TW201545099A - System and method of mobile check-in and a cloud system thereof - Google Patents

Abstract

System and method of mobile check-in, includes a database, a server, and a push gateway. A cloud is composed of the database, the server and the push gateway. The server generates a check-in request, which is delivered as a push notification through the push gateway and an outside push server to the mobile communication device. All the functions of the mobile communication device enabled by an organization code are locked except a check-in function until the check-in process is completed.

Description

Action card punching system and method and cloud system thereof

The present invention relates to a cloud technology using a mobile communication device, and more particularly to an action punching system and method.

Nowadays, the employee attendance management and assessment system has gradually evolved from the traditional fixed time clock to the use of smart mobile phones or palm-sized computers, so that the staff's attendance management and assessment is no longer limited to fixed places. However, there are still many prior technologies. The lack of technology has made it impossible to meet the needs of corporate organizations for operational attendance management and assessment.

The Republic of China Invention Patent Notice No. I327297, the invention titled "Method of Personnel Attendance Assessment", discloses a method for personnel attendance assessment, mainly using a positioning server and an action positioning attendance machine to provide positioning data to an attendance device. Attendance information. The positioning server communicates with the mobile positioning attendance machine via a wireless communication network, locates the server and obtains the mobile positioning attendance machine (held by the attendance personnel) to locate the data (such as latitude and longitude, etc.), and then the attendance device generates the positioning data according to the positioning data. Attendance information. The technical problem solved by this prior art is that "the existing attendance method has the following disadvantages: 1. The operating cost is relatively high, and the attendance recording equipment is usually set in a fixed position. 2. The attendance behavior of the employee is not necessarily recognized by the attendance equipment. 3. It is not possible to provide attendance data immediately." (See paragraphs [0004]~[0007] of the manual). And this prior art is produced The technical effect of the student is "providing a method of using wireless communication devices to locate personnel attendance assessments to provide an attendance method with convenient and instant information."

The Republic of China Invention Patent Publication No. 200841277, the invention entitled "Wireless Sign-Off Method", discloses a wireless sign-in method, which is applied to a wireless sign-in device, which sends a broadcast packet to obtain a wireless communication device. Transmitting the connection confirmation packet and establishing a connection with the wireless communication device, and confirming that an identity information in the connection confirmation packet has been recorded in a sign-in database of the wireless sign-in device, and obtaining the wireless sign-in device The connection confirms that the time of the packet matches the identity information and stores it in the check-in database to record the working time, so that the automatic check-in can be achieved, thereby reducing labor and cost expenditure. The technical problem actually solved by the prior art 2 is that "the paper card and the magnetic card have many disadvantages in actual application" (see paragraphs [0002] to [0003] of the specification). The technical effect produced by the prior art 2 is "providing a wireless sign-in method, which is to periodically send a broadcast packet by a wireless sign-on device, obtain a connection confirmation packet transmitted by a wireless communication device, and communicate with the wireless communication device. The device establishes a connection, and after confirming that the identity information in the connection confirmation packet has been recorded in a sign-in database of the wireless sign-in device, periodically confirming the connection state between the wireless sign-in device and the wireless communication device, When the wireless sign-in device loses connection with the wireless communication device, the last connection time of the wireless sign-in device and the wireless communication device can be obtained.

The Republic of China Invention Patent Publication No. 201033942, the invention titled "Mobile Attendance Record Online Sign-in Processing Method and System", discloses a mobile attendance record online check-in processing method and system, which can be applied to a mobile electronic device, For example, it is a smart mobile phone or a palmtop computer, which allows users (especially company employees) to conduct check-in and work reports online when they go out to work, for example, when traveling to a business or visiting a customer. The advantage of this mobile attendance record online check-in processing method and system is that the company employees can still go online to check-in procedures in the field when they travel outside the company due to business needs; and make the company supervisor easier and convenient. Master and understand the attendance of employees. The technical problem that this prior art 3 actually solves is that "the check-in clock system is set at a fixed position, which is inconvenient for employees who are on a business trip" (see paragraphs [0002] to [0003] of the manual). The technical effect produced by the prior art 3 is to provide a mobile attendance record online check-in processing method and system, which allows employees to go online to work in the field when they are traveling outside the company due to business needs. program".

In the foregoing prior art, the positioning server of the prior art, the wireless sign-in device of the prior art 2, and the servo host of the prior art 3 have no organization management module to respond to the "multiple-level structure that the enterprise organization needs to be flexible, and is specific to The problem of issuing a punch request at the level and "using a single cloud system to serve many enterprise organizations", for example, a company with a multi-level structure, when the employees of one unit collectively go on a business trip, the prior technologies cannot be targeted to specific The unit sends out a request, or sets up a card punching system in an enterprise organization, which cannot make many enterprise organizations share the same card punching system; these prior technologies cannot be established between the wireless client and the cloud server. The problem of a single application accessing a hybrid cloud system with a single interface, because these prior technologies only develop a proprietary application for a specific enterprise organization's punching system, so the enterprise organization's punching system establishes its own Interface; these prior art wireless clients do not have "mandatory Card technology "and" a punch arbitrarily assigned / set position "and so on. In addition, the technical means utilized by the prior art and the resulting technical effects are also independent of the action punching system utilizing "cloud technology." Therefore, it is necessary to propose an action cloud system suitable for the organization and management of employee attendance and assessment. Complement the shortcomings of the prior art.

In view of this, the present invention provides an action punching system and method using cloud technology and a cloud system with a hybrid cloud mode, which can provide a single application (App) connection single interface technology, mandatory punch request technology, and any specified punch location. For a number of enterprise organizations to share the attendance and assessment of a system management staff, and in a cloud system with a hybrid cloud model, a mobile device is used to execute a single application (App) to establish an Internet connection, and each enterprise organization Manage the information uploaded by the mobile communication device by yourself.

The present invention provides a mobile card punching system, comprising: a database storing a plurality of member information, each of the member information comprising at least one organization identification code and a punch card information, each of the organization identification codes corresponding to an organization; a server Accessing the database and establishing a network connection with at least one mobile communication device having one of the member information, the server generating a punch request according to an electronic map location coordinate, a specified time, and a receiving list The receiving end list includes at least one push identification code corresponding to one of the member information; and a push gateway device, generating a push notification according to the punch request, and sending the push broadcast through a push host Notifying the mobile communication device; wherein the server receives the organization identification code and the punching information uploaded by the mobile communication device via the network connection, wherein the organization identification code is used for verification, and the punch information is stored to In the database, the server aggregates the punch information of the member information for a specific period of time into an attendance information; Database servers and the gateways of the push composition into a cloud.

The action punching system of the present invention further includes a mobile communication device of the user end, the mobile communication device includes a positioning module and executes an application, and the positioning module is based on When the location of the mobile communication device generates a current position coordinate, the mobile communication device executes the application to establish a network connection with the server. The mobile communication device executes the application to log in to the server and receive the input organization identification code, and upload the organization identification code to the server via the network connection. The mobile communication device executes the application to receive the push notification and locks all execution functions of the application to log in with the organization identifier, until the application performs a punch operation, and the lock is released according to the punch card operation. The designated time of the request is within a distance range of the electronic map location coordinates or the electronic map location coordinates, and the application receives or automatically generates a punch command to generate the punch information, and uploads the punch information via the network connection. To the server, the punch information includes at least one dozen time stamps and the current position coordinates. The mobile communication device executes the application to generate a reminder alert according to the electronic map location coordinates of the punch request and the specified time. The system of the present invention is composed of the database, the server and the push gateway to form the cloud, and the module including the technical means for the server belongs to a servo module group, and the servo module group It is modular and decentralized, and can be separated and placed in different machine rooms.

The present invention provides a mobile punching method, which is applied to a cloud combined by a database, a server and a push gateway, and includes: storing a plurality of member information in the database, each of the member information including at least one The organization identification code and a punch card information, each of the organization identification codes corresponding to an organization, the organization may be a single hierarchical organization or a plurality of hierarchical organizations; establishing the server and at least one mobile communication device having one of the member information An internet connection between the network, the server identifier and the punch information uploaded by the mobile communication device are received by the server for verification; and the server is based on an electronic map location coordinate, Generating a punch request at a specified time and a receiving list, wherein the receiving list contains corresponding At least one push identification code of one of the member information; receiving, by the server, the punch information uploaded by the mobile communication device to store the punch information into the database, and collecting the member The punching information of the information in a certain period of time becomes an attendance information; and the push gateway generates a push notification according to the punch request, and sends the push notification to the mobile communication device through a push broadcast host .

The invention further provides a mobile punching method, which is applied to an access mobile communication device, wherein the cloud is combined by a database, a server and a push gateway, wherein the database is stored a plurality of member information, each of the member information including at least one organization identification code and one punch card information, the method comprising: establishing an internet connection between the server and the mobile communication device having one of the member information Receiving the input organization identification code through an input interface of the mobile communication device, uploading the organization identification code to the server via the network connection; receiving a push notification about the punch request, locking the organization All execution functions of the identifier enable until the mobile communication device performs a punching operation, wherein the punch request includes an electronic map location coordinate and a specified time, the punching operation is based on the punch request The specified time is within a distance range of the electronic map location coordinates or the electronic map location coordinates, and the punch information is generated and The network connection uploads the punch information to the server, and the punch information includes at least one dozen time stamps and one current position coordinate. The action punching method of the present invention further comprises: generating a reminder alert according to the electronic map location coordinates of the punch request and the specified time.

The present invention further provides a cloud system, comprising: a public cloud system and at least one private cloud system, wherein the public cloud system comprises: a first database storing a plurality of member information, each of the member information including at least one organization Identification code, corresponding to each organization identification code An organization; and a first server accessing the first database and accepting the organization identification code uploaded by at least one mobile communication device having the member information for login verification; wherein the private cloud system comprises: a first The second server receives the information uploaded by the mobile communication device and a second database, and stores the second server to receive the information uploaded by the mobile communication device; wherein the first server is based on a location of the servo module Transmitting, to the second server, the mobile communication device corresponding to the private cloud system; wherein the mobile communication device executes an application to receive the input at least one organization identification code, and uploads the organization identification code to the The first server of the public cloud system and the second server that is steered to the private cloud system according to the location information of the servo module stored in the first server.

The detailed features and advantages of the present invention are set forth in the Detailed Description of the Detailed Description of the <RTIgt; </ RTI> <RTIgt; </ RTI> </ RTI> </ RTI> <RTIgt; The objects and advantages associated with the present invention can be readily understood by those skilled in the art.

10, 10a, 10b‧‧‧ server

12‧‧‧First network communication module

14‧‧‧ Login verification module

16‧‧‧ punch request generation module

18‧‧‧Attendance assessment module

20, 20a, 20b‧‧‧ database

22‧‧‧Pushing the gateway

24‧‧‧Push host

26, 26a, 26b‧‧‧ mobile communication devices

28‧‧‧Application

30‧‧‧ Positioning Module

32‧‧‧Second network communication module

34‧‧‧ Login Module

36‧‧‧Function Locking Module

38‧‧‧ Punch Module

40‧‧‧ Punch reminder module

42‧‧‧Cloud

44‧‧‧public cloud

46, 46a, 46b‧‧‧ private cloud

1 is a system architecture diagram of an embodiment of the present invention; FIG. 2 is a schematic diagram of a cloud organization and hierarchy according to an embodiment of the present invention; FIG. 3A is a schematic diagram 1 of a cloud deployment mode according to an embodiment of the present invention; FIG. 4 is a flowchart of an operation of an embodiment of the present invention; and FIG. 5 is a flowchart of an operation sub-process according to another embodiment of the present invention.

Referring to FIG. 1 , a system architecture diagram of a preferred embodiment of the present invention includes a database 20 (ie, a cloud 42 of the present invention), a server 10, a server 10 and a push gateway 22, and User-side mobile communication device 26. The database 20 defines a plurality of organizations, the so-called "organizations", ie, company companies or communities, each of which is defined by a unique Organization ID; in other words, for the system of the present invention. In other words, each newly established organization sets a non-repeating organization identification code by the system of the present invention, and the organization and the organization identification code are in a one-to-one correspondence and are stored in the organization's data table (ie, "Table"). In one embodiment of the invention, the present invention employs a hierarchical Namespace data structure for defining an organization (setting an organization identification code), and once the organization identification code is set, the organization is completely independent of the outside ( This means that people outside the organization cannot retrieve information within the organization. Even the name of the organization cannot be retrieved. It is completely impossible for outsiders to know whether an organization exists in the system, so that the organization obtains sufficient confidentiality and organizes the identification code. That is, the Root Namespace, the organization consists of a single level or a plurality of levels and contains at least one member. The so-called "level" refers to the structure in the organization, and the organization of a single level, for example, a small community. (such as billiard clubs, bicycle clubs) or small companies with fewer than ten employees. Because of the small number of members, it is not necessary to subdivide the level of members, and the level of multi-level organizations such as a large company may According to the position unit, it is divided into four levels: “business group”, “department”, “class” and “group”, or according to the membership level. OL "," two levels "..." 15 level "is divided into fifteen levels. In the system of the present invention, a single member can join more than two organizations at the same time, and at the same time have an organization identification code corresponding to the affiliated organization, for example, a member joins a sports hobby society, a charity community, and a There are three organizations in the enterprise, so this member has three different organization identifiers to correspond to the organizations to which they belong. In the database 20, Member-based member information, including the organization ID, account number, password, and punch information corresponding to the organization to which it belongs.

The server 10 includes the following servo modules (groups): a first network communication module 12, a login verification module 14, a punch request generation module 16, and an attendance assessment module 18. The first network communication module 12 is configured to establish a TCP protocol (including Socket and WebSocket connection), an HTTP protocol, or an HTTPS protocol network connection with the second network communication module 32 of the mobile communication device 26 of the client. The login verification module 14 receives the organization identification code, account number and password uploaded by a member through the mobile communication device 26, and then organizes the identification code, the account number and the password, and the organization identification code and account number of the member information stored in the database 20. The password is verified. The punch request generation module 16 receives the electronic map location coordinates uploaded by the authorized person (such as the unit supervisor or the system administrator), the designated time of the punching, and at least one receiving end (that is, the object required to punch the card, usually by checking the manner Selecting the member in the organization address book, the punch request generation module 16 then performs the mapping operation on the receiving end (ie, the selected member in the organization address book) to generate the receiving list (ie, the selected member's "" Pushing the identification code "), and finally the punch request generating module 16 generates a check-in request (Check-In Request) according to the uploaded electronic map position coordinates, the specified time and the receiving list, and the receiving list includes at least one push-recognition code ( Push ID), a push identification code corresponds to a receiving device of one member (ie, mobile communication device 26). The attendance assessment module 18 receives the punch information and stores it in the member information of the database 20, and aggregates all the punch information in the member information for a certain period of time into the attendance information.

The server 10 and the database 20 are not limited to be deployed on a specific number of devices, for example, the two may be deployed on the same device, or both may be deployed on a cluster device. Or on a different cluster device.

The so-called "electronic map location coordinates" is on the electronic map by the licensor Marking the position coordinates of a single point, or a range limited by a plurality of position coordinates. In an embodiment, an additional "allowable error distance value" may be additionally set, for example: "allowable error distance 50 meters" The outward expansion of the position coordinates on behalf of the set position is also included in the range of allowed punch positions. As for the so-called "specified time of punching", it includes a one-time time and a periodic time, such as "the morning of a certain month of the year, from 9:00 am to 12 noon", and the periodic time is, for example, "Every Monday to Friday, 9 am to 12 noon." An embodiment of the present invention only allows card punching information to be uploaded to the server 10 within a specified time, meaning that the member cannot be punched for more than a specified time. In other words, the database 20 does not record "Invalid Check-In". In another example of the present invention, the punching information outside the specified time is allowed to be uploaded to the server 10, and the authorized person can manually interpret or manually filter the punching records outside the specified time to be included in the attendance information of the member. (For example, the punch card outside the specified time is listed as "late"). The method of setting the receiving end is to select a specific member, a specific organization level, a specific group list or all members in the organization from the organization address book. The so-called "organization address book" is controlled by a competent person (such as a system administrator). Edit, other members can only view or use but can't edit the organization address book. The so-called "specific group list" is also edited by the authorized person, for example: "one unit/level level supervisor in the organization", "in the organization The second-level supervisor at the unit/level, the “level-level personnel at each unit/level in the organization”, etc., so the class-receiving end is originally dispersed in each unit/hierarchy, so it is necessary to manually compile a specific group list. For use.

The push gateway 22 generates a push notification according to the punch request, and transmits a push notification through the external push host 24 (for example, MPNS, GCM, and APNS). When the database 20 records that a certain receiving device is an iOS device (such as an iPhone and an iPad), the push gateway 22 generates a push notification according to the format required by the APNS, and transmits it through the APNS after being generated. Send push notifications, and so on for other platforms.

The mobile communication device 26 (for example, a smart phone and a tablet running an iOS, Android or Windows Phone operating system) includes a positioning module 30 and executes an application 28 (ie, an application, also called an App), and the positioning module 30 is based on the current mobile communication device. The location 28 generates the current location coordinates, and the application 28 includes: a second network communication module 32, a login module 34, a function locking module 36, a punching module 38, and a punching reminder module 40. The second network communication module 32 is configured to establish a TCP protocol, an HTTP protocol, or an HTTPS protocol network connection with the first network communication module 12 of the server 10. The login module 34 receives the input of the organization identifier, account number and password of the user (ie member) and uploads it to the server 10. After receiving the push notification of the punch request, the function lock module 36 locks the application 28 with all the execution functions of the organization identifier, and only allows the application 28 to perform the punching operation, and the lock is released after the punching operation is completed, that is, the member is Upon receipt of the punch request, the application 28 of the present invention enforces the technical means to force the member to be unable to operate the application 28 to log in to any other functions executable (eg, other chat functions, texture functions, bulletin bars functions). , voice function, file transfer function, etc.), until the member completes the punching operation to operate other functions, which is one of the main technical features of the present invention. The punching module 38 performs a punching operation, and the punching operation receives the punching instruction to upload the punching information to the server 1 () in the specified time range of the electronic map position coordinate or the electronic map position coordinate according to the punching request. At least the check-in timestamp and the current position coordinates are included. The card reminding module 40 generates a reminder alert according to the electronic map location coordinates of the punch request and the specified time. For example, in an embodiment, when the member is in the current position or has reached the electronic map position coordinate, a reminder alert “close to the punch position” is generated or "After the punching position has been reached", in an embodiment, when the specified time has elapsed or has reached the specified time, a reminder warning "Specify the time of the punch card" or "After the specified time of punching card", in one embodiment, when the member arrives at the coordinate position coordinate of the electronic map within a specified time, a reminder warning "the punching operation is available" is generated. In an embodiment, when the designated time is about to expire and the member has not yet When the card is punched, a reminder warning is generated that "the designated time for punching is about to expire". In an embodiment, when the designated time is about to expire and the member has not punched the card and the electronic map position coordinates have not been reached, a reminder warning is generated, "the designated time for punching is about to expire, and the distance is still The punching position is XX meters. In an embodiment, when the member reaches the coordinates of the electronic map position within the specified time, the punching instruction is automatically generated, and a reminder warning "the punching operation has been completed" is generated.

The punching operation refers to "receiving punching instructions" to "uploading punching information to the server 10". However, there are many factors that may cause the punching information to be immediately uploaded at the moment, for example, the mobile communication device 26 cannot establish the network connection at the moment, In response to the occurrence of this situation, the card punching operation of the embodiment of the present invention temporarily stores the punching information in the memory of the mobile communication device 26 when the network connection cannot be established or the network is temporarily disconnected, and the network is to be established. After the connection, the card information is uploaded to the server 10, no matter when the card information is uploaded, the card information is never distorted (the time stamp is still the current time of the card, but not related to the upload time), and then by the attendance When the assessment module 18 collects the punching information to generate the attendance information, the punching information (referring to the delayed punching information) is still determined as valid information.

The function locking module 36 of the present invention refers to "all the execution functions of the application locked by the organization identification code" (locking all execution functions of the application enabled by the organization identification code) means "except the punch function and its In addition to the related procedures, other functions of the application 28 are temporarily locked and cannot be executed. When a member joins a plurality of different organizations and one of the organizations sends a punch request, only the organization that sends the punch request is sent. The function of the organization ID to log in to its application 28 is locked and cannot be executed if the member is identified by another organization If you log in to another group machine, all function execution will not be affected (that is, when you log in with other organization IDs, all execution functions are enabled). In the above example: a member joins a sports club, a public interest group, and A company has three organizations, assuming that the company sends a punch request to all its employees. If the member does not perform the punching operation as requested, the member cannot perform any functions other than punching after logging in with the organization ID of the enterprise. If the member logs in with the organization logo of the sports club or the charity, all function execution is not affected. In an embodiment of the present invention, the application 28 displays the graphical user interfaces of different functions by using at least two or more views, and the punching function (ie, the graphical user interface associated with the punching module 38) is separately occupied. A layer view, and the view of the punch function is set to "Always-On-Top", other lower-level views cannot be executed during the lock period, for example, a pop-up window (Pop-Up Window) is presented. Until the punching operation is completed, the view of the uppermost punching function is closed and other views are allowed to be executed.

In another embodiment of the present invention, all programs (or "strokes", that is, Function/Process) of the application 28 are provided with values representing Executing Priority, and priority is given to the program related to the punch function. Set to be higher than other functions, when the function lockout module 36 performs the lock, only the program with the high priority value is allowed to be executed (for example, the punch function and its related necessary programs), while other programs with low priority values are required to be punched. The job can only be executed after it has been completed. In still another embodiment of the present invention, the program for all functions of the application 28 is provided with an execution flag (Executing Flag), when the application 28 accepts an organization identification code to log in, and after receiving the push notification of the punch request, When the function locking module 36 executes the program for locking the locking function with the organization identification code, the execution flag of the punching function and its related necessary programs are all set to "Enable" ("executable"), while others The function execution flag is set to "go "Disable", when the function locking module 36 performs unlocking, resets the execution flag of all programs to "enable", and the application 28 of the present invention checks its execution before executing the program. The flag, only the program with the "Enable" flag can be executed. Further, when the mobile communication device 26 executes the application 28 to receive a push notification of a punch request and locks all execution functions registered with an organization identification code, The application 28 does not lock all execution functions that are logged in with other organization IDs.

Referring to FIG. 2, a schematic diagram of the organization and hierarchy of the cloud 42 according to a preferred embodiment of the present invention illustrates that the cloud 42 structure of the present invention supports a plurality of organizations, and each organization can be composed of a single level to a plurality of levels. There are zero to multiple members (not shown in the legend). The hierarchical structure of the "A organization" in the legend is a vertical type (or high-rise type, high-tower type), which is suitable for the division of members as a hierarchy. For example, the first level is "fifteenth grade," The second level is "fourteen grades", the third level is "thirteen grades", and so on, and "the thirteenth grade or above is a high-level supervisor", the punch request generation module 16 of the present invention can specify punching The level, such as a high-level executive seminar held in the field, all high-level supervisors in the organization, including the first level to the third level, must participate, then the receiving end of the punch request selects "level 1 to level 3." The hierarchical structure of "Group B" in the legend has only a single level, and is suitable for organizations with a small number of members or a flat structure, such as a society, a small company, a small group combined by common interests, and the like. The hierarchical structure of "C group knowledge" in the legend is pyramid type, which is suitable for various medium and large enterprises and groups. The punch request of the present invention can be sent to a specific level in the organization, for example, "a certain department under a certain business group. The group (assuming that the third-level procurement group) will go to a large store to buy, and the punch request collected in the hypermarket can be sent to the group. The above-mentioned elastically setting a plurality of hierarchical organizational structures is one of the main technical features of the present invention, and can be targeted to a specific organization. The hierarchical transmission of the punch request is also one of the technical features of the present invention.

In organizations with multiple levels (for example, "A organization" and "C group knowledge"), each level has an administrator with set permissions. In the enterprise organization, usually the top-level manager is The company's MIS staff, and the managers at each level are the unit supervisors (for example: business group supervisor, department head, department head, team leader, etc.), and the administrator's authority is usually when the organization and the manager's account are added. It is granted, but it can be given separately after the account is added. Since the present invention uses the Namespace data structure technology, all the data of each organization is completely independent of the outside, and the account numbers of the organizations (ie, the member's account number) use the same code (for example, employee numbers "0001", "0002", "0003" "...etc." There is no conflict with the same account number. Therefore, organizations are more flexible when setting account codes for their members. There is no need to worry about the same account being occupied by members of other organizations. In addition, even if there are multiple different organizations using the member's mobile phone number or email as an account (or in the "contact information"), as long as the cross-organization can not retrieve the mobile phone number or email of members of other organizations, In order to avoid interference from outsiders, as long as the organization can use mobile phone numbers, emails or keywords to search all members of any organization, the internal search system is a technology, so it will not go into details. It is another major technical feature of the present invention that the organization identification code and the Name Space data structure are separated from different organizations, so that members of the organization cannot retrieve members within the organization.

Referring to FIG. 3A and FIG. 3B , a schematic diagram of a deployment mode of the cloud 42 in the embodiment of the present invention is only used to describe the deployment mode of the cloud 42 and the network connection and steering of the mobile communication device 26 and the cloud 42 . The push notification is pushed, so the push host 24 is not depicted in the illustration. Figure 3A illustrates that the cloud 42 of the present invention provides two deployment modes: a public cloud mode and a hybrid cloud mode. The public cloud mode refers to the server 10 (or the first server 10a) of the server side, and the database 20 (or the first The database 20a) and the push gateway 22 are all provided by the Service Provider. Generally, the company or the community does not have strict requirements for the security control, and the service access is completely in the public cloud 44; The hybrid cloud mode means that some of the servo modules and devices are installed in the public cloud 44, and the other part is set in the private cloud 46, and the setting positions of the servo modules are stored to a "location information of the servo module". The server module set in the private cloud 46 and the IP location where it is located are described. The strict management of the security management is to set the second server 10b and the second database 20b in the private cloud 46, and the service thereof is provided. The access part is in the public cloud 44 and partly in the private cloud 46, and the key to determining the application 28 of the mobile communication device 26 to access the public cloud 44 or the private cloud 46 lies in the location information of the servo module. Regardless of the cloud deployment mode adopted by the company/social, the application 28 authenticates to the login verification module 14 of the first server 10a of the public cloud 44 at the time of login. Since the servo module group of the present invention is modularized and distributed, the servo module group and the push gate device 22 can be arbitrarily separated and disposed in different machine rooms according to the needs of the enterprise customer. Medium (ie, public cloud 44 and private cloud 46), which is another major technical feature of the present invention. When the servo module group is split and disposed in the public cloud 44 and the private cloud 46, and the login verification module 14 is still set in the public cloud 44, and the location information of the servo module is used for steering, the deployment mode is Invented hybrid cloud mode.

Figure 3B contains two private clouds 46 (46a and 46b, each representing a different enterprise's computer room) that set up different servo module groups, which illustrate the same application regardless of the cloud deployment model adopted by the company/association. The program 28 accesses the service, assuming that the "A group identification" is a general company or a community that does not have a particularly strict requirement for the security management, and the access to the servo module group (ie, the first network communication module 12, the login verification mode) Group 14, punch request generation module 16, attendance assessment module 18, etc.) and equipment are set in the public cloud 44, meaning that all records including attendance information are also retained in the public In the database of cloud 44, the service provider is responsible for the custody; assuming that “C group knowledge” is a financial enterprise, its financial management and control is very strict, and all the servo modules and attendance information related to the individual must be set and retained. In the self-built machine room (or the leased virtual host, the escrow machine room), in addition, the login verification module 14 (ie, the login interface) of the present invention is still set in the public cloud 44, and the remaining devices and the servo module are set. In the private cloud 46a (ie, "C group" in its self-built machine room) and recorded in the location information of the servo module, when the member of the "C group knowledge" accesses the cloud 42 of the present invention by the application 28 of the present invention When the first login interface is still in the public cloud 44 (ie, the login verification module 14), after the login verification is completed, when the application 28 receives the instruction corresponding to the servo module group, the system is based on the location information of the servo module. Turning (Redirection, the dotted line of the one-way arrow is used to represent the network connection steering), for example, the user selects the punching function in the application 28, that is, corresponds to the attendance assessment module 18, and the system is based on the record. Serve In the location information of the service module, the attendance assessment module 18 is set at the IP address of the private cloud 46a, and then the application 28 directly accesses the attendance assessment module 18 of the server 10 of the private cloud 46a, "Group C" Sensitive data (such as attendance information) can thus be completely retained in the database 20 of the private cloud 46a; assuming that the “D group knowledge” is also a company that is very strict with the security management, it will also be partially related to the individual capital. The device and the servo module are disposed in another private cloud 46b, and the sensitive data is completely retained in the database 20 of the private cloud 46b.

Although the above-mentioned hybrid cloud mode deployment has some customization operations (ie, splitting and setting the servo module) due to the needs of the enterprise customers, it does not need to access the private cloud 46 by the dedicated application on the user side. The hybrid cloud mode of the present invention still accesses the private cloud 46 by the same application 28 for the reason that the aforementioned login interface is still in the public cloud 44 (ie, the login verification module 14). In other words, the service provider does not have to To customize the exclusive application for different enterprise customers, in the above example, "A group knowledge", "C group knowledge" and "D group knowledge" use 42 different clouds. In the mode, but for the user of the client, the same version of the application 28 is executed on the mobile communication device 26, and three different versions of the application 28 are used without three different organizations, and the single application 28 is used to serve all Enterprise customers can save a significant amount of time, process, and manpower on the app (for example, a strict review process is required to be available on Apple's AppStore). This single interface, single application (ie, App) access to the public cloud and hybrid cloud mode is another major technical feature of the present invention.

In another embodiment of the present invention, an authentication step of a digital certificate (also known as an electronic credential) is required before the transfer to the private cloud 46 to confirm the identity of the private cloud 46 and to prevent the counterfeit server from taking the opportunity to steal the data. In this embodiment, the administrator of the private cloud 46 registers the private cloud 46 at the beginning of the private cloud 46 (ie, registers the private cloud 46 with the public cloud 44), that is, the storage path of the digital certificate issued by the certificate authority is required (the digital certificate is stored in Private cloud 46), and the validity of the certificate through the certificate authority (due to "application for digital certificate to the certificate authority", and "use the certificate of the certificate authority to verify the validity" is a technical category, so I will not repeat it) After the validity certification is correct, the IP address of the private cloud 46 and its digital certificate can be recorded to the location information of the servo module. Before a user logs to the private cloud 46 after login verification, the login verification module 14 of the public cloud 44 verifies the verification according to the IP location and the digital certificate information recorded by the location information of the servo module. This embodiment can also use a token technology to directly replace the verification step with a token during the validity period of the token (eg, within 24 hours after the first authentication).

Referring to FIG. 4, in the operation flowchart of the embodiment of the present invention, the first mobile communication device 26a or the personal computer sets the punch request, and the second mobile communication device 26b receives the punch request and then performs the punching operation. Please refer to FIG. 1 at the same time. , Figure 2 and Figure 3A, including:

Step S101: The application 28 of the present invention is executed on the first mobile communication device 26a or a personal computer. Assume that the licensor (unit supervisor or system administrator) is the first member of the "A organization" to execute the application using the personal computer or the first mobile communication device 26a (ie, the mobile communication device 26 of the present invention, such as Apple's iPhone 5S smart phone) 28.

Step S102: The application 28 establishes a network connection with the server 10 of the public cloud 44. After executing the application 28, the second network communication module 32 of the application 28 establishes a TCP protocol (including Socket and WebSocket connection), HTTP protocol or the first network communication module 12 of the server 10 of the public cloud 44. HTTPS (ie HTTP over SSL) protocol network connection.

Step S103: upload the organization identification code, the first account number and the first password to perform login verification. The first member uses the application 28 to input the organization identification code, the first account number and the first password, and the organization identification code represents the "A organization" to which the first member belongs, and then the organization identification code, the first account number and the first password. The server 10 is uploaded to the public cloud 44, and the login verification module 14 of the public cloud 44 performs login verification.

Step S104: Receive an instruction corresponding to one of the servo module groups, and perform steering according to the location information of the servo module. When the application 28 of the first mobile communication device 26a receives the command corresponding to the servo module group, the system performs the application 28 of the first mobile communication device 26a according to the location information of the servo module stored in the public cloud 44. Turn. For example, the first member selects a set punch request function in the application 28 (the call module corresponding to the selected command is the punch request generation module 16), and the system is based on the location information recorded in the servo module. The module 16 is located at the IP location of the private cloud 46. The application 28 is steered, and then the application 28 directly accesses the punch request generation module 16 of the server 10 of the private cloud 46.

Step S105: input an electronic map position coordinate, specify a time, and specify the connection Received. The first member utilizes the input electronic map location coordinates (ie, the punch location) of the application 28, the specified time (ie, the punch time), and specifies at least one receiving end. The specified method of the receiving end is to select a specific member from the organization address book, specific The hierarchy of the organization, the list of specific groups, or all members of the organization. This example assumes that the receiving end selected by the first member in the self-organizing address book contains the second member.

Step S106: Upload the electronic map location coordinates, the specified time, and the receiving end to the server 10. When the network connection established between the second network communication module 32 and the first network communication module 12 in step S102 is a TCP protocol, this step can directly upload the electronic map location coordinates, the specified time, and the receiving end to the punch card. Request generation module 16. When the network connection established in step S102 is an HTTP protocol or an HTTPS protocol, the second network communication module 32 must first re-establish an HTTP protocol or an HTTPS protocol network connection with the first network communication module 12. Then, the electronic map location coordinates, the specified time, and the receiving end are uploaded to the punch request generation module 16.

Step S107: The punch request generation module 16 generates a receiving list and a punch request. The punch request generating module 16 of the server 10 first performs a comparison operation according to the receiving end to generate a receiving end list, and the receiving end list is composed of at least one push broadcast identification code, and then according to the electronic map position coordinates, the specified time and the receiving. The side list generates a punch request.

Step S108: The server 10 transmits a punch request to the push gateway 22.

Step S109: The push gateway 22 generates a push notification. The push gateway 22 generates a push notification in accordance with the punch request.

Step S110: The push notification is sent by the external push host 24, and the external push host 24 is, for example, MPNS, GCM, and APNS.

Step S111: The second mobile communication device 26b receives the push notification. The second mobile communication device 26b is the mobile communication device 26 of the present invention, such as an HTC OneX smart phone, and It is assumed that the user of the second mobile communication device 26b is the second member of the "A organization".

Step S112: The application 28 of the present invention is executed on the second mobile communication device 26b.

Step S113: The second mobile communication device 26b establishes a network connection with the server 10 of the public cloud 44. After executing the application 28, the second network communication module 32 of the application 28 establishes a TCP protocol, an HTTP protocol, or an HTTPS protocol network connection with the first network communication module 12 of the server 10 of the public cloud 44.

Step S114: uploading the organization identification code, the second account number and the second password for login verification. The second member inputs the organization identification code, the second account number and the second password by using the application 28 of the second mobile communication device 26b. The organization identification code represents the "A organization" to which the second member belongs, and then the organization identification code, The second account and the second password are uploaded to the server 10 of the public cloud 44, and the login verification module 14 of the public cloud 44 performs login verification.

Step S115: The locking application 28 logs in all the execution functions of the organization identification code, and only allows the application 28 to perform the punching operation. After the application 28 of the second mobile communication device 26b receives the push notification of the punch request, the function lock module 36 checks whether the second member has completed the punch operation (ie, successfully uploads the punch information), and if the punch operation is not completed, The function locking module 36 forcibly locks the execution of the application 28 with all other functions of the organization identification code entry, restricting the second member to only perform the punching operation.

Step S116: Perform a punching operation, and perform steering according to the location information of the servo module. Since the function locking module 36 has locked the application 28 with all the execution functions of the organization identification code, the second member can only perform the punching operation, and when the punching operation is performed, the application 28 receives the servo module (the attendance assessment module). 18) Corresponding instructions (ie punching instructions), the system is The application 28 of the second mobile communication device 26b is steered according to the location information of the servo module stored in the public cloud 44. The location information of the servo module in this example is the attendance assessment module 18 (one of the servo modules). Set in the private cloud 46, the so-called steering refers to the connection to the server 10 of the private cloud 46. The punching operation receives the punching instruction (the second member executes the punching module 38) to generate the punching information and upload the punching information to the servo within a specified time range of the electronic map position coordinate or the electronic map position coordinate within the specified time of the punch request. The punch card information includes at least a punch time stamp and a current position coordinate.

Step S117: The lock is released after the punching operation is completed. After the second member uploads the punch information to the attendance assessment module 18 of the server 10, the card punching operation is completed, and the function locking module 36 unlocks the application 28, that is, the second member can arbitrarily execute other functions of the application 28. .

Step S118: The attendance assessment module 18 of the server 10 receives the punch information and stores it in the member information of the database 20.

Referring to FIG. 5, an operation sub-flowchart according to another embodiment of the present invention is a sub-flowchart between step S115 and step S116 of FIG. 4, which illustrates that in another embodiment of the present invention, when After receiving the punch request, the member first returns a "punch information of the departure place" to the attendance assessment module 18 of the server 10 as the "confirmation receipt" of the user terminal (Confirmation of Receipt, also known as "reading the reply slip" "), the time stamp of the punch in the punch information can be regarded as "the time to read the punch request", and the current position coordinate in the punch information is regarded as the "departure place" (or "original place to receive the punch request"), If the second member does not execute the punching module 38 (ie, the second member does not manually perform the confirmation of the return punching operation), the "member of the departure location is automatically returned" after the second member moves a certain distance. Step S115-1 "recording the second mobile communication device 26b's current position coordinates. The punching module 38 of the second mobile communication device 26b accesses the positioning module 30 to obtain the current position coordinate of the second mobile communication device 26b, and the current position coordinate is regarded as the "departure location"; and step S115-2 "receives whether to receive The punching instruction? The application 28 of the second mobile communication device 26b determines whether to receive the punching instruction within a certain time (for example, "five minutes"), if yes, then skips to step S115-3, and if "no", jumps to Step S115-4"; Step S115-3 "Manually perform confirmation of the check-back punching operation, and perform steering according to the location information of the servo module, receive the punching instruction (the second member executes the punching module 38) to generate the punching information, and then upload The punching information is sent to the server 10, and the punching information includes at least the punching time stamp and the current position coordinate; step S115-4 "automatically performing the confirmation of the returning punching operation, and performing steering according to the position information of the servo module, generating a punching instruction to generate the punching card. Information, and upload punch information to the server 10. If the second member does not manually perform the confirmation slip call operation within a certain time, and the second mobile communication device After the 26b is moved by a certain distance (for example, "the distance from the current position is more than 500 meters" after the movement), the punching module 38 is automatically executed to generate the punching information, and the punching information is uploaded to the server 10". The "punch information of the departure place" generated by this embodiment can be used as a control information for human interpretation, which is used to compare the authenticity of the punch information generated in step S116, for example, "the time taken from the place of departure to the destination" Whether it is reasonable or not, the purpose of this embodiment is to solve the technical problem that "the technology lacks a control group to judge the authenticity of the punch information".

In summary, the mobile carding system and method disclosed in the present invention solves the technical problem of the prior art, "the enterprise organization can have a flexible multi-level structure, and can issue a punch request for a specific level" and "use a single one. The cloud system services a number of enterprise organizations, "using a single application to access a hybrid cloud system with a single interface", "using a mandatory punch card technology to lock other functions" and "allowing arbitrary designated punch locations."

Although the technical content of the present invention has been disclosed in the above preferred embodiments, it is not intended to limit the present invention, and any modifications and refinements made by those skilled in the art without departing from the spirit of the present invention are encompassed by the present invention. The scope of protection of the present invention is therefore defined by the scope of the appended claims.

10‧‧‧Server

12‧‧‧First network communication module

14‧‧‧ Login verification module

16‧‧‧ punch request generation module

18‧‧‧Attendance assessment module

20‧‧‧Database

22‧‧‧Pushing the gateway

24‧‧‧Push host

26‧‧‧Mobile communication devices

28‧‧‧Application

30‧‧‧ Positioning Module

32‧‧‧Second network communication module

34‧‧‧ Login Module

36‧‧‧Function Locking Module

38‧‧‧ Punch Module

40‧‧‧ Punch reminder module

42‧‧‧Cloud

Claims (21)

An action punching system comprising: a database storing a plurality of member information, each of the member information including a punch card information; a server accessing the database and at least one action having one of the member information The communication device establishes a network connection, and the server generates a card request according to an electronic map location coordinate, a specified time, and a receiver list, wherein the receiver list includes at least one push corresponding to one of the member information. An identification code; and a push gateway device, generating a push notification according to the punch request, and transmitting the push notification to the mobile communication device via a push broadcast host; wherein the server receives the network via the network connection The punching information uploaded by the mobile communication device is stored in the database; wherein the database, the server and the push gateway are combined into a cloud. The action punching system of claim 1, wherein the server aggregates the punch information of the member information for a certain period of time into an attendance information. The action punching system of claim 1, wherein the mobile communication device comprises a positioning module, wherein the positioning module generates a current position coordinate according to a location of the mobile communication device, and the mobile communication device executes an application and The server establishes a network connection to log in to the server, and receives a punching instruction to generate the punching information, and uploads the punching information to the server via the network connection, wherein the punching information includes at least one punching time Stamp and the current position coordinates. The action punching system as claimed in claim 3, wherein the mobile communication device and the server have no When the network connection is established, the punch information is temporarily stored in the memory of the mobile communication device, and the punch information is uploaded to the server after the network connection is established. The action punching system of claim 3, wherein the mobile communication device executes an application to receive the push notification, and then locks all execution functions of the application until the application performs a punch operation and then unlocks. The action punching system of claim 5, wherein the punching operation receives a punching instruction according to the specified time of the punching request within a distance of the electronic map location coordinates or the electronic map location coordinates. The punching information is generated, and the punching information is uploaded to the server via the network connection, and the punching information includes at least one dozen time stamp and one current position coordinate. The action punching system of claim 5, wherein the mobile communication device generates the punch information to unlock the mobile communication device. The action carding system of claim 1, wherein the application executed by the mobile communication device further comprises: a punch reminder module, generating a reminder alert according to the electronic map location coordinates of the punch request and the specified time. The action punching system of claim 8, wherein the punch reminder module arrives at the electronic map location coordinates or one of the electronic map location coordinates at the designated time according to the electronic map location coordinates of the punch request and the specified time. The punching instruction is automatically generated when the distance is within the range. The action carding system of claim 1, wherein the application program executed by the mobile communication device further comprises: a punching module, wherein the punching module performs a confirmation slip card punching operation, and the confirming the loopback punching operation uploads the punching card Information to the server, the hit in the punch information The card time stamp is "the time to read the punch request", and the current position coordinate in the punch information is the "departure place". The action carding system of claim 10, wherein the confirmation slip card punching operation is performed automatically when the mobile communication device moves a certain distance. An action punching method is applied to a cloud combined by a database, a server and a push gateway, the method comprising: storing a plurality of member information in the database, each member information comprising a dozen cards Information; establishing a network connection between the server and at least one mobile communication device having one of the member information; generating, by the server, an electronic map location coordinate, a specified time, and a receiving list a punch request, wherein the receiving list includes at least one push identification code corresponding to one of the member information; the push gateway generates a push notification according to the punch request, and sends the push through a push host Broadcasting to the mobile communication device; and receiving, via the network connection, the punching information uploaded by the mobile communication device by the server to store the punching information into the database. The action punching method of claim 12, wherein the punch request includes the electronic map location coordinates and the specified time. An action punching method is applied to access a mobile communication device in a cloud, the cloud is combined by a database, a server and a push gateway, wherein the database stores a plurality of member information, each The member information includes a dozen card information, and the method includes: Establishing a network connection between the server and the mobile communication device having one of the member information; after receiving a push notification about the punch request, locking all execution functions of the mobile communication device until the action The communication device unlocks after performing a punching operation, wherein the punching request includes an electronic map location coordinate and a specified time, and the punching operation is based on the electronic map location coordinates or the electronic map location coordinates according to the designated time of the punching request. Within a distance range, the punch information is generated, and the punch information is uploaded to the server via the network connection. The action punching method as claimed in claim 14, further comprising: generating a reminder alert according to the electronic map location coordinates of the punch request and the specified time. The action punching method as claimed in claim 14, wherein a punch instruction is automatically generated when the electronic map position coordinate is reached within the specified time to generate the punch information. The action punching method of claim 14, wherein the mobile communication device comprises a positioning module, and the positioning module generates a current position coordinate according to the current location of the mobile communication device, the punching information includes at least one time stamp and The current position coordinates. The action punching method of claim 14, wherein when the mobile communication device and the server are unable to establish the network connection, the punch information is temporarily stored in a memory of the mobile communication device, and the network connection is established. Then upload the punch information to the server. The action punching method as claimed in claim 15, further comprising: recording the current position coordinate; determining whether to receive a punch command within a specific time, and if yes, "manually performing After confirming the check-back punching operation, and proceeding according to the location information of the servo module, if "No", then "automatically perform the confirmation and return punching operation, and turn according to the location information of the servo module." The action punching method according to claim 19, wherein the confirming the check-in punching operation uploads the punching information to the server, and the punching time stamp in the punching information is “the time of reading the punching request”, and the punching is performed. The current position coordinate in the information is the "departure location". The action punching method according to claim 19, wherein the automatic execution of the confirmation slip card punching operation is automatically performed when the mobile communication device moves a certain distance.