a login authentication method of a call center system, which changes the original static password authentication mode on the basis of the existing business process, uses a strong authentication scheme to ensure the security of the call center, reduces the occurrence of security vicious events such as brute force cracking, internal leakage, counterfeiting, monitoring and the like, and further enhances the security of authentication management; the security authentication and the telephone traffic service are isolated, so that the coupling between systems is reduced, the probability of accidents is reduced, the flexibility of deployment is facilitated, the management and the maintenance are easy, meanwhile, the independent security system also supports the replacement and the combination of various authentication modes, the selection range of the authentication is widened, and the service system has more flexibility; by using the strong authentication scheme, a user can conveniently use the system without specially memorizing own passwords, the possibility of errors is reduced, and meanwhile, the user can be effectively controlled and managed by inquiring the online authentication records of the user, so that the convenience of use is improved.
Fig. 1 is a schematic diagram of the overall deployment of a call center system according to an embodiment of the present invention. Fig. 1 relates to a plurality of system services, which basically participate in the login authentication process, and mainly include: config Server, Message Server, CTIServer, PBX, IVR, SBC, SVSC, OTP, etc. These system services are all in data communication according to a specified communication protocol, for example: data communication is performed between the SBC and the OPS based on the SIP link, data communication is performed between the SVSC and the PBX, OTP, CFG, etc. based on the SSL protocol, data communication is performed between the SVSC and the CTI based on the ESL, etc.
The invention changes the original authentication mode by adding new safety control equipment on the basis of the architecture of the original call center system. The added safety control equipment is SVSC and OTP, strong authentication such as dynamic password authentication can be provided through the linkage use of the SVSC and the OTP, the security degree of the strong authentication is high, and the verification program of the strong authentication identifies the two communication parties by using the technology of open cryptography.
In view of the fact that the original PBX already has a module supporting the radius protocol, the security control service SVSC also supports the radius protocol to realize the authentication process, so that seamless integration with the original network application infrastructure can be met, and the docking difficulty is reduced.
The OTP Server can be realized by the equipment of the manufacturer existing in the market, and can be developed or set according to the requirement. The OTP client uses the mobile phone token application APP or the password Key to acquire the dynamic password to log in the soft phone.
The following describes a specific implementation process of performing login authentication of a call center system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating main steps of a login authentication method of a call center system according to an embodiment of the present invention. As shown in fig. 2, the login authentication method of the call center system according to the embodiment of the present invention mainly includes the following steps S201 to S203.
Step S201: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account;
step S202: if the authentication mode is dynamic password authentication, acquiring the generated dynamic password according to the account, and performing login authentication according to the dynamic password;
step S203: if the authentication mode is static password authentication, a pre-stored static password is obtained according to the account, and login authentication is performed according to the static password.
According to the technical scheme and the service flow of the agent login, the agent customer service needs to log in the soft phone first and then the agent, and the agent can be regarded as a display end of the soft phone. The invention can respectively carry out login authentication in two processes of login of the soft phone and login of the seat in order to better ensure the system safety.
The authentication mode can be selected by the user when sending the login authentication request, or can be configured by the system, for example, some users can be configured to be static password authentication, and other users can be configured to be dynamic password authentication. The invention is not limited in this regard.
If the user selects the authentication mode before sending the login authentication request, the user can input an account and a password and send the login authentication request when the authentication type selected by the user is static password authentication; when the authentication type selected by the user is dynamic password authentication, the dynamic authentication Server OTP Server is triggered to generate a dynamic password and send the dynamic password to a dynamic authentication client, for example, a mobile token application APP, and then the user inputs the received dynamic password and sends a login authentication request.
If the system configures a login authentication mode, when a user logs in, after a user account is input, the authentication type corresponding to the user is inquired from the system configuration database. If the authentication type corresponding to a certain user is static password authentication, the user can input an account and a password and send a login authentication request; if the authentication type corresponding to a certain user is dynamic password authentication, the OTP Server is directly triggered to generate a dynamic password and send the dynamic password to the dynamic authentication client, and then the user inputs the received dynamic password and sends a login authentication request.
According to an embodiment of the present invention, before obtaining the authentication method according to the login authentication request information, the method further includes: and acquiring the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login. In the embodiment of the present invention, the processing procedure of the authentication request of the two service types, which are not the soft phone login or the agent login, is not described. In addition, those skilled in the art should know that the service types are not limited to the types listed in the embodiments of the present invention, and in a specific application, other service types may be set according to needs, and corresponding authentication steps are added for different service types.
In one embodiment of the invention, if the service type is soft phone login, a login authentication request is sent through the private branch exchange, and after the login authentication is completed, the authentication result is returned to the private branch exchange.
According to an embodiment of the present invention, if the service type is softphone login, the account is a login account of the softphone, and before obtaining the authentication manner according to the login authentication request information, the method further includes: and confirming that the login account of the soft phone is not logged in. The login account number of the soft phone during login is the corresponding extension number.
In another embodiment of the invention, if the service type is agent login, a login authentication request is sent by the computer-telephone integrated system, and after the login authentication is completed, the authentication result is returned to the computer-telephone integrated system.
According to another embodiment of the invention, if the service type is agent login, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent; before acquiring the authentication mode according to the login authentication request information, the method further comprises the following steps: and confirming that the login account of the agent is not logged in, and that the login account of the soft phone corresponding to the agent is logged in and is not occupied. According to the service flow of the agent login described above, before the agent is logged in, the soft phone needs to be logged in first, the agent can be logged in only when the soft phone is logged in and is not occupied, and the agent cannot be logged in similarly if the soft phone is occupied.
According to the embodiment of the invention, before the authentication mode is acquired according to the login authentication request information, the account number is required to be confirmed to exist in the call center system.
According to steps S201 to S203, the validity of the login information of the user can be verified according to the authentication type in the login authentication request, so as to ensure the validity of the user authentication. Different from the existing static password authentication mode, the call center system realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, so that the authentication mode is more flexible and convenient; the safety control service system SVSC is introduced to realize independent safety certification of the service, and the certification platform is self-managed, easy to maintain, labor cost is reduced, and controllability is enhanced; in addition, in view of the fact that the original PBX already has a module supporting the radius protocol, the security control service SVSC also supports the radius protocol to realize the authentication process, so that seamless integration with the original network application infrastructure can be met, the docking difficulty is reduced, and the deployment is flexible.
The following describes the implementation of the present invention with reference to specific embodiments.
Fig. 3 is a flowchart of the login authentication method according to the first embodiment of the present invention. As shown in fig. 3, the main process of login authentication performed by the SVSC includes:
step S301: acquiring a login authentication request sent by a user;
step S302: acquiring an account included in the login authentication request;
step S303: and interacting with the CFG to judge whether the system has information corresponding to the account. If not, the account is not set, and the user is prompted to fail to log in; if yes, the account is set, and step S304 is executed;
step S304: and acquiring the service type included in the login authentication request, and judging the service type. If the service type is soft phone login, executing step S305, and if the service type is seat login, executing step S306;
step S305: if the service type is soft phone login, the account is a login account (namely, extension number) of the soft phone, and the login state of the login account of the soft phone is judged through interaction with the PBX. If the login state is logged in, prompting the user that the account is logged in, and the login fails; if the login status is not logged in, go to step S307;
step S306: if the service type is agent login, the account is the login account of the agent, at the moment, the login account of the soft phone corresponding to the agent in the login authentication request is required to be obtained, and then whether the account of the soft phone is logged in or not is judged through interaction with the PBX; and then, through interaction with the CTI, judging whether the login state of the login account of the agent and the login account of the soft phone are occupied. If the login account of the agent is not logged in, and the login account of the soft phone is logged in and is not occupied, executing the step S307, otherwise, failing to log in;
step S307: and acquiring the authentication mode included in the login authentication request, and judging the authentication mode. If the authentication mode is static password authentication, step S308 is executed; if the authentication mode is dynamic password authentication, step S310 is executed;
step S308: acquiring an account and a password included in the login authentication request, acquiring a static password corresponding to the account from the CFG according to the account, and then executing step S309;
step S309: comparing the obtained static password with the password included in the login authentication request, if the static password is the same as the password included in the login authentication request, the authentication is passed, and the login is successful; otherwise, the authentication is not passed, and the login fails;
step S310: acquiring an account and a password included in the login authentication request, acquiring a dynamic password corresponding to the account from the OTP according to the account, and then executing step S311;
step S311: comparing the obtained dynamic password with the password included in the login authentication request, if the obtained dynamic password is the same as the password included in the login authentication request, the authentication is passed, and the login is successful; otherwise, the authentication fails and the login fails.
It should be understood by those skilled in the art that the implementation process shown in fig. 3 is only one embodiment of the present invention, and in a specific implementation, the service type included in the login authentication request may be obtained first, and then the account information included in the login authentication request may be obtained, which does not limit the scope of the present invention.
Fig. 4 is a flowchart of the soft phone login of the second embodiment of the present invention. As shown in fig. 4, it shows the process of soft phone login by sip phone for user, mainly comprising the following steps:
step S401: a user initiates a soft Phone login request to Opensps through an SIP Phone, and the Opensps forwards the login request to the PBX;
step S402: the PBX sends the login authentication request to a security control service system SVSC;
step S403: the SVSC acquires a softphone login account according to the login authentication request information and interacts with the CFG to confirm account information;
step S404: after the account information is confirmed, the SVSC interacts with the PBX to confirm the login state of the soft phone login account;
step S405: after the login state is confirmed to be not logged in, the SVSC acquires an authentication mode according to the login authentication request information;
step S406: if the authentication mode is static password authentication, the authentication request is sent to the CFG for authentication, and the CFG returns the authentication result after the authentication is finished;
step S407: and if the authentication mode is dynamic password authentication, sending an authentication request to the OTP for authentication, and returning an authentication result by the OTP after the authentication is finished.
Fig. 5 is a flow chart of agent login according to a third embodiment of the present invention. As shown in fig. 5, it shows the process of the user performing the agent login, mainly including the following steps:
step S501: a user initiates an agent login request to the MS, and the MS forwards the login request to the CTI;
step S502: the CTI sends a login authentication request to a security control service system SVSC;
step S503: the SVSC acquires an agent login account and a soft phone login account used by the agent request according to the login authentication request information, and interacts with the CFG to confirm the login state of the agent login account;
step S504: after the account information is confirmed, the SVSC interacts with the PBX to confirm the login state of the soft phone login account;
step S505: after the login state of the soft phone login account is confirmed to be logged in, the SVSC interacts with the CTI to confirm the login state of the agent login account and confirm the occupation state of the soft phone login account;
step S506: when the login state of the agent login account is confirmed to be not logged in and the occupation state of the soft phone login account is confirmed to be not occupied, the SVSC acquires an authentication mode according to login authentication request information;
step S507: if the authentication mode is static password authentication, the authentication request is sent to the CFG for authentication, and the CFG returns the authentication result after the authentication is finished;
step S508: and if the authentication mode is dynamic password authentication, sending an authentication request to the OTP for authentication, and returning an authentication result by the OTP after the authentication is finished.
In the descriptions of the second and third embodiments shown in fig. 4 and 5, since the service type is defined, the operation of determining the service type is not mentioned in the login authentication process, and it should be understood by those skilled in the art that in the specific implementation, the step of determining the service type may be added. Additionally, in a third embodiment, the MS is configured to provide a buffer queue to satisfy the communication requirements between CTI and AGENT.
In addition, the OTP is only used for performing dynamic password authentication in the embodiment of the present invention, but it should be understood by those skilled in the art that the OTP does not only support dynamic password authentication, but also supports static password authentication, and the OTP can be used for static password authentication by storing the account and the password configured in the CFG onto the OTP. In the introduction of the embodiments of the present application, in order to be compatible with existing systems and to save operations for data transfer, CFG is still used for static password authentication. It will be understood by those skilled in the art that, in the implementation, the dynamic password authentication and the static password authentication may be performed on one server or may be performed separately on different servers, and the present invention is not limited thereto.
Fig. 6 is a schematic diagram of main blocks of a login authentication device of a call center system according to an embodiment of the present invention. As shown in fig. 6, the login authentication device 600 of the call center system according to the embodiment of the present invention mainly includes an authentication mode obtaining module 601, a dynamic password authentication module 602, and a static password authentication module 603.
An authentication mode obtaining module 601, configured to obtain an authentication mode according to login authentication request information, where the authentication mode includes dynamic password authentication and static password authentication, and the login authentication request information includes an account;
a dynamic password authentication module 602, configured to, if the authentication mode is dynamic password authentication, obtain a generated dynamic password according to the account, and perform login authentication according to the dynamic password;
and the static password authentication module 603 is configured to, if the authentication mode is static password authentication, obtain a pre-stored static password according to the account, and perform login authentication according to the static password.
According to an embodiment of the present invention, the login authentication apparatus 600 of the call center system may further include a service type determination module (not shown in the figure) for:
before obtaining the authentication mode according to the login authentication request information, obtaining the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login.
According to one embodiment of the invention, if the service type is soft phone login, a login authentication request is sent through the private branch exchange, and after the login authentication is completed, the authentication result is returned to the private branch exchange.
According to another embodiment of the present invention, if the service type is soft phone login, the account is a login account of the soft phone, and the login authentication apparatus 600 of the call center system may further include a first status confirmation module (not shown in the figure) for:
and before the authentication mode is acquired according to the login authentication request information, confirming that the login account of the soft phone is not logged in.
According to one embodiment of the invention, if the service type is agent login, a login authentication request is sent through the computer telephone integrated system, and after the login authentication is completed, an authentication result is returned to the computer telephone integrated system.
According to another embodiment of the invention, if the service type is agent login, the account is a login account of the agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent;
also, the login authentication device 600 of the call center system may further include a second status confirmation module (not shown in the figure) for:
before the authentication mode is obtained according to the login authentication request information, the fact that the login account of the agent is not logged in is confirmed, and the login account of the soft phone corresponding to the agent is logged in and is unoccupied.
According to another embodiment of the present invention, the login authentication device 600 of the call center system may further include a third status confirmation module (not shown in the figure) for:
and before the authentication mode is acquired according to the login authentication request information, confirming that the account exists in the call center system.
According to the technical scheme of the embodiment of the invention, the login authentication mode of the call center system is determined according to the login authentication request information, and the identity of the user is authenticated according to the authentication mode, so that the validity verification of the login information of the user can be realized according to the authentication type in the login authentication request, and the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, so that the authentication mode is more flexible and convenient; the safety control service system SVSC is introduced to realize independent safety certification of the service, and the certification platform is self-managed, easy to maintain, labor cost is reduced, and controllability is enhanced; in addition, in view of the fact that the original PBX already has a module supporting the radius protocol, the security control service SVSC also supports the radius protocol to realize the authentication process, so that seamless integration with the original network application infrastructure can be met, the docking difficulty is reduced, and the deployment is flexible.
Fig. 7 shows an exemplary system architecture 700 to which the login authentication method of the call center system or the login authentication apparatus of the call center system of the embodiment of the present invention can be applied.
As shown in fig. 7, the system architecture 700 may include terminal devices 701, 702, 703, a network 704, and a server 705. The network 704 serves to provide a medium for communication links between the terminal devices 701, 702, 703 and the server 705. Network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 701, 702, 703 to interact with a server 705 over a network 704, to receive or send messages or the like. The terminal devices 701, 702, 703 may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only).
The terminal devices 701, 702, 703 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 705 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 701, 702, 703. The backend management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (for example, target push information, product information — just an example) to the terminal device.
It should be noted that the login authentication method of the call center system provided by the embodiment of the present invention is generally executed by the server 705, and accordingly, the login authentication device of the call center system is generally disposed in the server 705.
It should be understood that the number of terminal devices, networks, and servers in fig. 7 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 8, shown is a block diagram of a computer system 800 suitable for use with a terminal device or server implementing an embodiment of the present invention. The terminal device or the server shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 801.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor, and may be described as: a processor comprises an authentication mode acquisition module, a dynamic password authentication module and a static password authentication module. Here, the names of these units or modules do not constitute a limitation to the units or modules themselves in some cases, and for example, the authentication manner acquisition module may also be described as "a module for acquiring an authentication manner from login authentication request information".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account; if the authentication mode is dynamic password authentication, acquiring a generated dynamic password according to the account, and performing login authentication according to the dynamic password; and if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account, and performing login authentication according to the static password.
According to the technical scheme of the embodiment of the invention, the login authentication mode of the call center system is determined according to the login authentication request information, and the identity of the user is authenticated according to the authentication mode, so that the validity verification of the login information of the user can be realized according to the authentication type in the login authentication request, and the validity of the user authentication is ensured. Different from the existing static password authentication mode, the call center system realizes a strong authentication mode combining dynamic authentication and static authentication by introducing a security control service system SVSC and combining a dynamic authentication server OTP and a configuration server CFG, improves the overall security of the system and reduces the use risk of service personnel; when the call center system is logged in, whether static password authentication or dynamic password authentication can be selected according to the situation, so that the authentication mode is more flexible and convenient; the safety control service system SVSC is introduced to realize independent safety certification of the service, and the certification platform is self-managed, easy to maintain, labor cost is reduced, and controllability is enhanced; in addition, in view of the fact that the original PBX already has a module supporting the radius protocol, the security control service SVSC also supports the radius protocol to realize the authentication process, so that seamless integration with the original network application infrastructure can be met, the docking difficulty is reduced, and the deployment is flexible.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (16)

1. A login authentication method of a call center system is characterized by comprising the following steps:
acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account;
if the authentication mode is dynamic password authentication, acquiring a generated dynamic password according to the account, and performing login authentication according to the dynamic password;
and if the authentication mode is static password authentication, acquiring a pre-stored static password according to the account, and performing login authentication according to the static password.
2. The method according to claim 1, wherein before acquiring the authentication means based on the login authentication request information, the method further comprises:
and acquiring the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login.
3. The method of claim 2, wherein if the service type is soft phone login, sending the login authentication request through a private branch exchange, and after login authentication is completed, returning an authentication result to the private branch exchange.
4. The method according to claim 2 or 3, wherein if the service type is softphone login, the account is a login account of the softphone, and before obtaining the authentication manner according to the login authentication request information, the method further comprises:
and confirming that the login account of the soft phone is not logged in.
5. The method of claim 2, wherein if the service type is agent login, the login authentication request is sent through a computer telephony integration system, and after the login authentication is completed, the authentication result is returned to the computer telephony integration system.
6. The method according to claim 2 or 5, wherein if the service type is agent login, the account is a login account of an agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent;
before acquiring the authentication mode according to the login authentication request information, the method further comprises the following steps:
and confirming that the login account of the agent is not logged in, and that the login account of the soft phone corresponding to the agent is logged in and is unoccupied.
7. The method according to claim 1, wherein before acquiring the authentication means based on the login authentication request information, the method further comprises:
confirming that the account number exists in the call center system.
8. A login authentication device for a call center system, comprising:
the authentication mode acquisition module is used for acquiring an authentication mode according to login authentication request information, wherein the authentication mode comprises dynamic password authentication and static password authentication, and the login authentication request information comprises an account;
the dynamic password authentication module is used for acquiring a generated dynamic password according to the account and performing login authentication according to the dynamic password if the authentication mode is dynamic password authentication;
and the static password authentication module is used for acquiring a pre-stored static password according to the account and performing login authentication according to the static password if the authentication mode is static password authentication.
9. The apparatus of claim 8, further comprising a service type determination module configured to:
before obtaining the authentication mode according to the login authentication request information, obtaining the service type corresponding to the login authentication request according to the login authentication request information, wherein the service type comprises soft phone login and seat login.
10. The apparatus of claim 9, wherein if the service type is soft phone login, the login authentication request is sent through a private branch exchange, and after login authentication is completed, an authentication result is returned to the private branch exchange.
11. The apparatus according to claim 9 or 10, wherein if the service type is softphone login, the account is a login account of the softphone, and the apparatus further comprises a first status confirmation module configured to:
and before the authentication mode is acquired according to the login authentication request information, confirming that the login account of the soft phone is not logged in.
12. The apparatus of claim 9, wherein if the service type is agent login, the login authentication request is sent through a computer telephony integration system, and after the login authentication is completed, the authentication result is returned to the computer telephony integration system.
13. The device according to claim 9 or 12, wherein if the service type is agent login, the account is a login account of an agent, and the login authentication request information further includes a login account of a soft phone corresponding to the agent;
and, the apparatus further comprises a second status confirmation module configured to:
before the authentication mode is obtained according to the login authentication request information, the fact that the login account of the agent is not logged in is confirmed, and the login account of the soft phone corresponding to the agent is logged in and is unoccupied.
14. The apparatus of claim 8, further comprising a third status confirmation module configured to:
and before the authentication mode is acquired according to the login authentication request information, confirming that the account exists in the call center system.
15. An electronic device for login authentication of a call center system, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
16. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN201811098582.6A 2018-09-20 2018-09-20 Login authentication method and device for call center system Active CN110933016B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811098582.6A CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811098582.6A CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Publications (2)

Publication Number Publication Date
CN110933016A true CN110933016A (en) 2020-03-27
CN110933016B CN110933016B (en) 2023-06-23

Family

ID=69856193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811098582.6A Active CN110933016B (en) 2018-09-20 2018-09-20 Login authentication method and device for call center system

Country Status (1)

Country Link
CN (1) CN110933016B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520805B (en) * 2022-01-20 2024-01-16 厦门亿联网络技术股份有限公司 a conference system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217599A (en) * 2008-01-14 2008-07-09 中兴通讯股份有限公司 A logging on method from attendant console user end to server
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
US20150281451A1 (en) * 2014-03-31 2015-10-01 Avaya Inc. System and method to detect and correct ip phone mismatch in a contact center
CN108401080A (en) * 2017-02-07 2018-08-14 北京京东尚科信息技术有限公司 Control method of attending a banquet and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217599A (en) * 2008-01-14 2008-07-09 中兴通讯股份有限公司 A logging on method from attendant console user end to server
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
US20150281451A1 (en) * 2014-03-31 2015-10-01 Avaya Inc. System and method to detect and correct ip phone mismatch in a contact center
CN108401080A (en) * 2017-02-07 2018-08-14 北京京东尚科信息技术有限公司 Control method of attending a banquet and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520805B (en) * 2022-01-20 2024-01-16 厦门亿联网络技术股份有限公司 a conference system

Also Published As

Publication number Publication date
CN110933016B (en) 2023-06-23

Similar Documents

Publication Publication Date Title
US9882723B2 (en) Method and system for authentication
US10171520B2 (en) Seamlessly conferencing a previously-connected telephone call
US11196739B2 (en) Authorization activation
CN113630377B (en) Single sign-on for hosted mobile devices
US9729336B2 (en) System and method for delayed phone conferencing
US9065903B2 (en) User-based authentication for realtime communications
CA2760995A1 (en) Access control to secured application features using client trust levels
RU2721825C2 (en) System and method of establishing communication over multiple communication platforms
RU2642483C2 (en) Method and device for conference access
EP2222065B1 (en) Secure feature access from an off-pbx telephone
CN113271299B (en) Login method and server
JP2006295673A (en) Call system, proxy dial server device, proxy dial method used therefor, and program thereof
US20070254637A1 (en) Device, Method and Computer Program Product Readable Medium for Establishing a Communication Session
CN110933016B (en) Login authentication method and device for call center system
CN113489707B (en) Call processing method, device, equipment and storage medium
CN113395391B (en) Call authorization method, device, equipment and computer readable storage medium
CN108718325A (en) Telephone outbound call method, system, equipment and storage medium based on dynamic registration
CN103997491A (en) Quantum secret communication telephone subscriber terminal extension gateway system
US10477362B1 (en) Interface and authorization for cross-network communications
US10063596B2 (en) Devices for managing data associated with an audio communication
CN108352988A (en) Based on twin-channel authentication method and system
CN113905021A (en) Communication method and device for fixed telephone, electronic equipment and storage medium
CN116436903A (en) Method, device, electronic equipment and computer readable storage medium for calling
CN105610767A (en) Method, device and platform for safely issuing password
CN108881292A (en) VoIP safe precaution method, system, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant