WO2012027993A1 - Management method and device for resource use permission of operator - Google Patents

Management method and device for resource use permission of operator Download PDF

Info

Publication number
WO2012027993A1
WO2012027993A1 PCT/CN2011/073331 CN2011073331W WO2012027993A1 WO 2012027993 A1 WO2012027993 A1 WO 2012027993A1 CN 2011073331 W CN2011073331 W CN 2011073331W WO 2012027993 A1 WO2012027993 A1 WO 2012027993A1
Authority
WO
WIPO (PCT)
Prior art keywords
operator
resource usage
system platform
resource
authentication
Prior art date
Application number
PCT/CN2011/073331
Other languages
French (fr)
Chinese (zh)
Inventor
冯永华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012027993A1 publication Critical patent/WO2012027993A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for managing operator resource usage licenses. Background technique
  • the call center is a technology based on Computer Telephony Integration (CTI).
  • CTI Computer Telephony Integration
  • the call center can fully utilize the multiple functions of the communication network and the computer network to integrate with the enterprise to form a complete integrated information service system. Efficiently provide high quality, high efficiency and comprehensive services by using various advanced communication methods.
  • the initial forms of the call center include artificial hotline, interactive automatic voice and multimedia services.
  • the call center has developed into an IP-based triple-play next-generation call center, which can be applied not only to various enterprises, but also to applications. Other groups or institutions.
  • the International Organization for Standardization defines five security service functions in IS07498-2: identity authentication services, access control services, data privacy services, data integrity services, non-repudiation services, which are applicable to call centers.
  • identity authentication services based on the identity authentication service, and the system identifies and authenticates the subject in advance through the identity authentication service, and then determines whether to allow the subject to access the object through the access control service to reach the control subject. The purpose of accessing the object.
  • Access control is a way to explicitly grant or limit access capabilities and scope in some way.
  • the access itself involves the subject and the object.
  • the access control guarantees that the subject uses the object in a controlled and lawful manner.
  • the subject here refers to a visitor such as a user, a process, a service, a third-party system, etc.
  • the object refers to a target object such as a system resource, a user operation, a task, an interface of a third-party system, and the like.
  • Access control is the core module of the system. With access control, system resources can be controlled, By legally using it, by restricting the subject's access to the object, it is possible to prevent the intrusion of illegal users and to prevent the inadvertent operation of legitimate users.
  • an access control service requires consideration of permissions (also referred to as resource licenses in a broad sense) and authorizations, where permissions are the subject's permission to access the object, and authorization is the process by which the administrator grants access to the object to the principal.
  • permissions also referred to as resource licenses in a broad sense
  • authorization is the process by which the administrator grants access to the object to the principal.
  • the relationship between subject, object, authority, and authorization varies with access control policies, since the introduction of subject, object, and access control matrix
  • ACM autonomous access control
  • DAC autonomous access control
  • MAC mandatory access control
  • RBAC role-based access control
  • TBAC task-based access control model
  • UCONABC control core model
  • the present invention proposes a management method and apparatus for operator resource use permission, which is capable of operating a complex system or network, due to the respective defects of various access control models in the related art, that is, the authority of the operator (ie, Resource usage licenses are dynamically managed and adjusted to make the configuration of resource licenses more flexible and reasonable.
  • a management method of an operator resource usage license includes: the system platform authenticating the operator according to an operator-initiated authentication request; in the case where the operator passes the authentication, the system platform is according to the operation The history of operations performed by the member on the system platform adjusts the operator's current resource usage permissions.
  • the system platform authenticating the operator according to the authentication request initiated by the operator includes: determining, by the system platform, the identity information of the operator according to the authentication request, and searching for the historical record; Comparing the operation parameter carried in the authentication request with the historical record, and determining whether the operation parameter meets a preset authentication pre-passing condition; if the determination result is yes, the system platform allows the operator to directly Passing the authentication; if the judgment result is no, the system platform authenticates the operator according to the authentication request.
  • the operation parameter may include at least one of the following: a sending time of the authentication request, a sending location of the authentication request, and a service type requesting to perform an operation.
  • the method further includes: the system platform according to the historical record Determining, by the operator, a resource usage permission adjustment parameter, where the resource usage permission adjustment parameter is used to indicate that the operator operates on the system platform;
  • the adjusting the current resource usage permission of the operator includes: according to a preset Determining, by the plurality of different levels of resource usage licenses, a plurality of resource usage permission adjustment parameter ranges, determining resource usage licenses corresponding to the resource usage permission adjustment parameters of the operator, if the determined resource usage licenses and If the operator's current resource usage license is different, the operator's resource usage license is adjusted to the determined resource usage license.
  • system platform determines, according to the historical record, the resource usage permission adjustment parameter of the operator, including:
  • the system platform Determining, by the system platform, the maturity of the operations performed by the operator corresponding to each type of service according to the history record, and determining, according to the history record, the operations performed by the operator corresponding to each type of service Capability, where, for each type of service, maturity is used to indicate the degree of stability of all operations performed by the operator corresponding to the type of service, and the capability is used to indicate that the operator corresponds to the The efficiency of all operations of the type service; the system platform determines the operation status of the operator corresponding to the service type according to the maturity and capability of the operation performed by the operator corresponding to each service type, And a resource use permission adjustment parameter indicating a situation in which all operations performed by the operator are performed.
  • the method may further include: determining, according to the adjusted resource usage permission, whether the operator is capable of using Specifying the resource; if the determination result is yes, allowing the operator to use the specified resource; if the determination result is no, the operator is prohibited from using the specified resource.
  • the historical record includes one or a combination of the following: a start time of each valid operation performed by the operator, an effective duration of the operator performing each operation, and each operation performed by the operator.
  • the corresponding service type the number of valid operations performed by the operator corresponding to each service type, the evaluation of the operation of the operator by the user, the quality inspection evaluation of the operation of the operator by the system, The timely rate at which the operator responds to a user's request.
  • the above system platform includes a call center.
  • a management apparatus for an operator resource usage license is provided.
  • the management device for operating an operator resource license according to the present invention includes: a data conversion module, configured to acquire, from a system platform, a history of operations performed by an operator on the system platform; and an authentication module, configured to perform an authentication request initiated by an operator The operator performs authentication; and the access control module is configured to adjust the current resource usage permission of the operator according to the history record acquired by the data conversion module, if the authentication module confirms that the operator passes the authentication.
  • the authentication module is further configured to determine the identity information of the operator according to the authentication request, and search for the history record, and compare the operation parameter carried in the authentication request with the historical record, and determine Whether the operation parameter meets the preset authentication pre-passing condition; if the determination result is yes, the authentication module allows the operator to directly pass the authentication; if the determination result is no, the authentication module according to the authentication request The operator is authenticated.
  • the access control module is further configured to determine, according to the history record acquired by the data conversion module, the resource usage permission adjustment parameter of the operator, where the resource usage permission adjustment parameter is used to indicate that the operator is The operation of the system platform is performed; and the access control module is further configured to determine the operator according to a preset relationship between a plurality of different levels of resource usage licenses and a plurality of resource usage permission adjustment parameter ranges. Resource usage permission corresponding to the resource usage permission adjustment parameter, if the determined resource usage permission is different from the current resource usage permission of the operator, adjusting the resource usage permission of the operator to the determined resource License.
  • the invention adjusts the operator's resource use permission according to the operator's operation history, so that the operator's authority can be dynamically configured according to the operator's work habits and work performance, so that the resource use license configuration is more flexible and reasonable.
  • FIG. 1 is a flowchart of an operator resource use license management method according to an embodiment of the present invention
  • FIG. 2 is a block diagram of an operator resource use license management apparatus according to an embodiment of the present invention
  • FIG. 3 is a detailed structural diagram of an operator resource use license management apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram showing the structure of an emergency command center platform using an operator resource use license management apparatus according to an embodiment of the present invention
  • FIG 5 is a flow chart of police officers providing services to the public in the system shown in Figure 4;
  • Fig. 6 is a flow chart showing the management control by the operator resource use license management apparatus of the embodiment of the present invention in the course of the police officer providing the service to the citizen. detailed description
  • the present invention proposes to adjust an operator's resource usage according to an operator's operation history for an authenticated operator. Licensing, so that the operator's authority can be dynamically configured according to the operator's work habits and work performance, making the resource license configuration more flexible and reasonable.
  • a management method of an operator resource usage license includes the following steps:
  • Step 101 The system platform authenticates the operator according to the authentication request initiated by the operator.
  • Step 102 In the case that the operator passes the authentication, the system platform uses the current resource of the operator according to the historical record of the operation of the operator on the system platform. The license is adjusted.
  • the operator's authority can be dynamically configured according to the operator's work habits and work performance, making the resource use license configuration more flexible and reasonable.
  • the system platform When the system platform authenticates the operator according to the operator-initiated authentication request, the system is flat.
  • the station determines the identity information of the operator according to the authentication request and searches for the history record; the system platform compares the operation parameters carried in the authentication request with the history record, and determines whether the operation parameter meets the preset pre-passing condition; if the judgment result is yes, The system platform allows the operator to directly pass the authentication; if the judgment result is no, the system platform authenticates the operator according to the authentication request.
  • the operation parameter conforms to the preset authentication pre-passing condition, which may be: the history record includes the same operation parameter as the current authentication, or contains an operation parameter similar to the current authentication.
  • the operation parameter includes at least one of the following: a sending time of the authentication request, a sending location of the authentication request, and a service type requesting the operation.
  • the service type carried in the authentication request sent is service type A
  • the time for initiating the request is time B of the day
  • the place where the authentication request is initiated is C.
  • the authentication request can be judged according to a preset rule.
  • the rule may be configured to consider that the authentication request is reasonable if there are records in the history that are the same as or similar to the above three items; or may be configured as long as the three items in the history can be found or The same record can be considered reasonable.
  • the specific similarity judgment rule may also be preset by the system. For example, it may be configured that the time difference is within two hours, which may be regarded as a similar moment.
  • the system platform may determine the resource usage permission adjustment parameter of the operator according to the historical record, wherein the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform.
  • the correspondence between the plurality of different levels of the resource usage license and the plurality of resource use permission adjustment parameter ranges may be set according to the preset.
  • the relationship determines the resource usage license corresponding to the resource usage permission adjustment parameter of the operator. If the determined resource usage license is different from the operator's current resource usage license, the operator's resource usage license is adjusted to the determined resource usage license.
  • the history of operations performed by the operator may mainly include one or a combination of the following: the start time of each effective operation performed by the operator, and the effective operation of each operation by the operator The duration, the type of service corresponding to each operation performed by the operator, the number of valid operations performed by the operator corresponding to each type of service, the evaluation of the user's operation on the operator, and the quality evaluation of the system's operation on the operator The time rate at which the operator responds to the user's request, the address (location) of the operator at each operation.
  • the historical operation of the operator can be determined based on the history. For example, according to the history, the operator's ability, proficiency, proficiency, proficiency can be directly obtained according to the historical record. However, it should be understood that the ability and proficiency can also be obtained according to operating habits and attendance. The operational habits and attendance are intermediate results of the processing of historical records. Finally, the operator's resource license can be adjusted according to the determined capability and proficiency and the adjustment rules set for these information, so as to dynamically adjust the operator's authority. The following is an example of determining the ability and proficiency of the operator to perform the operation.
  • the system platform can determine the maturity of the operation performed by the operator corresponding to each service type according to the history record, and Determining the degree of capability of the operator to perform operations corresponding to each type of service based on the history, wherein for each type of service, maturity is used to indicate the degree of stability of all operations performed by the operator corresponding to the type of service, If you perform 10 times, the performance of each operation is basically the same, indicating that the maturity is higher, and if you perform 10 times, one of the operations performed very well, and the other performed very poorly, that is, Saying that the performance is fluctuating, it means that the maturity is poor, and the specific maturity can be achieved through a series of satisfactions, which will be explained later; the ability degree is used to represent all operations performed by the operator corresponding to the type of business.
  • the system platform corresponds to each of the operators The maturity and ability of the operation of the type of operation, determine the operation of the operator corresponding to the type of service, and thereby obtain all the operations performed by the operator under the current resource use permission (ie, resource license adjustment) Parameter);
  • the system platform adjusts the operator's resource usage license based on all operational conditions performed under the current resource usage license.
  • M is the maturity of the operation performed by the operator corresponding to a service type
  • A is the satisfaction of the user with the operation corresponding to the service type of the operator
  • B is the corresponding one of the system to the operator.
  • the quality of the business operation evaluation satisfaction, C is the ratio of user complaints that occur to the operator in all operations corresponding to the type of business. At this point, you can get the operator's operational maturity for a type of business.
  • N CxDxE
  • N is the capability of the operator to perform an operation corresponding to a service type
  • C, D, and E are respectively a timely response rate, a timely processing rate, and an effective working rate corresponding to the operation of the operator for the service type, wherein :
  • Effective work rate effective working time / total working time.
  • the operator's operational status for that type of service can be obtained, which can be a performance indicator by the operator corresponding to the type of operation of the service type.
  • an operational performance indicator corresponding to the type of business performed by the operator can be determined according to the following formula:
  • L is the performance indicator of the operation performed by the operator corresponding to the service type
  • M is the maturity of the operation performed by the operator corresponding to the service type
  • N is the operation performed by the operator corresponding to the service type.
  • W is the default weight value for this type of business.
  • the operator can only operate on one type of service. At this time, the operator operates on the type of service.
  • the performance indicator can be used as the resource license adjustment parameter of the operator. If the operator's performance indicator for operating the business type reaches a certain value (or the value of the current performance indicator falls within the value range corresponding to a resource license) After that, the operator's resource usage license can be adjusted.
  • the operator can operate on multiple service types under one level of resource license.
  • the performance indicators of multiple service types corresponding to the current resource license of the operator need to be integrated.
  • performance statistics that reflect the operational status of all types of operations performed by the operator. For example, it can correspond to the following formula
  • the performance indicators for each type of business are weighted to obtain the operator's performance statistics: TT / Wi i +W 2 X 2 +...+W n X n ⁇ ⁇ I ⁇ ⁇
  • W is the comprehensive performance indicator and Wi is the weighted value of the i-th business, which is the performance indicator of the i-th business.
  • the operator's performance statistics can be used as the operator's resource usage adjustment parameters, similarly, if the operator's performance statistics reach a certain value (or the current performance statistics result falls within a resource license) After the corresponding range of values, the operator's resource usage license can be adjusted.
  • the types of resources allowed for each resource license level and the performance indicators corresponding to each level of resource license can be pre-configured.
  • the range of values or the range of performance statistics, so that the level of resource usage that the operator is eligible to be determined can be determined. If the current resource usage level of the operator does not match the determined level, the current resource usage of the operator can be used.
  • the license is adjusted to match the level of current performance indicators or performance statistics.
  • the value or range of values corresponding to the performance indicator or the performance statistics result may be flexibly configured according to the operator's requirements according to the level, and may be based on the service type.
  • W weight values
  • the previous description of the process of adjusting the operator's resource use permission based on the capability and maturity is merely for explaining the present invention, and the present invention is not limited thereto, and in practical applications, for capability and maturity
  • the determination can omit some of the factors mentioned earlier, and add other factors to be considered, and the above calculation formula for capability and maturity is the same. It is a specific example.
  • the calculation method involved in each formula can be changed according to actual needs.
  • the parameter acquisition method in the formula can also be flexibly configured. For example, for the above parameter A, the parameter represents the user's operation on the operator.
  • the scores of each operation user in the history can be added, The total score obtained is taken as A, and the user's score for the operator can be averaged (or weighted averaged) with the mean as A; and if the operator can perform multiple types of operations, the average for each service can be The score or the average score is weighted average.
  • the similar method described above can also be used. The specific method is no longer - enumerated, as long as the system acquires the same parameter of the operator with the same resource license. Use a uniform method.
  • the reference for adjusting the operator resource use permission is the ability and the degree of the operator, and in practical applications, it is also possible to simply consider the workload, that is, as long as the workload satisfies certain requirements, The operator can adjust the resource license.
  • the workload requirement can be combined with the capability and quantity.
  • the operator's attendance rate can be further considered and judged. In short, according to different system platforms. Requirement, you can use different rules, and extract the required content from the operation history to judge.
  • the system platform After adjusting the current resource usage license of the operator, if the operator requests to use the specified resource, the system platform determines whether the operator can use the specified resource according to the adjusted resource usage permission; if the judgment result is yes, the operator is allowed Use the specified resource; if the judgment is no, the operator is prohibited from using the specified resource.
  • the adjustment of the resource use permission may be performed based on the traditional access control model, for example, the above process may be adjusted based on the resource use permission allocated by the traditional access control model for the operator, wherein, the traditional The access control model can be a DAC model, a MAC model, and an RB AC model.
  • an apparatus for managing an operator resource usage license includes:
  • the data conversion module 21 is configured to acquire and save a history of operations performed by the operator on the system platform from the system platform;
  • the authentication module 22 is configured to authenticate the operator according to the authentication request initiated by the operator; and the access control module 23 is configured to perform the operation according to the history record acquired by the data conversion module 21 when the authentication module 22 confirms that the operator passes the authentication.
  • the current resource license is adjusted.
  • the data conversion module 21 can be connected to the data provider, specifically for acquiring an operation history of the operator.
  • the data conversion module can obtain the employee information of the call center, the platform environment, the platform device status, the call center duty table, and the call center attendance data (for example, the operator can check in) The information is checked out, etc., and converted into a format recognizable by the authentication module 22 and the access control module 23, where the conversion operation includes username matching, password encryption and decryption, password matching, and the like.
  • the data provider can be a call center employee management system, a call center labor management system, a call center scheduling system, or other similar systems that provide scheduling management, attendance management, employee profile information management, and employee performance indicator statistical analysis.
  • the management device for the operator resource usage license according to the embodiment of the present invention may be set as a subsystem of the scheduling system, or the device may be connected to the scheduling system to transmit the history.
  • the authentication module 22 is configured to process an authentication request (message or function call) of the authentication requester, and the authentication requester refers to each system of the call center platform, and these systems are different in the user login (for example, the ordinary employee, the squad leader login, etc.) Resource license operator)
  • the authentication module 22 obtains the necessary data (which may be the operator's history) from the data conversion module 21, processes the authentication request, and returns the authentication result.
  • the authentication module 22 is specifically configured to determine the identity information of the operator according to the authentication request and search for the history record, and compare the operation parameters carried in the authentication request with the history record to determine whether the operation parameter meets the preset authentication pre- The pass condition; if the judgment result is yes, the authentication module allows the operator to directly pass the authentication; if the judgment result is no, the authentication module authenticates the operator according to the authentication request.
  • the access control module 23 is configured to process an access request (message or function call) of the access requester, and the access requester is the authentication requester itself or its subsystem, sub-module, and is also a subordinate system of the call center platform, and these systems are requested by the operator.
  • the access control module 23 acquires the necessary data from the data conversion module 21, processes the access request, and returns the access permission result.
  • the authentication requester initiates an authentication request to the device when the call center platform user logs in or the single sign-on interface is invoked, and the authentication module of the device requests the data conversion module for the necessary data (which may be an operation parameter of the operator in the history record), the data.
  • the conversion module returns data required by the authentication module, and then the authentication module performs an authentication operation, and returns an authentication result to the authentication requester;
  • the authentication requester is a legitimate user of the call center, is allowed to enter the call center platform, and is subsequently used by the access requester for further use.
  • the access requester is a subsystem or sub-module of the authentication requester, so access
  • the requesting party initiates an access request to the device before the call center platform user accesses the resource, and the access control module of the device requests the data conversion module for the necessary data (which may be a history record of the operation of the operator), and the data conversion module returns the access control.
  • the access control module performs the usage decision, uses the implementation, uses the logging operation, and returns the access permission result to the access requester, if the access permission result is If the access is made, the access requester will obtain the resource access permission, and the access requesting party can access the corresponding resource, and during the access process, the access control module continues to use the data conversion module to return the data in real time or periodically for use decision, use implementation, and use. Logging operation; if the access permission result is that access is not allowed, the access requester cannot access the corresponding resource.
  • the access control module 21 of the present embodiment includes a usage decision sub-module 31, a usage implementation sub-module 32, and a usage log sub-module 33.
  • the implementation sub-module 32 is used to provide creation, reading, updating, and transmission of resource usage licenses, and is responsible for providing the current usage license read, decision-making usage license creation and update to the usage decision sub-module 31. Using the implementation sub-module 31 to perform an access response to the access requester, and transfer the use permission;
  • the usage decision sub-module 32 performs resource usage permission decisions based on the necessary data from the data conversion module 21, and the decision model can use various existing access control models such as DAC, MAC, RBAC, etc.;
  • the use log sub-module 33 is responsible for recording the specific information of the access request of the access requester, the specific information of the access response, that is, the time, the subject, the object, the related system, the license, and the like for recording the access resource.
  • the decision sub-module 31 is used to make a resource use permission decision according to the decision model, and the decision result is transmitted to the usage implementation sub-module 32;
  • the implementation sub-module 31 is used to create the license data and store it, if the decision result of the decision sub-module 31 and the last access permission are used. Otherwise, the implementation sub-module 32 is used to update the license data and store (ie, update the resource usage license of the requesting party). If the license data is not accessed for the first time, and the license data is not required to be updated, the implementation sub-module 32 is used to send the license data to the license data.
  • Access requester, license data can include access request time, expiration date, access requester, accessed resource, permission flag Information or a combination thereof.
  • Performance indicator ability degree X maturity X business type weight
  • the service type weights may be separately designed according to different service types.
  • the service type is an alarm whose weight value is larger than the service type is a police consultation weight
  • the effective manual service number is a service duration greater than 3 seconds and less than 30 seconds.
  • the number of manual connection, the service duration range is set according to the service type
  • the effective working time is the attendance time (ie, the check-out time-check-in time) minus the busy time
  • the timely response rate is the employee in a few seconds (the specific length of time can be based on Flexible setting)
  • the number of internal answering calls accounts for the total number of successful queues for the employee
  • User satisfaction is equal to the weighted average of the user ratings, for example, ( ⁇ ⁇ ⁇ + ⁇ ⁇ ⁇ .6+ ⁇ ⁇ 1 ) / ( X+Y+Z ), where X is the number of unsatisfactory times, the weighted value is 0, ⁇ is the general number, the weighted value is 0.6, ⁇ is the number of satisfaction
  • each module/submodule can establish a long connection through the IP/TCP protocol to transmit a message at any time, and can also use a function call or the like.
  • one or more modules can be configured to exist in a separate process, as components are called by other systems, and each module can be distributedly deployed on the network, which has high deployment flexibility.
  • the emergency command center manual service platform will be taken as an example to describe in detail that the device can be used as a unified operator resource license management center for various system platforms such as a call center platform, and all system modules of the system platform can use the device.
  • User authentication and resource access control functions are provided to dynamically and continuously control the operator's access behavior through pre-authorization and access authorization, which not only can effectively manage the resource license of each operator in the system platform with relatively simple rights allocation. And can be applied to a platform based on manual services and complex permissions such as a call center platform, and can objectively evaluate and dynamically adjust the authorization of employees according to requirements.
  • the emergency command center is used as the system platform, and the citizens are used as users, and the police officers and police officers are used as operators. Among them, the police officers and the police officers are direct users of the system (direct users). The public can also act as direct users and system customers.
  • the Emergency Command Center is a commonly used system platform for public safety and for handling public emergencies.
  • the emergency command center is generally built on a sound emergency management system and utilized
  • ICT technology is an emergency management system based on call center communication, command and dispatch, and an e-government platform.
  • the emergency command center platform is composed of a scheduling system, an automatic call distribution (ACD), an agent (AGENT), and a business system, and the citizen can use the alarm or consultation.
  • Terminals such as telephones, mobile phones, interactive televisions, and computers initiate communication requests, access ACDs through communication networks (eg, mobile phone networks, cable networks, the Internet, etc.), and ACDs are responsible for queuing communication requests into AGENT.
  • ACDs are responsible for queuing communication requests into AGENT.
  • the process is not described in detail herein, and the present invention focuses on the situation after access to AGENT.
  • the police officer is responsible for answering incoming calls on AGNET, using the business system to provide services to the public, and handing over the citizen's request to the police officer when necessary.
  • the services provided by the emergency command center platform include human services, alarm services, police consulting services and other related services.
  • the management device for the operator resource use permission can be set to the scheduling system, so that the history of the police officer's work analyzed by the shifting system can be directly utilized, if necessary.
  • the scheduling system is composed of a resource usage license management apparatus, a data analysis and performance subsystem, a traffic prediction and adaptation subsystem, and a shift table management subsystem according to an embodiment of the present invention.
  • the data analysis and performance subsystem can collect, analyze and count the traffic volume of the emergency command center and the work of the police officers in multiple dimensions, and calculate the performance indicators of the police officers.
  • the data analysis and performance subsystem can collect and analyze the traffic volume of the emergency command center from the ACD, including the number of incoming calls, the number of queues, the average queue length, the number of queued successes, etc., and collect and analyze the police personnel's manual service from AGENT.
  • And attendance data, etc. including check-in time, check-out time, number of busy times, busy duration, number of manual connections, and service duration per call, user evaluation, etc.; and ability to collect and analyze police officers from the business system Data, including the number of work orders, the number of manual services, and the number of work orders submitted per call; in addition, the data analysis and performance subsystem can also collect and analyze quality inspection evaluation data from quality inspection systems (not shown), including evaluation The total score, the number of quality checks, and the evaluation score of the quality-checked call, etc., collect and analyze user complaint data from the complaints system (not shown), including the severity of each complaint.
  • the traffic prediction and adaptation subsystem can be used to predict based on data provided by the data analysis and performance subsystem, and then adapted based on the predicted results, scheduling template settings, and individualized requirements of the police to obtain the schedule.
  • the shift management subsystem allows police officers to apply for change shifts, shifts, leave, and planned activities (eg Such as outings, travel, etc., overall preferences (for example, like night shifts, etc.), and can automatically modify the schedules obtained in the traffic prediction and adaptation subsystem within the parameters controlled by the administrator, thereby changing their work schedule.
  • the management device for the operator resource usage license may be the device shown in Figs. 2 and 3, which not only provides an account authentication and encryption function based on the class table, but also provides an access control function.
  • the above-described data analysis and performance subsystem, traffic prediction and adaptation subsystem, and schedule management subsystem are used to manage the resource usage license management device for the operator resource license.
  • the shifting system can provide functions such as duty table generation, change, police attendance management, and performance management as a whole. After the operator management license is added, other systems of the emergency command center platform can be connected to the shifting system. And request the scheduling system at login, at the beginning of the operation, during the operation to obtain certification and access permissions.
  • the core data of the shifting system is the schedule and individual needs.
  • the shift table includes the duty manual number, the name of the duty person, the password of the duty person, the skill, the duty shift, the maturity of the duty, the affiliation of the squad, etc.
  • the aforementioned maturity is a specific example of the performance indicator; the attributes of the shift include the shift. Start time, end time, and the corresponding shift group when the shift is on duty.
  • the working basis of the management device for the operator resource use permission is also a class table, and the duty person password of the class table is read according to the work number during the authentication, and the skill, duty shift, ability is read according to the police employee number during the access control. Maturity and other data.
  • FIG. 5 is a flow chart of the process of handling the citizen's request by the emergency command center platform. The specific steps are as follows: Step 51, the public uses the terminal to enter the ACD through the network;
  • Step 52 Determine whether the police officer responds to the citizen's request, and if yes, perform step 53; otherwise, the process ends;
  • Step 53 The police officers communicate with the public and learn that the public needs to inquire about a police information
  • Step 54 after the police open the system to query the police information, provide the police information to the public, if the citizen requests to handle the associated police, step 55 is performed, otherwise step 56 is performed;
  • Step 55 The police officer submits an alarm work order in the business system, and performs step 56;
  • Step 56 the citizen evaluates the police officer, the system records the citizen's evaluation, and the processing ends after the communication terminal.
  • step 54 the police officer can automatically log in to the business system using the single sign-on interface.
  • the police officer needs to check in the AGENT in advance.
  • the AGENT must obtain the certification permission from the management device of the operator resource license to log in. Go to AGENT.
  • FIG 6 shows the specific process of police officers performing police query in the business system. As shown in Figure 6, the query process is as follows:
  • Step 61 When the police officer needs to open the business system, the business menu can be executed in the AGENT;
  • Step 62 For the process of the police officer logging in to the AGENT, the single sign-on can be used to avoid repeated login.
  • the single sign-on interface is called by the AGENT, and the service system resolves the single sign-on request, and extracts the job number, password, and the like;
  • Step 63 The service system sends an authentication request and an access control request to the management device module of the operator resource usage permission of the scheduling system (the request may be sent through the IP network), where the authentication request includes the police officer's encrypted work number and the encrypted password and the system name.
  • Information such as the service name, the access control request includes the police officer's encrypted work number and encrypted password, system name, service name, access time, access resource name, etc., where the system name is AGENT and the business system, and the service type (also Called the business name) is the police consultation.
  • the access resource name is the police query menu of the business system (assuming the menu exists in the system) and a police information.
  • Step 64 The management device of the operator resource usage license processes the authentication request, and sends the certification permission of the police officer according to the authentication result, wherein the authentication module in the management device of the operator resource use permission can set the job number and password in the authentication request. And the work number password of the class table is compared with the corresponding information stored. If the same, the police officer is considered to be legal, and then the system name and business name in the request are judged to be in the license database, and if it exists, the system is considered legal, and then To AGENT And the business system issues certification licenses.
  • step 65 If the police officer passes the certification, go to step 65, otherwise go to step 67.
  • Step 65 The access control module of the management device of the operator resource license is based on the work number, system name, service name, access time, access resource name, capability degree, maturity, shift, check-in time, and sign in the resource access request. Time and other information, whether the decision allows the police officer to continue to visit;
  • Step 66 Send an access permission to the service system according to the result of the decision; if the access permission indicates that access is allowed, step 68 is performed; otherwise, step 67 is performed;
  • Step 67 AGENT prompts the public to open the business system and its reasons, and the processing ends;
  • Step 68 the business system allows the police to log in and access, AGENT opens the business system, and displays the business system police query interface.
  • the management system that the business system uses the operator resource usage permission in the scheduling system can also submit the access control request, and the access resource at this time is the work order creation menu (assuming this menu exists) and the work order.
  • the work order creation menu (assuming this menu exists) and the work order.
  • the device can automatically acquire and analyze the working condition of the call center employee, obtain an analysis of the overall environment and device status of the call center, and use the basis to solve the shortcomings of the existing call center platform manually configuring the permissions in different systems, thereby avoiding the need Manually set up the cumbersome operation of skills, and integrate employee attendance, assessment, statistics and other data to improve call center security and combat information leakage, misappropriation, camouflage and other activities.
  • the device is also capable of integrating various different rights configuration and rights management entries distributed in a distributed manner to implement unified security authentication and secure access permission functions.
  • the device can also change according to the attributes of the subject and the object, according to authorization, conditions, and duties. Classification, dynamic control of employee resource access operations;
  • the device also provides a convenient way to statistically analyze employee performance and obtain employee performance indicators.
  • the operator's authority by adjusting the operator's resource use permission according to the operator's operation history, the operator's authority can be dynamically configured according to the operator's work habits and work performance, so that the resources are made.
  • the configuration of the license is more flexible and reasonable; and, by adjusting the resource license with reference to the capability and maturity of the operator, the configuration of the resource license can be made more objectively based on the ability of the operator.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A management method for the resource use permission of an operator is provided in the present invention. The method includes: a system platform authenticates an operator according to the authentication request sent from the operator (101); when the operator is authenticated successfully, the system platform adjusts the current resource use permission of the operator according to the history record of the operation performed by the operator in the system platform (102). A management device for the resource use permission of an operator is also provided in the present invention. By adjusting the resource use permission of the operator according to the history record of the operation performed by the operator, the permission of the operator can be automatically configured according to the work habits and behaving of the operator, and the configuration for the resource use permission is more flexible and reasonable.

Description

操作员资源使用许可的管理方法和装置 技术领域  Management method and device for operator resource license
本发明涉及通信领域, 尤其涉及一种操作员资源使用许可的管理方法 和装置。 背景技术  The present invention relates to the field of communications, and in particular, to a method and apparatus for managing operator resource usage licenses. Background technique
呼叫中心是一种基于计算机电话集成 ( CTI , Computer Telephony Integration ) 的技术, 呼叫中心能够充分利用通信网和计算机网的多项功能 集成, 与企业连为一体形成一个完整的综合信息服务系统, 并利用现有的 各种先进的通信手段, 高效地提供高质量、 高效率、 全方位的服务。 呼叫 中心最初的形式包括人工热线、 交互式自动语音以及多媒体服务等, 目前, 呼叫中心已经发展为基于 IP的三网合一的下一代呼叫中心, 不仅可以应用 于各种企业, 还能够应用于其他团体或机构。  The call center is a technology based on Computer Telephony Integration (CTI). The call center can fully utilize the multiple functions of the communication network and the computer network to integrate with the enterprise to form a complete integrated information service system. Efficiently provide high quality, high efficiency and comprehensive services by using various advanced communication methods. The initial forms of the call center include artificial hotline, interactive automatic voice and multimedia services. Currently, the call center has developed into an IP-based triple-play next-generation call center, which can be applied not only to various enterprises, but also to applications. Other groups or institutions.
国际标准化组织( ISO )在 IS07498-2中定义了五个安全服务功能:身份 认证服务、 访问控制服务、 数据保密服务、 数据完整性服务、 不可否认性 服务, 这些功能可适用于呼叫中心。 其中, 在实现上述功能时, 访问控制 服务是基于身份认证服务的, 系统会预先通过身份认证服务对主体进行身 份识别和认证, 然后通过访问控制服务判断是否允许主体对客体的访问, 达到控制主体对客体访问的目的。  The International Organization for Standardization (ISO) defines five security service functions in IS07498-2: identity authentication services, access control services, data privacy services, data integrity services, non-repudiation services, which are applicable to call centers. When the above functions are implemented, the access control service is based on the identity authentication service, and the system identifies and authenticates the subject in advance through the identity authentication service, and then determines whether to allow the subject to access the object through the access control service to reach the control subject. The purpose of accessing the object.
访问控制是通过某种途径显式地准许或者限制访问能力及范围的一种 方法。 访问本身涉及主体和客体, 换句话说, 访问控制保证主体受控制地、 合法地使用客体。 这里的主体指用户、 进程、 服务、 第三方系统等访问者, 客体指系统资源、 用户操作、 任务、 第三方系统的接口等等被访问目标。 访问控制是系统核心模块, 借助于访问控制, 能够保证系统资源受控地、 合法地使用, 通过限制主体对客体的访问, 能够达到防止非法用户入侵、 以及避免合法用户不慎操作造成破坏的目的。 Access control is a way to explicitly grant or limit access capabilities and scope in some way. The access itself involves the subject and the object. In other words, the access control guarantees that the subject uses the object in a controlled and lawful manner. The subject here refers to a visitor such as a user, a process, a service, a third-party system, etc., and the object refers to a target object such as a system resource, a user operation, a task, an interface of a third-party system, and the like. Access control is the core module of the system. With access control, system resources can be controlled, By legally using it, by restricting the subject's access to the object, it is possible to prevent the intrusion of illegal users and to prevent the inadvertent operation of legitimate users.
通常, 设计访问控制服务需要考虑权限(在广义上也可以称为资源使 用许可)和授权, 其中, 权限是主体对客体进行访问的许可, 授权是管理 者对主体授予访问客体权限的操作过程, 主体、 客体、 权限、 授权之间的 关系因访问控制策略不同而不同, 自从引入主体、 客体、 访问控制矩阵 Generally, designing an access control service requires consideration of permissions (also referred to as resource licenses in a broad sense) and authorizations, where permissions are the subject's permission to access the object, and authorization is the process by which the administrator grants access to the object to the principal. The relationship between subject, object, authority, and authorization varies with access control policies, since the introduction of subject, object, and access control matrix
( ACM )开始, 先后出现自主访问控制 (DAC )、 强制访问控制 (MAC ) 模型、基于角色的访问控制( RBAC )模型等各种用于进行访问控制的模型, 并且, 对访问控制模型的研究已经扩展到了更多领域, 例如, 扩展为基于 任务的访问控制模型 (TBAC )、 面向任务的 RBAC模型 (T-RBAC ) 以及 使用控制核心模型 (UCONABC )等。 At the beginning of (ACM), various models for access control, such as autonomous access control (DAC), mandatory access control (MAC) model, and role-based access control (RBAC) model, have emerged, and the access control model has been studied. It has been extended to more areas, such as the extension to the task-based access control model (TBAC), the task-oriented RBAC model (T-RBAC), and the use of the control core model (UCONABC).
但是, 目前所提出的各种访问控制模型都有各自的限制和缺点, 因此 不论应用到哪种领域都会出现相应的问题。 以呼叫中心为例, 如果在呼叫 中心釆用 DAC模型, 会导致管理权分散, 不利于集中管理, 还会造成信息 扩散和泄漏, 存在职权滥用的情况; 而如果釆用 MAC, 则会使得系统过分 强调保密性, 对系统连续工作能力和可管理性考虑不够周全, 安全级别定 义繁瑣, 且实现方式不灵活, 不适用于互联网等较为复杂的场景; 此外, 由于现代呼叫中心平台会涉及到数字资源、 隐私信息、 可信管理、 互联网、 工作流、 分布式的系统, 这就需要访问控制服务能够兼顾呼叫中心主体属 性和客体属性对授权的影响, 所以 RBAC模型也不能够兼顾这一方面。  However, the various access control models proposed so far have their own limitations and shortcomings, so no matter which field is applied, there will be corresponding problems. Taking the call center as an example, if the DAC model is used in the call center, the management rights will be dispersed, which is not conducive to centralized management. It will also cause information to spread and leak, and there will be abuse of authority. If MAC is used, the system will be made. Excessive emphasis on confidentiality, inadequate consideration of system continuous workability and manageability, cumbersome security level definition, and inflexible implementation, not suitable for more complex scenarios such as the Internet; in addition, because modern call center platforms involve numbers Resources, privacy information, trusted management, Internet, workflow, distributed systems, which require access control services to take into account the impact of call center subject attributes and object attributes on authorization, so the RBAC model can not take this aspect into account.
对于呼叫中心之外的其他系统平台或网络, 在使用目前的访问控制模 型时同样会出现上述类似的问题。  For other system platforms or networks other than call centers, similar problems can occur when using the current access control model.
针对相关技术中由于各种模型存在各自的缺陷而导致无法使用复杂的 系统或网络的问题, 目前尚未提出有效的解决方案。 发明内容 In view of the problem that the related technologies cannot be used in a complicated system or network due to the respective defects of various models, an effective solution has not been proposed yet. Summary of the invention
针对相关技术中由于各种访问控制模型存在各自缺陷而导致无法使用 复杂的系统或网络的问题, 本发明提出一种操作员资源使用许可的管理方 法和装置, 能够对操作员的权限(即, 资源使用许可)进行动态管理和调 整, 从而使得资源使用许可的配置更加灵活、 合理。  The present invention proposes a management method and apparatus for operator resource use permission, which is capable of operating a complex system or network, due to the respective defects of various access control models in the related art, that is, the authority of the operator (ie, Resource usage licenses are dynamically managed and adjusted to make the configuration of resource licenses more flexible and reasonable.
本发明的技术方案是这样实现的:  The technical solution of the present invention is implemented as follows:
根据本发明的一个方面, 提供了一种操作员资源使用许可的管理方法。 根据本发明的操作员资源使用许可的管理方法包括: 系统平台根据操 作员发起的认证请求对所述操作员进行认证; 在所述操作员通过认证的情 况下, 所述系统平台根据所述操作员在所述系统平台进行操作的历史记录 对所述操作员当前的资源使用许可进行调整。  According to an aspect of the present invention, a management method of an operator resource usage license is provided. The management method of the operator resource usage license according to the present invention includes: the system platform authenticating the operator according to an operator-initiated authentication request; in the case where the operator passes the authentication, the system platform is according to the operation The history of operations performed by the member on the system platform adjusts the operator's current resource usage permissions.
其中, 所述系统平台根据操作员发起的认证请求对所述操作员进行认 证包括: 所述系统平台根据所述认证请求确定所述操作员的身份信息并查 找所述历史记录; 所述系统平台将所述认证请求中携带的操作参数与所述 历史记录进行对比, 判断所述操作参数是否符合预设的认证预通过条件; 如果判断结果为是, 则所述系统平台允许所述操作员直接通过认证; 如果 判断结果为否, 则所述系统平台根据所述认证请求对所述操作员进行认证。  The system platform authenticating the operator according to the authentication request initiated by the operator includes: determining, by the system platform, the identity information of the operator according to the authentication request, and searching for the historical record; Comparing the operation parameter carried in the authentication request with the historical record, and determining whether the operation parameter meets a preset authentication pre-passing condition; if the determination result is yes, the system platform allows the operator to directly Passing the authentication; if the judgment result is no, the system platform authenticates the operator according to the authentication request.
其中, 所述操作参数可以包括以下至少之一: 所述认证请求的发送时 间、 所述认证请求的发送地点、 请求进行操作的业务类型。  The operation parameter may include at least one of the following: a sending time of the authentication request, a sending location of the authentication request, and a service type requesting to perform an operation.
此外, 在所述系统平台根据所述操作员在所述系统平台进行操作的历 史记录对所述操作员当前的资源使用许可进行调整之前, 该方法进一步包 括: 所述系统平台根据所述历史记录, 确定所述操作员的资源使用许可调 整参数, 其中, 所述资源使用许可调整参数用于表示所述操作员在所述系 统平台进行操作的情况;  In addition, before the system platform adjusts the current resource usage permission of the operator according to the historical record of the operation of the operator on the system platform, the method further includes: the system platform according to the historical record Determining, by the operator, a resource usage permission adjustment parameter, where the resource usage permission adjustment parameter is used to indicate that the operator operates on the system platform;
所述对所述操作员当前的资源使用许可进行调整包括: 根据预先设置 的多个不同级别的资源使用许可与多个资源使用许可调整参数范围的对应 关系, 确定所述操作员的资源使用许可调整参数所对应的资源使用许可, 如果确定的所述资源使用许可与所述操作员当前的资源使用许可不同, 则 将所述操作员的资源使用许可调整为所述确定的资源使用许可。 The adjusting the current resource usage permission of the operator includes: according to a preset Determining, by the plurality of different levels of resource usage licenses, a plurality of resource usage permission adjustment parameter ranges, determining resource usage licenses corresponding to the resource usage permission adjustment parameters of the operator, if the determined resource usage licenses and If the operator's current resource usage license is different, the operator's resource usage license is adjusted to the determined resource usage license.
此外, 所述系统平台根据所述历史记录, 确定所述操作员的资源使用 许可调整参数, 包括:  In addition, the system platform determines, according to the historical record, the resource usage permission adjustment parameter of the operator, including:
所述系统平台根据所述历史记录确定所述操作员进行的对应于每种业 务类型的操作的成熟度, 并根据所述历史记录确定所述操作员进行的对应 于每种业务类型的操作的能力度, 其中, 对于每种类型的业务, 成熟度用 于表示所述操作员进行的对应于该类型业务的所有操作的稳定程度情况, 能力度用于表示所述操作员进行的对应于该类型业务的所有操作的效率; 所述系统平台根据所述操作员进行的对应于每种业务类型的操作的成熟度 和能力度, 确定所述操作员进行的对应于该业务类型的操作情况, 并获得 表示所述操作员所进行的所有操作的情况的资源使用许可调整参数。  Determining, by the system platform, the maturity of the operations performed by the operator corresponding to each type of service according to the history record, and determining, according to the history record, the operations performed by the operator corresponding to each type of service Capability, where, for each type of service, maturity is used to indicate the degree of stability of all operations performed by the operator corresponding to the type of service, and the capability is used to indicate that the operator corresponds to the The efficiency of all operations of the type service; the system platform determines the operation status of the operator corresponding to the service type according to the maturity and capability of the operation performed by the operator corresponding to each service type, And a resource use permission adjustment parameter indicating a situation in which all operations performed by the operator are performed.
此外, 在对所述操作员当前的资源使用许可进行调整之后, 如果所述 操作员请求使用指定资源, 则所述方法可以进一步包括: 根据调整后的资 源使用许可判断所述操作员是否能够使用所述指定资源; 如果判断结果为 是, 则允许所述操作员使用所述指定资源; 如果判断结果为否, 则禁止所 述操作员使用所述指定资源。  In addition, after adjusting the current resource usage permission of the operator, if the operator requests to use the specified resource, the method may further include: determining, according to the adjusted resource usage permission, whether the operator is capable of using Specifying the resource; if the determination result is yes, allowing the operator to use the specified resource; if the determination result is no, the operator is prohibited from using the specified resource.
可选地, 上述历史记录包括以下之一或其组合: 所述操作员进行的每 次有效操作的开始时间、 所述操作员进行每次操作的有效时长、 所述操作 员进行的每次操作所对应的业务类型、 所述操作员进行的对应于每个业务 类型的有效操作的数量、 用户对所述操作员进行操作的评价、 系统对所述 操作员进行操作的质检评价、 所述操作员对用户的请求进行应答的及时率。  Optionally, the historical record includes one or a combination of the following: a start time of each valid operation performed by the operator, an effective duration of the operator performing each operation, and each operation performed by the operator. The corresponding service type, the number of valid operations performed by the operator corresponding to each service type, the evaluation of the operation of the operator by the user, the quality inspection evaluation of the operation of the operator by the system, The timely rate at which the operator responds to a user's request.
可选地, 上述系统平台包括呼叫中心。 根据本发明的另一方面, 提供了一种操作员资源使用许可的管理装置。 根据本发明的操作员资源使用许可的管理装置包括: 数据转换模块, 用于从系统平台获取操作员在所述系统平台进行操作的历史记录; 认证模 块, 用于根据操作员发起的认证请求对所述操作员进行认证; 访问控制模 块, 用于在所述认证模块确认操作员通过认证的情况下, 根据所述数据转 换模块获取的历史记录对所述操作员当前的资源使用许可进行调整。 Optionally, the above system platform includes a call center. According to another aspect of the present invention, a management apparatus for an operator resource usage license is provided. The management device for operating an operator resource license according to the present invention includes: a data conversion module, configured to acquire, from a system platform, a history of operations performed by an operator on the system platform; and an authentication module, configured to perform an authentication request initiated by an operator The operator performs authentication; and the access control module is configured to adjust the current resource usage permission of the operator according to the history record acquired by the data conversion module, if the authentication module confirms that the operator passes the authentication.
其中, 所述认证模块, 还用于根据所述认证请求确定所述操作员的身 份信息并查找所述历史记录, 并将所述认证请求中携带的操作参数与所述 历史记录进行对比, 判断所述操作参数是否符合预设的认证预通过条件; 如果判断结果为是, 则所述认证模块允许所述操作员直接通过认证; 如果 判断结果为否, 则所述认证模块根据所述认证请求对所述操作员进行认证。  The authentication module is further configured to determine the identity information of the operator according to the authentication request, and search for the history record, and compare the operation parameter carried in the authentication request with the historical record, and determine Whether the operation parameter meets the preset authentication pre-passing condition; if the determination result is yes, the authentication module allows the operator to directly pass the authentication; if the determination result is no, the authentication module according to the authentication request The operator is authenticated.
此外, 所述访问控制模块, 还用于根据所述数据转换模块获取的历史 记录确定所述操作员的资源使用许可调整参数, 其中, 所述资源使用许可 调整参数用于表示所述操作员在所述系统平台进行操作的情况; 并且, 所 述访问控制模块, 还用于根据预先设置的多个不同级别的资源使用许可与 多个资源使用许可调整参数范围的对应关系, 确定所述操作员的资源使用 许可调整参数所对应的资源使用许可, 如果确定的所述资源使用许可与所 述操作员当前的资源使用许可不同, 则将所述操作员的资源使用许可调整 为所述确定的资源使用许可。  In addition, the access control module is further configured to determine, according to the history record acquired by the data conversion module, the resource usage permission adjustment parameter of the operator, where the resource usage permission adjustment parameter is used to indicate that the operator is The operation of the system platform is performed; and the access control module is further configured to determine the operator according to a preset relationship between a plurality of different levels of resource usage licenses and a plurality of resource usage permission adjustment parameter ranges. Resource usage permission corresponding to the resource usage permission adjustment parameter, if the determined resource usage permission is different from the current resource usage permission of the operator, adjusting the resource usage permission of the operator to the determined resource License.
本发明通过根据操作员的操作历史记录调整操作员的资源使用许可, 从而能够根据操作员的工作习惯、 工作表现动态配置操作员的权限, 使得 资源使用许可的配置更加灵活、 合理。 附图说明  The invention adjusts the operator's resource use permission according to the operator's operation history, so that the operator's authority can be dynamically configured according to the operator's work habits and work performance, so that the resource use license configuration is more flexible and reasonable. DRAWINGS
图 1是根据本发明实施例的操作员资源使用许可管理方法的流程图; 图 2是根据本发明实施例的操作员资源使用许可管理装置的组成结构 示意图; 1 is a flowchart of an operator resource use license management method according to an embodiment of the present invention; FIG. 2 is a block diagram of an operator resource use license management apparatus according to an embodiment of the present invention; Schematic diagram
图 3是根据本发明实施例的操作员资源使用许可管理装置的具体结构 图;  3 is a detailed structural diagram of an operator resource use license management apparatus according to an embodiment of the present invention;
图 4是釆用本发明实施例的操作员资源使用许可管理装置的应急指挥 中心平台的组成结构示意图;  4 is a schematic diagram showing the structure of an emergency command center platform using an operator resource use license management apparatus according to an embodiment of the present invention;
图 5是在图 4所示的系统中警员对市民提供服务的流程图;  Figure 5 is a flow chart of police officers providing services to the public in the system shown in Figure 4;
图 6是警员对市民提供服务过程中通过本发明实施例的操作员资源使 用许可管理装置进行管理控制的流程图。 具体实施方式  Fig. 6 is a flow chart showing the management control by the operator resource use license management apparatus of the embodiment of the present invention in the course of the police officer providing the service to the citizen. detailed description
针对相关技术中由于各种访问控制模型存在各自的缺陷而导致无法使 用复杂的系统或网络的问题, 本发明提出, 对于通过认证的操作员, 根据 操作员的操作历史记录调整操作员的资源使用许可, 从而能够根据操作员 的工作习惯、 工作表现动态配置操作员的权限, 使得资源使用许可的配置 更加灵活、 合理。  In view of the problem in the related art that a complex system or network cannot be used due to various defects of various access control models, the present invention proposes to adjust an operator's resource usage according to an operator's operation history for an authenticated operator. Licensing, so that the operator's authority can be dynamically configured according to the operator's work habits and work performance, making the resource license configuration more flexible and reasonable.
下面将结合附图, 详细描述本发明的实施例。  Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
根据本发明的实施例, 提供了一种操作员资源使用许可的管理方法。 如图 1 所示, 根据本发明实施例的操作员资源使用许可的管理方法包 括以下步骤:  According to an embodiment of the present invention, a management method of an operator resource usage license is provided. As shown in FIG. 1, a management method of an operator resource use license according to an embodiment of the present invention includes the following steps:
步骤 101, 系统平台根据操作员发起的认证请求对操作员进行认证; 步骤 102, 在操作员通过认证的情况下, 系统平台根据操作员在系统平 台进行操作的历史记录对操作员当前的资源使用许可进行调整。  Step 101: The system platform authenticates the operator according to the authentication request initiated by the operator. Step 102: In the case that the operator passes the authentication, the system platform uses the current resource of the operator according to the historical record of the operation of the operator on the system platform. The license is adjusted.
借助于上述处理, 通过根据操作员的操作历史记录调整操作员的资源 使用许可, 从而能够根据操作员的工作习惯、 工作表现动态配置操作员的 权限, 使得资源使用许可的配置更加灵活、 合理。  By means of the above processing, by adjusting the operator's resource use permission according to the operator's operation history, the operator's authority can be dynamically configured according to the operator's work habits and work performance, making the resource use license configuration more flexible and reasonable.
在系统平台根据操作员发起的认证请求对操作员进行认证时, 系统平 台根据认证请求确定操作员的身份信息并查找历史记录; 系统平台将认证 请求中携带的操作参数与历史记录进行对比, 判断操作参数是否符合预设 的认证预通过条件; 如果判断结果为是, 则系统平台允许操作员直接通过 认证; 如果判断结果为否, 则系统平台根据认证请求对操作员进行认证。 其中, 操作参数符合预设的认证预通过条件可以是指: 历史记录中包含与 本次认证相同的操作参数, 或包含类似于本次认证的操作参数。 其中, 操 作参数包括以下至少之一: 认证请求的发送时间、 认证请求的发送地点、 请求进行操作的业务类型。 本次操作员请求认证时, 发送的认证请求中携带的业务类型为业务类型 A, 发起该请求的时间为一天的 B时刻, 发起认证请求的地点 (地址, 可以是 网络地址)为 C, 此时, 可以在历史记录中查找, 该操作员是否对业务类 型 A进行过操作, 操作历史记录中该操作员是否曾经在地点 C进行操作, 以及通常该操作员在一天的哪个时刻发起操作。 在查找后, 可以根据预设 的规则判断该认证请求是否具备合理性。 例如, 规则可以被配置为, 如果 历史记录中, 存在与上述三项均相同或类似的记录, 才认为该认证请求是 合理的; 也可以配置为只要历史记录中能够找到与上述三项类似或相同的 记录即可认为是具备合理性的。 具体的相似判断规则也可以有系统预先设 定, 例如, 可以配置为时刻相差在两个小时内, 即可认为是相似的时刻。 When the system platform authenticates the operator according to the operator-initiated authentication request, the system is flat. The station determines the identity information of the operator according to the authentication request and searches for the history record; the system platform compares the operation parameters carried in the authentication request with the history record, and determines whether the operation parameter meets the preset pre-passing condition; if the judgment result is yes, The system platform allows the operator to directly pass the authentication; if the judgment result is no, the system platform authenticates the operator according to the authentication request. The operation parameter conforms to the preset authentication pre-passing condition, which may be: the history record includes the same operation parameter as the current authentication, or contains an operation parameter similar to the current authentication. The operation parameter includes at least one of the following: a sending time of the authentication request, a sending location of the authentication request, and a service type requesting the operation. When the operator requests authentication, the service type carried in the authentication request sent is service type A, the time for initiating the request is time B of the day, and the place where the authentication request is initiated (address, which can be the network address) is C. At that time, it can be found in the history whether the operator has operated on the service type A, whether the operator has operated at the location C in the operation history, and usually at which time of the day the operator initiates the operation. After the search, the authentication request can be judged according to a preset rule. For example, the rule may be configured to consider that the authentication request is reasonable if there are records in the history that are the same as or similar to the above three items; or may be configured as long as the three items in the history can be found or The same record can be considered reasonable. The specific similarity judgment rule may also be preset by the system. For example, it may be configured that the time difference is within two hours, which may be regarded as a similar moment.
在系统平台根据操作员在系统平台进行操作的历史记录对操作员当前 的资源使用许可进行调整之前, 系统平台可以根据历史记录, 确定操作员 的资源使用许可调整参数, 其中, 资源使用许可调整参数用于表示操作员 在系统平台进行操作的情况, 对于具体应当获取历史记录中的哪些信息作 为资源使用许可调整参数的内容, 可以根据系统平台的需求而设定, 例如, 如果对操作员的评估主要需要考虑工作量信息, 则可以将操作员的工作量 和工作时间等信息作为资源使用许可调整参数; 而如果对操作员的评估主 要需要考虑工作能力, 则可以将操作员的工作效率、 工作质量(评价)信 息作为资源使用许可调整参数。 对于如何根据从历史记录中获取的信息得 到资源使用许可调整参数, 则可以对所有操作员釆用统一的方法进行计算 和统计。 Before the system platform adjusts the current resource usage license of the operator according to the history of the operation of the operator on the system platform, the system platform may determine the resource usage permission adjustment parameter of the operator according to the historical record, wherein the resource usage permission adjustment parameter Used to indicate that the operator is operating on the system platform. For the specific information in the history that should be obtained as the resource usage adjustment parameter, it can be set according to the requirements of the system platform, for example, if the operator is evaluated. Mainly need to consider the workload information, you can put the workload of the operator Information such as working hours and other factors are used as resource use permission adjustment parameters. If the evaluation of the operator mainly needs to consider the work ability, the operator's work efficiency and work quality (evaluation) information can be used as resource use permission adjustment parameters. For how to obtain the resource license adjustment parameters based on the information obtained from the history, all operators can use a unified method for calculation and statistics.
获得了操作员的资源使用许可调整参数之后, 在对操作员当前的资源 使用许可进行调整时, 则可以根据预先设置的多个不同级别的资源使用许 可与多个资源使用许可调整参数范围的对应关系, 确定操作员的资源使用 许可调整参数所对应的资源使用许可, 如果确定的资源使用许可与操作员 当前的资源使用许可不同, 则将操作员的资源使用许可调整为确定的资源 使用许可。  After the resource usage permission adjustment parameter of the operator is obtained, when the operator's current resource usage permission is adjusted, the correspondence between the plurality of different levels of the resource usage license and the plurality of resource use permission adjustment parameter ranges may be set according to the preset. The relationship determines the resource usage license corresponding to the resource usage permission adjustment parameter of the operator. If the determined resource usage license is different from the operator's current resource usage license, the operator's resource usage license is adjusted to the determined resource usage license.
对于诸如呼叫中心、 应急指挥中心的人工服务系统, 操作员进行操作 的历史记录主要可以包括以下之一或其组合: 操作员进行的每次有效操作 的开始时间、 操作员进行每次操作的有效时长、 操作员进行的每次操作所 对应的业务类型、 操作员进行的对应于每个业务类型的有效操作的数量、 用户对操作员进行操作的评价、 系统对操作员进行操作的质检评价、 操作 员对用户的请求进行应答的及时率、 执行每次操作时操作员的地址 (地点) 等。  For a human service system such as a call center or an emergency command center, the history of operations performed by the operator may mainly include one or a combination of the following: the start time of each effective operation performed by the operator, and the effective operation of each operation by the operator The duration, the type of service corresponding to each operation performed by the operator, the number of valid operations performed by the operator corresponding to each type of service, the evaluation of the user's operation on the operator, and the quality evaluation of the system's operation on the operator The time rate at which the operator responds to the user's request, the address (location) of the operator at each operation.
为了实现对操作员资源使用许可的调整, 可以根据历史记录确定操作 员的历史操作情况, 例如, 根据历史记录可以确定操作员的能力度、 熟练 度, 能力度、 熟练度可以直接根据历史记录得到, 但应当理解的是, 能力 度、 熟练度也可以根据操作习惯和出勤情况得到, 该操作习惯和出勤情况 是对历史记录的处理的中间结果。 最后即可根据这些确定得到的能力度和 熟练度以及针对这些信息设置的调整规则调整操作员的资源使用许可, 达 到动态调节操作员权限的目的。 下面将以确定操作员进行操作的能力度和熟练度为例进行描述。 In order to adjust the operator resource license, the historical operation of the operator can be determined based on the history. For example, according to the history, the operator's ability, proficiency, proficiency, proficiency can be directly obtained according to the historical record. However, it should be understood that the ability and proficiency can also be obtained according to operating habits and attendance. The operational habits and attendance are intermediate results of the processing of historical records. Finally, the operator's resource license can be adjusted according to the determined capability and proficiency and the adjustment rules set for these information, so as to dynamically adjust the operator's authority. The following is an example of determining the ability and proficiency of the operator to perform the operation.
在系统平台根据操作员在系统平台进行操作的历史记录对操作员当前 的资源使用许可进行调整时, 系统平台可以根据历史记录确定操作员进行 的对应于每种业务类型的操作的成熟度, 并根据历史记录确定操作员进行 的对应于每种业务类型的操作的能力度, 其中, 对于每种类型的业务, 成 熟度用于表示操作员进行的对应于该类型业务的所有操作的稳定程度, 如 执行 10次, 每次进行操作的表现都基本相同, 则表明成熟度较高, 而如果 执行 10次, 其中某次进行操作的表现非常好, 而另一次进行操作的表现非 常差, 也就是说表现起伏不定, 则表示成熟度差, 而具体考量成熟度可以 通过一系列的满意度来实现, 这将在后续进行说明; 能力度用于表示操作 员进行的对应于该类型业务的所有操作的效率; 系统平台根据操作员进行 的对应于每种业务类型的操作的成熟度和能力度, 确定操作员进行的对应 于该业务类型的操作情况, 并由此获得在当前资源使用许可下操作员所进 行的所有操作情况(即, 资源使用许可调整参数); 系统平台根据在当前资 源使用许可下所进行的所有操作情况对操作员的资源使用许可进行调整。  When the system platform adjusts the current resource usage permission of the operator according to the history of the operation of the operator on the system platform, the system platform can determine the maturity of the operation performed by the operator corresponding to each service type according to the history record, and Determining the degree of capability of the operator to perform operations corresponding to each type of service based on the history, wherein for each type of service, maturity is used to indicate the degree of stability of all operations performed by the operator corresponding to the type of service, If you perform 10 times, the performance of each operation is basically the same, indicating that the maturity is higher, and if you perform 10 times, one of the operations performed very well, and the other performed very poorly, that is, Saying that the performance is fluctuating, it means that the maturity is poor, and the specific maturity can be achieved through a series of satisfactions, which will be explained later; the ability degree is used to represent all operations performed by the operator corresponding to the type of business. Efficiency; the system platform corresponds to each of the operators The maturity and ability of the operation of the type of operation, determine the operation of the operator corresponding to the type of service, and thereby obtain all the operations performed by the operator under the current resource use permission (ie, resource license adjustment) Parameter); The system platform adjusts the operator's resource usage license based on all operational conditions performed under the current resource usage license.
具体地, 在根据历史记录确定操作员进行的对应于每种业务类型的操 作的成熟度时, 可以利用以下公式进行确定:  Specifically, when determining the maturity of operations performed by the operator corresponding to each type of service based on the history, the following formula can be used to determine:
M=AxBxC;  M=AxBxC;
其中, M为操作员进行的对应于一个业务类型的操作的成熟度, A为 用户对操作员进行的对应于该业务类型的操作的满意度, B 为系统对操作 员进行的对应于一项业务的操作的质检评价满意度, C 为操作员进行的对 应于该业务类型的所有操作中出现用户投诉的比率。 此时, 可以得到操作 员针对一种业务类型的操作成熟度。  Where M is the maturity of the operation performed by the operator corresponding to a service type, A is the satisfaction of the user with the operation corresponding to the service type of the operator, and B is the corresponding one of the system to the operator. The quality of the business operation evaluation satisfaction, C is the ratio of user complaints that occur to the operator in all operations corresponding to the type of business. At this point, you can get the operator's operational maturity for a type of business.
并且, 在根据历史记录确定操作员进行的对应于每种业务类型的操作 的能力度时, 可以利用以下公式进行确定:  And, when determining the ability of the operator to perform the operation corresponding to each type of service based on the history, the following formula can be used to determine:
N=CxDxE 其中, N为操作员进行的对应于一个业务类型的操作的能力度, C、 D 和 E分别为操作员针对该业务类型的操作所对应的及时应答率、 及时处理 率和有效工作率, 其中: N=CxDxE Where N is the capability of the operator to perform an operation corresponding to a service type, and C, D, and E are respectively a timely response rate, a timely processing rate, and an effective working rate corresponding to the operation of the operator for the service type, wherein :
及时应答率 =及时应答次数 /ACD (自动呼叫分配)排队成功数; 及时处理率 =及时处理次数 /及时应答次数;  Timely response rate = number of timely responses / ACD (automatic call distribution) queue success number; timely processing rate = timely processing times / timely response times;
有效工作率 =有效工作时长 /总工作时长。此时,根据以上参数和对应的 计算方法即可得到操作员针对一种业务类型的操作能力度。  Effective work rate = effective working time / total working time. At this time, according to the above parameters and the corresponding calculation method, the operator's operational ability for a certain type of service can be obtained.
根据操作员针对一种业务类型的操作成熟度和能力度, 可以得到操作 员针对该业务类型的操作情况, 该操作情况可以是操作员进行的对应于该 业务类型的操作的绩效指标。 具体地, 可以根据以下公式确定操作员进行 的对应于该业务类型的操作绩效指标:  Depending on the operator's operational maturity and ability for a type of service, the operator's operational status for that type of service can be obtained, which can be a performance indicator by the operator corresponding to the type of operation of the service type. Specifically, an operational performance indicator corresponding to the type of business performed by the operator can be determined according to the following formula:
L= MxNxW;  L= MxNxW;
其中, L为操作员进行的对应于该业务类型的操作的绩效指标, M为 操作员进行的对应于该业务类型的操作的成熟度, N 为操作员进行的对应 于该业务类型的操作的能力度, W为该业务类型的预设权重值。  Where L is the performance indicator of the operation performed by the operator corresponding to the service type, M is the maturity of the operation performed by the operator corresponding to the service type, and N is the operation performed by the operator corresponding to the service type. Capability, W is the default weight value for this type of business.
通常, 对于一些系统平台, 会存在很多不同级别的资源使用许可, 在 每个级别的资源使用许可下, 操作员只能够对一种业务类型进行操作, 此 时, 操作员对该业务类型进行操作的绩效指标即可作为该操作员的资源使 用许可调整参数, 如果操作员对该业务类型进行操作的绩效指标达到一定 值(或当前绩效指标的值落入某个资源使用许可所对应的数值范围)后, 则可以对该操作员的资源使用许可进行调整。  Generally, for some system platforms, there are many different levels of resource licenses. Under each level of resource license, the operator can only operate on one type of service. At this time, the operator operates on the type of service. The performance indicator can be used as the resource license adjustment parameter of the operator. If the operator's performance indicator for operating the business type reaches a certain value (or the value of the current performance indicator falls within the value range corresponding to a resource license) After that, the operator's resource usage license can be adjusted.
而对于比较复杂的系统平台, 在一个级别的资源使用许可下, 操作员 可以对多个业务类型进行操作, 此时, 需要对操作员当前资源使用许可对 应的多个业务类型的绩效指标进行综合考虑, 得到绩效统计结果, 反映操 作员进行的所有业务类型的操作情况。 例如, 可以根据以下公式将对应于 每种业务类型的绩效指标进行加权得到操作员的绩效统计结果: TT / Wi i +W2X2 +...+Wn Xn \ λ I \ λ For a more complex system platform, the operator can operate on multiple service types under one level of resource license. In this case, the performance indicators of multiple service types corresponding to the current resource license of the operator need to be integrated. Consider, get performance statistics that reflect the operational status of all types of operations performed by the operator. For example, it can correspond to the following formula The performance indicators for each type of business are weighted to obtain the operator's performance statistics: TT / Wi i +W 2 X 2 +...+W n X n \ λ I \ λ
W= 丄 丄 丄 = >  W= 丄 丄 丄 = >
wl +w2 +...+wn / J w I.x I. I / J I. 其中 W为综合绩效指标, Wi 为第 i个业务的加权值, 为第 i个业务 的绩效指标。 w l +w 2 +...+w n / J w Ix I. I / J I. Where W is the comprehensive performance indicator and Wi is the weighted value of the i-th business, which is the performance indicator of the i-th business.
此时, 可以将操作员的绩效统计结果作为该操作员的资源使用许可调 整参数, 类似地, 如果操作员的绩效统计结果达到一定值(或当前绩效统 计结果的值落入某个资源使用许可所对应的数值范围)后, 则可以对该操 作员的资源使用许可进行调整。  At this point, the operator's performance statistics can be used as the operator's resource usage adjustment parameters, similarly, if the operator's performance statistics reach a certain value (or the current performance statistics result falls within a resource license) After the corresponding range of values, the operator's resource usage license can be adjusted.
为了进行严格的资源使用许可控制 (即, 对操作员的授权进行严格控 制), 可以预先配置每个资源使用许可级别所允许使用的资源类型, 以及每 个级别的资源使用许可所对应的绩效指标数值范围或绩效统计结果数值范 围, 这样, 就能够确定操作员所符合的资源使用许可级别, 如果该操作员 目前的资源使用许可级别与确定的级别不相符, 则可以对操作员目前的资 源使用许可进行调整, 使之符合当前绩效指标或绩效统计结果所对应的级 别。  In order to perform strict resource license control (ie, strict control of the operator's authorization), the types of resources allowed for each resource license level and the performance indicators corresponding to each level of resource license can be pre-configured. The range of values or the range of performance statistics, so that the level of resource usage that the operator is eligible to be determined can be determined. If the current resource usage level of the operator does not match the determined level, the current resource usage of the operator can be used. The license is adjusted to match the level of current performance indicators or performance statistics.
可选地, 对于每个资源使用许可级别对应的数值范围, 可以根据该级 别对操作员的要求而灵活配置相应的绩效指标或绩效统计结果所对应的数 值或数值范围, 并且, 可以根据业务类型的重要性配置不同的权重值(W ), 从而使得资源使用许可的调整更加灵活, 并且能够适应不同系统平台以及 不同管理力度的要求。  Optionally, for each value range corresponding to the resource use permission level, the value or range of values corresponding to the performance indicator or the performance statistics result may be flexibly configured according to the operator's requirements according to the level, and may be based on the service type. The importance of configuring different weight values (W) makes the adjustment of resource licenses more flexible and can adapt to different system platforms and different management requirements.
应当注意, 之前以基于能力度和成熟度对操作员的资源使用许可进行 调整的过程进行的说明仅仅用于解释本发明, 本发明并不限于此, 在实际 应用中, 对于能力度和成熟度的确定可以省略之前提到的部分因素, 并加 入其他需要考虑的因素, 并且上述对能力度和成熟度进行的计算公式同样 是具体的实例, 每个公式所涉及的计算方法可以根据实际需要进行改变, 同样, 公式中的参量的获取方法也可以灵活配置, 例如, 对于上述参量 A, 该参量表示用户对操作员进行的对应于该业务类型的操作的满意度, 例如, 如果操作员当前的资源使用许可只能允许操作员操作一种类型的业务, 则 可以将历史记录中每次操作用户的评分进行相加, 将得到的总分作为 A, 也可以对用户针对该操作员的评分进行平均 (或加权平均)将均值作为 A; 而如果操作员能够进行多种业务类型的操作, 则可以对每种业务的平均得 分或平均得分进行加权平均, 对于质检评价满意度, 也可以釆用上述类似 的方法, 具体的方式本文不再——列举, 只要系统在获取具有相同资源使 用许可的操作员的同一参量时釆用统一的方法即可。 It should be noted that the previous description of the process of adjusting the operator's resource use permission based on the capability and maturity is merely for explaining the present invention, and the present invention is not limited thereto, and in practical applications, for capability and maturity The determination can omit some of the factors mentioned earlier, and add other factors to be considered, and the above calculation formula for capability and maturity is the same. It is a specific example. The calculation method involved in each formula can be changed according to actual needs. Similarly, the parameter acquisition method in the formula can also be flexibly configured. For example, for the above parameter A, the parameter represents the user's operation on the operator. Satisfaction with the operation corresponding to the type of service, for example, if the operator's current resource license can only allow the operator to operate one type of service, then the scores of each operation user in the history can be added, The total score obtained is taken as A, and the user's score for the operator can be averaged (or weighted averaged) with the mean as A; and if the operator can perform multiple types of operations, the average for each service can be The score or the average score is weighted average. For the satisfaction of the quality inspection evaluation, the similar method described above can also be used. The specific method is no longer - enumerated, as long as the system acquires the same parameter of the operator with the same resource license. Use a uniform method.
此外, 在以上描述中, 调整操作员资源使用许可的参照是操作员的能 力和数量程度, 而在实际应用中, 也可以单纯地从工作量方面进行考虑, 即, 只要工作量满足一定要求, 即可对操作员进行资源使用许可的调整, 此外, 也可以将工作量要求与能力和数量程度进行结合判断, 还可以进一 步考虑操作员的出勤率等信息进行判断, 总之, 根据不同的系统平台要求, 可以釆用不同的规则, 并从操作历史记录中提取需要的内容进行判断。  In addition, in the above description, the reference for adjusting the operator resource use permission is the ability and the degree of the operator, and in practical applications, it is also possible to simply consider the workload, that is, as long as the workload satisfies certain requirements, The operator can adjust the resource license. In addition, the workload requirement can be combined with the capability and quantity. The operator's attendance rate can be further considered and judged. In short, according to different system platforms. Requirement, you can use different rules, and extract the required content from the operation history to judge.
在对操作员当前的资源使用许可进行调整之后, 如果操作员请求使用 指定资源, 系统平台会根据调整后的资源使用许可判断操作员是否能够使 用指定资源; 如果判断结果为是, 则允许操作员使用指定资源; 如果判断 结果为否, 则禁止操作员使用指定资源。  After adjusting the current resource usage license of the operator, if the operator requests to use the specified resource, the system platform determines whether the operator can use the specified resource according to the adjusted resource usage permission; if the judgment result is yes, the operator is allowed Use the specified resource; if the judgment is no, the operator is prohibited from using the specified resource.
此外, 在上述处理中, 可以基于传统的访问控制模型进行资源使用许 可的调整, 例如, 可以在传统访问控制模型为操作员分配的资源使用许可 的基础上釆用上述处理进行调整, 其中, 传统的访问控制模型可以是 DAC 模型、 MAC模型以及 RB AC模型等。  In addition, in the above processing, the adjustment of the resource use permission may be performed based on the traditional access control model, for example, the above process may be adjusted based on the resource use permission allocated by the traditional access control model for the operator, wherein, the traditional The access control model can be a DAC model, a MAC model, and an RB AC model.
根据本发明的实施例, 还提供了一种操作员资源使用许可的管理装置。 如图 2所示, 根据本发明实施例的操作员资源使用许可的管理装置包 括: According to an embodiment of the present invention, a management apparatus for an operator resource usage license is also provided. As shown in FIG. 2, an apparatus for managing an operator resource usage license according to an embodiment of the present invention includes:
数据转换模块 21 , 用于从系统平台获取并保存操作员在系统平台进行 操作的历史记录;  The data conversion module 21 is configured to acquire and save a history of operations performed by the operator on the system platform from the system platform;
认证模块 22, 用于根据操作员发起的认证请求对操作员进行认证; 访问控制模块 23 , 用于在认证模块 22确认操作员通过认证的情况下, 根据数据转换模块 21获取的历史记录对操作员当前的资源使用许可进行调 整。  The authentication module 22 is configured to authenticate the operator according to the authentication request initiated by the operator; and the access control module 23 is configured to perform the operation according to the history record acquired by the data conversion module 21 when the authentication module 22 confirms that the operator passes the authentication. The current resource license is adjusted.
下面将详细描述根据本发明实施例的操作员资源使用许可的管理装置 的结构和工作原理。  The structure and operation principle of the management apparatus for the operator resource use permission according to the embodiment of the present invention will be described in detail below.
如图 3所示, 数据转换模块 21可以与数据提供方连接, 具体用于获取 操作员的操作历史记录。  As shown in FIG. 3, the data conversion module 21 can be connected to the data provider, specifically for acquiring an operation history of the operator.
在将根据本发明的装置应用与呼叫中心后, 数据转换模块可以获取呼 叫中心的员工信息、 平台环境、 平台设备状态、 呼叫中心值班表、 呼叫中 心考勤数据(例如, 可以是操作员的签入签出信息)等, 并根据情况转换 为认证模块 22和访问控制模块 23所能够识别的格式, 这里的转换操作包 括用户名匹配、 密码加解密、 密码匹配等。 数据提供方可以是呼叫中心员 工管理系统、 呼叫中心劳动力管理系统、 呼叫中心排班系统、 或者其他提 供排班管理、 考勤管理、 员工档案信息管理、 员工绩效指标统计分析的同 类系统, 在实际应用中, 可以使根据本发明实施例的操作员资源使用许可 的管理装置设置为排班系统的子系统, 也可以将该装置与排班系统连接以 便传输历史记录。  After the device according to the present invention is applied to the call center, the data conversion module can obtain the employee information of the call center, the platform environment, the platform device status, the call center duty table, and the call center attendance data (for example, the operator can check in) The information is checked out, etc., and converted into a format recognizable by the authentication module 22 and the access control module 23, where the conversion operation includes username matching, password encryption and decryption, password matching, and the like. The data provider can be a call center employee management system, a call center labor management system, a call center scheduling system, or other similar systems that provide scheduling management, attendance management, employee profile information management, and employee performance indicator statistical analysis. In this case, the management device for the operator resource usage license according to the embodiment of the present invention may be set as a subsystem of the scheduling system, or the device may be connected to the scheduling system to transmit the history.
认证模块 22用于处理认证请求方的认证请求(消息或者函数调用 ), 认证请求方是指呼叫中心平台的各个系统, 这些系统在用户登录(例如, 可以是普通员工、 班长登录座席等具有不同资源使用许可的操作员)、 并调 用登录接口时发起认证请求, 认证模块 22从数据转换模块 21获取必备数 据(可以是该操作员的历史记录)后处理认证请求, 并返回认证结果。 The authentication module 22 is configured to process an authentication request (message or function call) of the authentication requester, and the authentication requester refers to each system of the call center platform, and these systems are different in the user login (for example, the ordinary employee, the squad leader login, etc.) Resource license operator) When the login interface is used to initiate an authentication request, the authentication module 22 obtains the necessary data (which may be the operator's history) from the data conversion module 21, processes the authentication request, and returns the authentication result.
在进行认证时, 认证模块 22具体用于根据认证请求确定操作员的身份 信息并查找历史记录, 并将认证请求中携带的操作参数与历史记录进行对 比, 判断操作参数是否符合预设的认证预通过条件; 如果判断结果为是, 则认证模块允许操作员直接通过认证; 如果判断结果为否, 则认证模块根 据认证请求对操作员进行认证。  When the authentication is performed, the authentication module 22 is specifically configured to determine the identity information of the operator according to the authentication request and search for the history record, and compare the operation parameters carried in the authentication request with the history record to determine whether the operation parameter meets the preset authentication pre- The pass condition; if the judgment result is yes, the authentication module allows the operator to directly pass the authentication; if the judgment result is no, the authentication module authenticates the operator according to the authentication request.
访问控制模块 23 用于处理访问请求方的访问请求 (消息或者函数调 用), 访问请求方是认证请求方本身或其子系统、 子模块, 也是呼叫中心平 台的下属系统, 这些系统在操作员请求使用 (访问)资源时发起访问请求, 访问控制模块 23从数据转换模块 21获取必备数据后处理访问请求, 并返 回访问许可结果。  The access control module 23 is configured to process an access request (message or function call) of the access requester, and the access requester is the authentication requester itself or its subsystem, sub-module, and is also a subordinate system of the call center platform, and these systems are requested by the operator. When an access request is initiated when the resource is accessed (accessed), the access control module 23 acquires the necessary data from the data conversion module 21, processes the access request, and returns the access permission result.
根据本发明实施例的操作员资源使用许可的管理装置的处理过程如 下:  The processing procedure of the operator resource license management apparatus according to the embodiment of the present invention is as follows:
认证请求方在呼叫中心平台用户登录或者单点登录接口调用时向该装 置发起认证请求, 该装置的认证模块向数据转换模块请求必备数据(可以 是历史记录中操作员的操作参数 ), 数据转换模块返回认证模块所需数据, 然后认证模块执行认证操作, 向认证请求方返回认证结果;  The authentication requester initiates an authentication request to the device when the call center platform user logs in or the single sign-on interface is invoked, and the authentication module of the device requests the data conversion module for the necessary data (which may be an operation parameter of the operator in the history record), the data. The conversion module returns data required by the authentication module, and then the authentication module performs an authentication operation, and returns an authentication result to the authentication requester;
若认证结果是通过认证, 则认证请求方是呼叫中心合法用户, 被允许 进入呼叫中心平台, 后续交由访问请求方进一步使用, 访问请求方是认证 请求方的子系统或者子模块, 所以, 访问请求方在呼叫中心平台用户访问 资源前向该装置发起访问请求, 该装置的访问控制模块向数据转换模块请 求必备数据(可以是该操作员进行操作的历史记录), 数据转换模块返回访 问控制模块所需数据, 然后访问控制模块执行使用决策、 使用实施、 使用 日志记录操作, 并向访问请求方返回访问许可结果, 若访问许可结果是允 许访问, 则访问请求方将获得资源访问许可, 凭该许可访问请求方能访问 对应资源, 并且在访问过程中访问控制模块继续根据数据转换模块实时或 者定时返回数据进行使用决策、 使用实施、 使用日志记录操作; 如果访问 许可结果是不允许访问, 则访问请求方不能访问对应资源。 If the authentication result is authenticated, the authentication requester is a legitimate user of the call center, is allowed to enter the call center platform, and is subsequently used by the access requester for further use. The access requester is a subsystem or sub-module of the authentication requester, so access The requesting party initiates an access request to the device before the call center platform user accesses the resource, and the access control module of the device requests the data conversion module for the necessary data (which may be a history record of the operation of the operator), and the data conversion module returns the access control. The data required by the module, then the access control module performs the usage decision, uses the implementation, uses the logging operation, and returns the access permission result to the access requester, if the access permission result is If the access is made, the access requester will obtain the resource access permission, and the access requesting party can access the corresponding resource, and during the access process, the access control module continues to use the data conversion module to return the data in real time or periodically for use decision, use implementation, and use. Logging operation; if the access permission result is that access is not allowed, the access requester cannot access the corresponding resource.
进一步地, 如图 3所示, 本实施例的访问控制模块 21包括使用决策子 模块 31、 使用实施子模块 32、 和使用日志子模块 33。  Further, as shown in FIG. 3, the access control module 21 of the present embodiment includes a usage decision sub-module 31, a usage implementation sub-module 32, and a usage log sub-module 33.
具体地, 使用实施子模块 32提供资源使用许可的创建、 读取、 更新、 传输, 并负责向使用决策子模块 31提供当前使用许可读取, 决策后的使用 许可创建和更新。 使用实施子模块 31向访问请求方进行访问应答, 传输使 用许可;  Specifically, the implementation sub-module 32 is used to provide creation, reading, updating, and transmission of resource usage licenses, and is responsible for providing the current usage license read, decision-making usage license creation and update to the usage decision sub-module 31. Using the implementation sub-module 31 to perform an access response to the access requester, and transfer the use permission;
使用决策子模块 32根据来自数据转换模块 21的必备数据进行资源使 用许可决策, 决策模型可以使用现有的 DAC、 MAC, RBAC等多种已有的 访问控制模型;  The usage decision sub-module 32 performs resource usage permission decisions based on the necessary data from the data conversion module 21, and the decision model can use various existing access control models such as DAC, MAC, RBAC, etc.;
使用日志子模块 33负责记录访问请求方的访问请求具体信息、 访问应 答具体信息, 也就是说, 用于记录访问资源的时间、 主体、 客体、 相关系 统、 许可等信息。  The use log sub-module 33 is responsible for recording the specific information of the access request of the access requester, the specific information of the access response, that is, the time, the subject, the object, the related system, the license, and the like for recording the access resource.
在处理过程中, 根据来自数据转换模块 21的必备数据, 使用决策子模 块 31根据决策模型进行资源使用许可决策, 并将决策结果传给使用实施子 模块 32;  In the process, according to the necessary data from the data conversion module 21, the decision sub-module 31 is used to make a resource use permission decision according to the decision model, and the decision result is transmitted to the usage implementation sub-module 32;
若过本次请求的访问为首次访问, 且使用决策子模块 31的决策结果是 允许访问, 则使用实施子模块 31创建许可数据并存储, 若使用决策子模块 31的决策结果和上次访问许可不同,则使用实施子模块 32更新许可数据并 存储(即, 更新请求方的资源使用许可), 若即不是首次访问、 且也不需要 更新许可数据, 则使用实施子模块 32将许可数据发给访问请求方, 许可数 据可以包含访问请求时间、 有效期、 访问请求方、 被访问资源、 许可标志 等信息或其组合。 If the access requested this time is the first access, and the decision result of the usage decision sub-module 31 is to allow access, the implementation sub-module 31 is used to create the license data and store it, if the decision result of the decision sub-module 31 and the last access permission are used. Otherwise, the implementation sub-module 32 is used to update the license data and store (ie, update the resource usage license of the requesting party). If the license data is not accessed for the first time, and the license data is not required to be updated, the implementation sub-module 32 is used to send the license data to the license data. Access requester, license data can include access request time, expiration date, access requester, accessed resource, permission flag Information or a combination thereof.
在人工服务系统平台 (例如, 可以是接警座席、 投诉工作流系统、 警 务咨询系统等) 中, 根据操作员 (请求方) 的能力和成熟度进行资源使用 许可调整的情况下, 同样可以参照方法实施例部分所釆用的公式进行评估, 成熟度 /能力度模型的表示方式如下:  In the case of a human service system platform (for example, an alarm agent, a complaint workflow system, a police consultation system, etc.), when the resource license adjustment is performed according to the capability and maturity of the operator (requesting party), the same can be referred to. The formula used in the method examples section is evaluated. The maturity/capability model is expressed as follows:
绩效指标=能力度 X成熟度 X业务类型权重  Performance indicator = ability degree X maturity X business type weight
能力度 = (有效人工服务数 /有效工作时长) X及时应答率  Ability = (effective number of active services / effective working hours) X timely response rate
成熟度 =用户满意度 X质检满意度 X重大投诉比率  Maturity = User Satisfaction X Quality Assurance Satisfaction X Major Complaint Ratio
其中, 业务类型权重可以根据业务类型不同而单独设计, 例如, 业务 类型为报警的权重值比业务类型为警务咨询的权重值要大; 有效人工服务 数为服务时长大于 3秒小于 30秒的人工接通数量, 服务时长范围根据业务 类型设置; 有效工作时长为考勤时间 (即, 签出时间 -签入时间)减去示忙 时长; 及时应答率是员工在若干秒(具体时间长度可根据灵活设置) 内应 答电话数量占该员工总排队成功数量; 用户满意度等于用户评价的加权平 均值, 例如, (χ χ ο+γ χ ο.6+ζ χ 1 ) / ( X+Y+Z ), 其中 X为不满意次数, 加权值为 0, Υ为一般次数, 加权值为 0.6, Ζ为满意次数, 加权值为 1 ; 质 检满意度=质检员评价分的算数平均值 /总分; 重大投诉比率 = (重大投诉次 数 X程度加权值) /整体重大投诉次数, 程度加权值越小说明投诉更重大。  The service type weights may be separately designed according to different service types. For example, the service type is an alarm whose weight value is larger than the service type is a police consultation weight; the effective manual service number is a service duration greater than 3 seconds and less than 30 seconds. The number of manual connection, the service duration range is set according to the service type; the effective working time is the attendance time (ie, the check-out time-check-in time) minus the busy time; the timely response rate is the employee in a few seconds (the specific length of time can be based on Flexible setting) The number of internal answering calls accounts for the total number of successful queues for the employee; User satisfaction is equal to the weighted average of the user ratings, for example, (χ χ ο+γ χ ο.6+ζ χ 1 ) / ( X+Y+Z ), where X is the number of unsatisfactory times, the weighted value is 0, Υ is the general number, the weighted value is 0.6, Ζ is the number of satisfactions, and the weighted value is 1; Quality inspection satisfaction = arithmetic mean of the quality inspector's evaluation points / total Sub-contraction ratio = (significant number of major complaints X degree weighting) / overall number of major complaints, the smaller the weighted value, the greater the complaint.
基于上述能力成熟度模型, 不仅能够根据能力度和成熟度进行预先授 权, 还可以进一步结合紧急度进行服务中授权, 此时, 可以将紧急度作为 能力度和成熟度的一个辅助指标, 用于表示紧急事件的发生、 临时活动的 举行, 例如, 当成熟度低于某值(可能有重大投诉)或者紧急度高于某值 (可能有紧急时间发生) 时, 系统立即对该操作员的人工服务进行控制管 理, 当紧急度处于某个范围 (可能有某严打大规模活动开始) 时立即允许 所有员工处理该警务咨询电话。 此外,在上述装置中,各个模块 /子模块之间可以通过 IP/TCP协议建立 长连接随时传送消息, 也可以使用函数调用等方式。 Based on the above capability maturity model, not only can pre-authorization be based on capability and maturity, but also in-service authorization can be further combined with urgency. At this time, urgency can be used as an auxiliary indicator of capability and maturity. Indicates the occurrence of an emergency or the holding of a temporary activity, for example, when the maturity is below a certain value (may have a major complaint) or the urgency is above a certain value (may have an emergency time), the system immediately labors the operator The service is controlled and managed, and all employees are allowed to handle the police consultation phone immediately when the urgency is within a certain range (there may be a certain large-scale activity start). In addition, in the above device, each module/submodule can establish a long connection through the IP/TCP protocol to transmit a message at any time, and can also use a function call or the like.
在配置上述装置时, 可以将一个或多个模块配置为以独立进程存在, 作为组件被其他系统调用, 也可以将各个模块分布式部署在网络上, 具有 较高的部署灵活性。  When configuring the above device, one or more modules can be configured to exist in a separate process, as components are called by other systems, and each module can be distributedly deployed on the network, which has high deployment flexibility.
下面将以应急指挥中心人工服务平台为例进行详细说本发明该装置可 以作为呼叫中心平台等多种系统平台的统一操作员资源使用许可的管理中 心, 系统平台的所有系统模块均可以使用该装置提供的用户认证和资源访 问控制功能, 从而通过预先授权和访问中授权来动态地持续地自动控制操 作员的访问行为, 不仅能够有效管理权限分配较为简单的系统平台中各个 操作员的资源使用许可, 并且能够适用于呼叫中心平台等基于人工服务且 权限较为复杂的平台中, 能够根据要求对员工能力及其稳定程度进行客观 评价并动态调整授权。  In the following, the emergency command center manual service platform will be taken as an example to describe in detail that the device can be used as a unified operator resource license management center for various system platforms such as a call center platform, and all system modules of the system platform can use the device. User authentication and resource access control functions are provided to dynamically and continuously control the operator's access behavior through pre-authorization and access authorization, which not only can effectively manage the resource license of each operator in the system platform with relatively simple rights allocation. And can be applied to a platform based on manual services and complex permissions such as a call center platform, and can objectively evaluate and dynamically adjust the authorization of employees according to requirements.
在将要描述的实例中, 将应急指挥中心作为系统平台, 将市民作为用 户、 将接警员和处警员作为操作员, 其中, 接警员和处警员都是系统直接 使用者(直接用户), 市民也可以作为直接使用者和系统客户。  In the example to be described, the emergency command center is used as the system platform, and the citizens are used as users, and the police officers and police officers are used as operators. Among them, the police officers and the police officers are direct users of the system (direct users). The public can also act as direct users and system customers.
应急指挥中心是一种常用的系统平台, 其用于保障公共安全和处置突 发公共事件。 应急指挥中心一般建立在完善的应急管理制度之上, 并利用 The Emergency Command Center is a commonly used system platform for public safety and for handling public emergencies. The emergency command center is generally built on a sound emergency management system and utilized
ICT技术, 是基于呼叫中心集通信、指挥和调度于一体的应急管理系统, 也 是一种电子政务平台。 ICT technology is an emergency management system based on call center communication, command and dispatch, and an e-government platform.
在本实例中, 如图 4所示, 应急指挥中心平台由排班系统、 自动呼叫 分配(ACD, Automatic Call Distribution ), 坐席(AGENT )、 业务系统组成, 市民在需要报警或者咨询时, 可以使用电话、 手机、 交互式电视、 计算机 等终端发起通讯请求, 通过通讯网络(例如, 移动电话网、 有线电视网、 互联网等)接入 ACD, ACD负责将通信请求排队到 AGENT中, 具体的接 入过程在此不作详细描述,本发明主要关注接入到 AGENT后的情况。接警 员负责在 AGNET上应答来话,使用业务系统向市民提供服务,并在必要时 将市民请求交给处警员处理。 可以看出, 应急指挥中心平台提供的服务包 括人工服务、 报警服务、 警务咨询服务等相关服务。 In this example, as shown in FIG. 4, the emergency command center platform is composed of a scheduling system, an automatic call distribution (ACD), an agent (AGENT), and a business system, and the citizen can use the alarm or consultation. Terminals such as telephones, mobile phones, interactive televisions, and computers initiate communication requests, access ACDs through communication networks (eg, mobile phone networks, cable networks, the Internet, etc.), and ACDs are responsible for queuing communication requests into AGENT. The process is not described in detail herein, and the present invention focuses on the situation after access to AGENT. The police officer is responsible for answering incoming calls on AGNET, using the business system to provide services to the public, and handing over the citizen's request to the police officer when necessary. It can be seen that the services provided by the emergency command center platform include human services, alarm services, police consulting services and other related services.
此外, 如图 4所示, 在本实例中, 可以将操作员资源使用许可的管理 装置设置到排班系统中, 从而能够直接利用排班系统分析过的警员工作的 历史记录, 在必要的情况下, 还可以参照排班系统中的班表、 考勤数据等 进行相关处理。 具体地, 排班系统由根据本发明实施例的资源使用许可的 管理装置、 数据分析和绩效子系统、 话务预测和适配子系统、 班表管理子 系统组成。  In addition, as shown in FIG. 4, in the present example, the management device for the operator resource use permission can be set to the scheduling system, so that the history of the police officer's work analyzed by the shifting system can be directly utilized, if necessary. In this case, you can also refer to the shift schedule, attendance data, etc. in the shift system for related processing. Specifically, the scheduling system is composed of a resource usage license management apparatus, a data analysis and performance subsystem, a traffic prediction and adaptation subsystem, and a shift table management subsystem according to an embodiment of the present invention.
数据分析和绩效子系统能够多维度地收集、 分析和统计应急指挥中心 话务量和警员的工作情况, 计算警员的绩效指标。 在本实例中, 数据分析 和绩效子系统具体可以从 ACD收集分析应急指挥中心话务量, 包括呼入次 数、 排队次数、 平均排队时长、 排队成功次数等, 从 AGENT收集分析警员 人工服务情况和考勤数据等, 包括签入时间、 签出时间、 示忙次数、 示忙 时长、 人工接通数、 以及每次通话的服务时长、 用户评价等信息; 并且能 够从业务系统收集分析警员业务数据, 包括工单数量、 人工服务次数、 以 及每次通话的工单提交量等; 此外, 数据分析和绩效子系统还能够从质检 系统(未示出) 收集分析质检评价数据, 包括评价总评分、 被质检次数、 以及被质检通话的评价分数等, 从投诉系统(未示出) 收集分析用户投诉 数据, 包括每次投诉的严重程度等。  The data analysis and performance subsystem can collect, analyze and count the traffic volume of the emergency command center and the work of the police officers in multiple dimensions, and calculate the performance indicators of the police officers. In this example, the data analysis and performance subsystem can collect and analyze the traffic volume of the emergency command center from the ACD, including the number of incoming calls, the number of queues, the average queue length, the number of queued successes, etc., and collect and analyze the police personnel's manual service from AGENT. And attendance data, etc., including check-in time, check-out time, number of busy times, busy duration, number of manual connections, and service duration per call, user evaluation, etc.; and ability to collect and analyze police officers from the business system Data, including the number of work orders, the number of manual services, and the number of work orders submitted per call; in addition, the data analysis and performance subsystem can also collect and analyze quality inspection evaluation data from quality inspection systems (not shown), including evaluation The total score, the number of quality checks, and the evaluation score of the quality-checked call, etc., collect and analyze user complaint data from the complaints system (not shown), including the severity of each complaint.
话务预测和适配子系统可以用于根据数据分析和绩效子系统提供的数 据进行预测, 然后, 根据预测结果、 排班模板设置、 警员个性化需求进行 适配, 从而获得班表。  The traffic prediction and adaptation subsystem can be used to predict based on data provided by the data analysis and performance subsystem, and then adapted based on the predicted results, scheduling template settings, and individualized requirements of the police to obtain the schedule.
班表管理子系统允许警员申请变更班次、 换班、 请假、 计划活动 (例 如, 外出、 出差等)、 总体偏好(例如, 喜欢上夜班等), 并能在管理员控 制的参数范围内自动修改在话务预测和适配子系统中获得的班表, 从而改 变他们的工作时间表。 The shift management subsystem allows police officers to apply for change shifts, shifts, leave, and planned activities (eg Such as outings, travel, etc., overall preferences (for example, like night shifts, etc.), and can automatically modify the schedules obtained in the traffic prediction and adaptation subsystem within the parameters controlled by the administrator, thereby changing their work schedule.
操作员资源使用许可的管理装置可以是图 2和图 3所示的装置, 不但 提供基于班表的帐号认证和加密功能, 而且提供访问控制功能。 在本实例 中, 上述的数据分析和绩效子系统、 话务预测和适配子系统、 班表管理子 系统用于辅助操作员资源使用许可的管理装置进行资源使用许可的管理。  The management device for the operator resource usage license may be the device shown in Figs. 2 and 3, which not only provides an account authentication and encryption function based on the class table, but also provides an access control function. In the present example, the above-described data analysis and performance subsystem, traffic prediction and adaptation subsystem, and schedule management subsystem are used to manage the resource usage license management device for the operator resource license.
排班系统在整体上可以提供值班表生成、 变更、 警员考勤管理、 绩效 管理等功能, 在增设操作员资源使用许可的管理装置后, 应急指挥中心平 台的其他系统都可以和排班系统连接, 并在登录时、 在开始操作时、 在操 作过程中请求排班系统, 以获得认证和访问许可。 排班系统的核心数据是 班表、 个性化需求。 班表包括值班人工号、 值班人姓名、 值班人密码、 技 能、 值班班次、 能力成熟度、 所属班组等属性, 前面提到能力成熟度就是绩 效指标的一种具体的实例; 班次的属性包括班次开始时间、 结束时间, 当 按班组值班时还有对应的班组。 在本实施例中, 操作员资源使用许可的管 理装置的工作基础也是班表, 认证时根据工号读取班表的值班人密码, 访 问控制时根据警员工号读取技能、 值班班次、 能力成熟度等数据。  The shifting system can provide functions such as duty table generation, change, police attendance management, and performance management as a whole. After the operator management license is added, other systems of the emergency command center platform can be connected to the shifting system. And request the scheduling system at login, at the beginning of the operation, during the operation to obtain certification and access permissions. The core data of the shifting system is the schedule and individual needs. The shift table includes the duty manual number, the name of the duty person, the password of the duty person, the skill, the duty shift, the maturity of the duty, the affiliation of the squad, etc. The aforementioned maturity is a specific example of the performance indicator; the attributes of the shift include the shift. Start time, end time, and the corresponding shift group when the shift is on duty. In this embodiment, the working basis of the management device for the operator resource use permission is also a class table, and the duty person password of the class table is read according to the work number during the authentication, and the skill, duty shift, ability is read according to the police employee number during the access control. Maturity and other data.
图 5是应急指挥中心平台处理市民请求的处理流程图。 具体步骤如下: 步骤 51 , 市民使用终端通过网络进入 ACD;  Figure 5 is a flow chart of the process of handling the citizen's request by the emergency command center platform. The specific steps are as follows: Step 51, the public uses the terminal to enter the ACD through the network;
如果市民成功排队到坐席, 则执行步骤 52, 否则继续等待;  If the citizens successfully queue up to the agent, proceed to step 52, otherwise continue to wait;
步骤 52, 判断警员是否应答市民的请求, 如果应答, 则执行步骤 53 , 否则处理结束;  Step 52: Determine whether the police officer responds to the citizen's request, and if yes, perform step 53; otherwise, the process ends;
步骤 53 , 警员与市民沟通, 得知市民需要查询某警务信息;  Step 53: The police officers communicate with the public and learn that the public needs to inquire about a police information;
步骤 54, 警员打开系统查询到警务信息后, 向市民提供该警务信息, 如果市民要求处理关联警务则执行步骤 55 , 否则执行步骤 56; 步骤 55 , 警员在业务系统中提交报警工单, 并执行步骤 56; 步骤 56, 市民评价警员, 系统记录市民的评价, 在通信终端后处理结 束。 Step 54, after the police open the system to query the police information, provide the police information to the public, if the citizen requests to handle the associated police, step 55 is performed, otherwise step 56 is performed; Step 55: The police officer submits an alarm work order in the business system, and performs step 56; Step 56, the citizen evaluates the police officer, the system records the citizen's evaluation, and the processing ends after the communication terminal.
在步骤 54中, 警员可以釆用单点登录接口自动登录业务系统, 在查询 之前, 警员需要预先签入 AGENT, 签入时 AGENT必须从操作员资源使用 许可的管理装置获得认证许可才能登录到 AGENT中。  In step 54, the police officer can automatically log in to the business system using the single sign-on interface. Before the inquiry, the police officer needs to check in the AGENT in advance. When checking in, the AGENT must obtain the certification permission from the management device of the operator resource license to log in. Go to AGENT.
图 6示出了警员在业务系统中进行警务查询的具体流程, 如图 6所示, 查询过程如下:  Figure 6 shows the specific process of police officers performing police query in the business system. As shown in Figure 6, the query process is as follows:
步骤 61 , 在警员需要打开业务系统时, 可以在 AGENT中执行业务菜 单;  Step 61: When the police officer needs to open the business system, the business menu can be executed in the AGENT;
步骤 62, 对于警员登录 AGENT的过程, 可以通过单点登录来避免重 复登录, 单点登录接口由 AGENT调用, 业务系统解析单点登录请求, 提取 出工号、 密码等信息;  Step 62: For the process of the police officer logging in to the AGENT, the single sign-on can be used to avoid repeated login. The single sign-on interface is called by the AGENT, and the service system resolves the single sign-on request, and extracts the job number, password, and the like;
步骤 63 , 业务系统向排班系统的操作员资源使用许可的管理装置模块 发送认证请求和访问控制请求(可以通过 IP网络发送请求 ),认证请求包含 警员的加密工号和加密密码、 系统名称、 业务名称等信息, 访问控制请求 包含警员的加密工号和加密密码、 系统名称、 业务名称、 访问时间、 访问 资源名称等信息, 其中, 系统名称是 AGENT和业务系统, 业务类型(也可 称为业务名称)是警务咨询,访问资源名称是业务系统的警务查询菜单(假 设系统中存在该菜单)和某警务信息。  Step 63: The service system sends an authentication request and an access control request to the management device module of the operator resource usage permission of the scheduling system (the request may be sent through the IP network), where the authentication request includes the police officer's encrypted work number and the encrypted password and the system name. Information such as the service name, the access control request includes the police officer's encrypted work number and encrypted password, system name, service name, access time, access resource name, etc., where the system name is AGENT and the business system, and the service type (also Called the business name) is the police consultation. The access resource name is the police query menu of the business system (assuming the menu exists in the system) and a police information.
步骤 64, 操作员资源使用许可的管理装置处理认证请求, 根据认证结 果发送警员的认证许可, 其中, 可以由操作员资源使用许可的管理装置中 的认证模块将认证请求中的工号、 密码和班表的工号密码与保存的相应信 息进行比对, 若相同则认为警员合法, 然后判断请求中的系统名称、 业务 名称是否已在许可数据库中存在, 若存在则认为系统合法, 随后向 AGENT 和业务系统发放认证许可。 Step 64: The management device of the operator resource usage license processes the authentication request, and sends the certification permission of the police officer according to the authentication result, wherein the authentication module in the management device of the operator resource use permission can set the job number and password in the authentication request. And the work number password of the class table is compared with the corresponding information stored. If the same, the police officer is considered to be legal, and then the system name and business name in the request are judged to be in the license database, and if it exists, the system is considered legal, and then To AGENT And the business system issues certification licenses.
如果警员通过认证, 则执行步骤 65 , 否则执行步骤 67。  If the police officer passes the certification, go to step 65, otherwise go to step 67.
步骤 65 , 操作员资源使用许可的管理装置的访问控制模块根据资源访 问请求中的工号、 系统名称、 业务名称、 访问时间、 访问资源名称、 能力 度、 成熟度、 班次、 签入时间、 签出时间等信息, 决策是否允许该警员继 续访问;  Step 65: The access control module of the management device of the operator resource license is based on the work number, system name, service name, access time, access resource name, capability degree, maturity, shift, check-in time, and sign in the resource access request. Time and other information, whether the decision allows the police officer to continue to visit;
步骤 66, 根据决策结果向业务系统发送访问许可; 如果访问许可表示 允许访问, 则执行步骤 68; 否则执行步骤 67;  Step 66: Send an access permission to the service system according to the result of the decision; if the access permission indicates that access is allowed, step 68 is performed; otherwise, step 67 is performed;
步骤 67, AGENT提示市民不能打开业务系统及其原因, 处理结束; 步骤 68, 业务系统允许警员登陆并访问, AGENT打开业务系统, 并显 示业务系统警务查询界面。  Step 67, AGENT prompts the public to open the business system and its reasons, and the processing ends; Step 68, the business system allows the police to log in and access, AGENT opens the business system, and displays the business system police query interface.
另外, 在上述步骤 55中, 业务系统向排班系统中的操作员资源使用许 可的管理装置同样可以提交访问控制请求, 此时的访问资源是工单创建菜 单(假定存在这个菜单)和工单信息, 其具体过程和图 6所示的过程类似, 本文不再重复描述。  In addition, in the above step 55, the management system that the business system uses the operator resource usage permission in the scheduling system can also submit the access control request, and the access resource at this time is the work order creation menu (assuming this menu exists) and the work order. The specific process of the information is similar to the process shown in FIG. 6, and the description is not repeated herein.
借助于上述装置, 能够提供自动数据分析、 自动业务分工、 自动权限 授予的功能。 具体地, 该装置能够自动获取分析呼叫中心员工的工作情况, 获取分析呼叫中心整体的环境和设备状态, 并以此为基础解决现有呼叫中 心平台在不同系统中手工配置权限的缺点, 避免需要手工设置技能的繁瑣 操作, 同时整合员工考勤、 考核、 统计等数据, 提高呼叫中心安全, 打击 信息泄漏、 盗用、 伪装等行为。 该装置还能够整合分布式存在的各种不同 权限配置和权限管理入口, 实现统一的安全认证和安全访问许可功能; 此 外, 该装置还能够根据主体和客体的属性变化, 按照授权、 条件、 职责分 类, 动态控制员工的资源访问操作; 该装置还能够很方便地统计分析员工 的工作情况, 获取员工绩效指标。 综上所述, 借助于本发明的上述技术方案, 通过根据操作员的操作历 史记录调整操作员的资源使用许可, 从而能够根据操作员的工作习惯、 工 作表现动态配置操作员的权限, 使得资源使用许可的配置更加灵活、 合理; 并且, 通过参照操作员的能力度和成熟度进行资源使用许可的调整, 能够 使得资源许可的配置更加客观地基于操作员的工作能力。 With the above device, it is possible to provide automatic data analysis, automatic business division, and automatic authority granting. Specifically, the device can automatically acquire and analyze the working condition of the call center employee, obtain an analysis of the overall environment and device status of the call center, and use the basis to solve the shortcomings of the existing call center platform manually configuring the permissions in different systems, thereby avoiding the need Manually set up the cumbersome operation of skills, and integrate employee attendance, assessment, statistics and other data to improve call center security and combat information leakage, misappropriation, camouflage and other activities. The device is also capable of integrating various different rights configuration and rights management entries distributed in a distributed manner to implement unified security authentication and secure access permission functions. In addition, the device can also change according to the attributes of the subject and the object, according to authorization, conditions, and duties. Classification, dynamic control of employee resource access operations; The device also provides a convenient way to statistically analyze employee performance and obtain employee performance indicators. In summary, with the above technical solution of the present invention, by adjusting the operator's resource use permission according to the operator's operation history, the operator's authority can be dynamically configured according to the operator's work habits and work performance, so that the resources are made. The configuration of the license is more flexible and reasonable; and, by adjusting the resource license with reference to the capability and maturity of the operator, the configuration of the resource license can be made more objectively based on the ability of the operator.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡在 本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包 含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalents, improvements, etc., which are included in the spirit and scope of the present invention, should be included in the present invention. Within the scope of protection.

Claims

权利要求书 Claim
1. 一种操作员资源使用许可的管理方法, 其特征在于, 所述方法包括: 系统平台根据操作员发起的认证请求对所述操作员进行认证; 在所述操作员通过认证的情况下, 所述系统平台根据所述操作员在所 述系统平台进行操作的历史记录对所述操作员当前的资源使用许可进行调 整。  A management method for an operator resource use license, the method comprising: the system platform authenticating the operator according to an authentication request initiated by an operator; and in the case that the operator passes the authentication, The system platform adjusts the operator's current resource usage permissions based on a history of operations performed by the operator on the system platform.
2. 根据权利要求 1所述的管理方法, 其特征在于, 所述系统平台根据 操作员发起的认证请求对所述操作员进行认证, 包括:  The management method according to claim 1, wherein the system platform authenticates the operator according to an authentication request initiated by an operator, including:
所述系统平台根据所述认证请求确定所述操作员的身份信息并查找所 述历史记录;  Determining, by the system platform, the identity information of the operator according to the authentication request and searching for the history record;
所述系统平台将所述认证请求中携带的操作参数与所述历史记录进行 对比, 判断所述操作参数是否符合预设的认证预通过条件;  The system platform compares the operation parameter carried in the authentication request with the historical record, and determines whether the operation parameter meets a preset authentication pre-passing condition;
如果判断结果为是, 则所述系统平台允许所述操作员直接通过认证; 如果判断结果为否, 则所述系统平台根据所述认证请求对所述操作员进行 认证。  If the result of the determination is yes, the system platform allows the operator to directly pass the authentication; if the result of the determination is no, the system platform authenticates the operator according to the authentication request.
3. 根据权利要求 2所述的管理方法, 其特征在于, 所述操作参数包括 以下至少之一: 所述认证请求的发送时间、 所述认证请求的发送地点、 请 求进行操作的业务类型。  The management method according to claim 2, wherein the operation parameter comprises at least one of: a transmission time of the authentication request, a transmission location of the authentication request, and a service type in which the operation is requested.
4. 根据权利要求 1所述的管理方法, 其特征在于, 在所述系统平台根 据所述操作员在所述系统平台进行操作的历史记录对所述操作员当前的资 源使用许可进行调整之前, 所述方法进一步包括:  4. The management method according to claim 1, wherein before the system platform adjusts an operator's current resource usage permission according to a history of operations performed by the operator on the system platform, The method further includes:
所述系统平台根据所述历史记录, 确定所述操作员的资源使用许可调 整参数, 其中, 所述资源使用许可调整参数用于表示所述操作员在所述系 统平台进行操作的情况;  Determining, by the system platform, the resource usage permission adjustment parameter of the operator according to the historical record, wherein the resource use permission adjustment parameter is used to indicate that the operator performs an operation on the system platform;
所述对所述操作员当前的资源使用许可进行调整包括: 根据预先设置的多个不同级别的资源使用许可与多个资源使用许可调 整参数范围的对应关系, 确定所述操作员的资源使用许可调整参数所对应 的资源使用许可, 如果确定的所述资源使用许可与所述操作员当前的资源 使用许可不同, 则将所述操作员的资源使用许可调整为所述确定的资源使 用许可。 The adjusting the current resource usage permission of the operator includes: Determining, according to a preset relationship of a plurality of different levels of resource usage licenses and a plurality of resource usage permission adjustment parameter ranges, a resource usage permission corresponding to the resource usage permission adjustment parameter of the operator, if the determined resource usage is determined The license is different from the operator's current resource usage license, and the operator's resource usage license is adjusted to the determined resource usage license.
5. 根据权利要求 4所述的管理方法, 其特征在于, 所述系统平台根据 所述历史记录, 确定所述操作员的资源使用许可调整参数, 包括:  The management method according to claim 4, wherein the system platform determines, according to the historical record, the resource usage permission adjustment parameter of the operator, including:
所述系统平台根据所述历史记录确定所述操作员进行的对应于每种业 务类型的操作的成熟度, 并根据所述历史记录确定所述操作员进行的对应 于每种业务类型的操作的能力度, 其中, 对于每种类型的业务, 成熟度用 于表示所述操作员进行的对应于该类型业务的所有操作的稳定程度情况, 能力度用于表示所述操作员进行的对应于该类型业务的所有操作的效率; 所述系统平台根据所述操作员进行的对应于每种业务类型的操作的成 熟度和能力度, 确定所述操作员进行的对应于该业务类型的操作情况, 并 获得表示所述操作员所进行的所有操作情况的资源使用许可调整参数。  Determining, by the system platform, the maturity of the operations performed by the operator corresponding to each type of service according to the history record, and determining, according to the history record, the operations performed by the operator corresponding to each type of service Capability, where, for each type of service, maturity is used to indicate the degree of stability of all operations performed by the operator corresponding to the type of service, and the capability is used to indicate that the operator corresponds to the The efficiency of all operations of the type service; the system platform determines the operation status of the operator corresponding to the service type according to the maturity and capability of the operation performed by the operator corresponding to each service type, And obtain resource usage permission adjustment parameters indicating all operation conditions performed by the operator.
6. 根据权利要求 1所述的管理方法, 其特征在于, 在对所述操作员当 前的资源使用许可进行调整之后, 如果所述操作员请求使用指定资源, 则 所述方法进一步包括:  The management method according to claim 1, wherein after the operator adjusts the current resource usage permission of the operator, if the operator requests to use the specified resource, the method further includes:
根据调整后的资源使用许可判断所述操作员是否能够使用所述指定资 源; 如果判断结果为是, 则允许所述操作员使用所述指定资源; 如果判断 结果为否, 则禁止所述操作员使用所述指定资源。  Determining whether the operator can use the specified resource according to the adjusted resource usage permission; if the determination result is yes, allowing the operator to use the specified resource; if the determination result is no, the operator is prohibited Use the specified resource.
7. 根据权利要求 1至 6中任一项所述的管理方法, 其特征在于, 所述 历史记录包括以下之一或其组合:  The management method according to any one of claims 1 to 6, wherein the history record comprises one or a combination of the following:
所述操作员进行的每次有效操作的开始时间、 所述操作员进行每次操 作的有效时长、 所述操作员进行的每次操作所对应的业务类型、 所述操作 员进行的对应于每个业务类型的有效操作的数量、 用户对所述操作员进行 操作的评价、 系统对所述操作员进行操作的质检评价、 所述操作员对用户 的请求进行应答的及时率。 a start time of each effective operation performed by the operator, an effective duration of the operator performing each operation, a service type corresponding to each operation performed by the operator, the operation The number of valid operations performed by the member corresponding to each type of service, the user's evaluation of the operation of the operator, the quality inspection evaluation of the operation of the operator by the system, and the response of the operator to the user's request. on-time rate.
8. 根据权利要求 1至 6中任一项所述的管理方法, 其特征在于, 所述 系统平台包括呼叫中心。  The management method according to any one of claims 1 to 6, wherein the system platform comprises a call center.
9. 一种操作员资源使用许可的管理装置, 其特征在于, 所述装置包括: 数据转换模块, 用于从系统平台获取操作员在所述系统平台进行操作 的历史记录;  A management device for operating an operator resource license, the device comprising: a data conversion module, configured to acquire, from a system platform, a history record of operations performed by an operator on the system platform;
认证模块, 用于根据操作员发起的认证请求对所述操作员进行认证; 访问控制模块, 用于在所述认证模块确认操作员通过认证的情况下, 根据所述数据转换模块获取的历史记录对所述操作员当前的资源使用许可 进行调整。  An authentication module, configured to authenticate the operator according to an authentication request initiated by an operator; and an access control module, configured to: according to the history record obtained by the data conversion module, when the authentication module confirms that the operator passes the authentication The operator's current resource usage license is adjusted.
10. 根据权利要求 9所述的管理装置, 其特征在于, 所述认证模块, 还 用于:  The management device according to claim 9, wherein the authentication module is further configured to:
根据所述认证请求确定所述操作员的身份信息并查找所述历史记录, 并将所述认证请求中携带的操作参数与所述历史记录进行对比, 判断所述 操作参数是否符合预设的认证预通过条件; 如果判断结果为是, 则所述认 证模块允许所述操作员直接通过认证; 如果判断结果为否, 则所述认证模 块根据所述认证请求对所述操作员进行认证。  Determining the identity information of the operator according to the authentication request, and searching for the history record, comparing the operation parameter carried in the authentication request with the history record, and determining whether the operation parameter meets a preset authentication The pre-pass condition; if the judgment result is yes, the authentication module allows the operator to directly pass the authentication; if the judgment result is no, the authentication module authenticates the operator according to the authentication request.
11. 根据权利要求 9所述的管理装置,其特征在于,所述访问控制模块, 还用于:  The management device according to claim 9, wherein the access control module is further configured to:
根据所述数据转换模块获取的历史记录确定所述操作员的资源使用许 可调整参数, 其中, 所述资源使用许可调整参数用于表示所述操作员在所 述系统平台进行操作的情况;  Determining, by the history of the data conversion module, the resource usage permission adjustment parameter of the operator, wherein the resource usage permission adjustment parameter is used to indicate that the operator operates on the system platform;
并且, 所述访问控制模块还用于: 根据预先设置的多个不同级别的资 源使用许可与多个资源使用许可调整参数范围的对应关系, 确定所述操作 员的资源使用许可调整参数所对应的资源使用许可, 如果确定的所述资源 使用许可与所述操作员当前的资源使用许可不同, 则将所述操作员的资源 使用许可调整为所述确定的资源使用许可。 And, the access control module is further configured to: according to a plurality of different levels of resources set in advance Determining a resource usage permission corresponding to the resource usage permission adjustment parameter of the operator, and determining the resource usage permission and the current resource of the operator, by using a correspondence between the source usage license and the plurality of resource usage permission adjustment parameter ranges The license usage of the operator is adjusted to the determined resource usage license.
PCT/CN2011/073331 2010-08-30 2011-04-26 Management method and device for resource use permission of operator WO2012027993A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010102682897A CN101931534A (en) 2010-08-30 2010-08-30 Management method and device of operator resource usage license
CN201010268289.7 2010-08-30

Publications (1)

Publication Number Publication Date
WO2012027993A1 true WO2012027993A1 (en) 2012-03-08

Family

ID=43370470

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/073331 WO2012027993A1 (en) 2010-08-30 2011-04-26 Management method and device for resource use permission of operator

Country Status (2)

Country Link
CN (1) CN101931534A (en)
WO (1) WO2012027993A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN104426847A (en) 2013-08-22 2015-03-18 腾讯科技(深圳)有限公司 Method, system and server for securely accessing and verifying an Internet service
WO2016015363A1 (en) * 2014-08-01 2016-02-04 苏州阔地网络科技有限公司 Resource control architecture, and method using said architecture
CN105991310B (en) * 2015-02-02 2019-05-24 中国移动通信集团河北有限公司 Account permission method of adjustment and device based on user behavior
CN104992279A (en) * 2015-06-29 2015-10-21 浪潮软件集团有限公司 Performance assessment method and device
EP3214570A1 (en) * 2016-03-04 2017-09-06 Axis AB Method and device for delegating access rights
CN105897776A (en) * 2016-06-27 2016-08-24 浪潮(北京)电子信息产业有限公司 Safety management and control method based on cloud computation system and safety management and control system based on cloud computation system
CN108053118A (en) * 2017-12-14 2018-05-18 泰康保险集团股份有限公司 Doctor's scheduling method and system
CN110245176A (en) * 2019-06-20 2019-09-17 中移电子商务有限公司 A kind of data capture method, device, equipment and medium
CN111222161A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Picture library management method and device based on authority control
CN111190796B (en) * 2019-12-31 2021-10-22 联想(北京)有限公司 Data adjusting method and device
CN111639330A (en) * 2020-06-02 2020-09-08 中国科学院自动化研究所 Method, system and equipment for automatically transferring system permission

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1860467A (en) * 2003-07-29 2006-11-08 凯创网络公司 System and method for dynamic network policy management
CN101232424A (en) * 2008-03-04 2008-07-30 中国移动通信集团设计院有限公司 Access method, access system, trust service center, network trust platform
WO2009055342A1 (en) * 2007-10-26 2009-04-30 Sony Computer Entertainment America Inc. On-line monitoring of resources
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1860467A (en) * 2003-07-29 2006-11-08 凯创网络公司 System and method for dynamic network policy management
WO2009055342A1 (en) * 2007-10-26 2009-04-30 Sony Computer Entertainment America Inc. On-line monitoring of resources
CN101232424A (en) * 2008-03-04 2008-07-30 中国移动通信集团设计院有限公司 Access method, access system, trust service center, network trust platform
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license

Also Published As

Publication number Publication date
CN101931534A (en) 2010-12-29

Similar Documents

Publication Publication Date Title
WO2012027993A1 (en) Management method and device for resource use permission of operator
JP7246052B2 (en) Customer relationship management system and method of handling customer service requests
US11057393B2 (en) Microservice architecture for identity and access management
US11509659B2 (en) Context-based automated task performance for user contacts
US9386040B2 (en) Policy-based service management system
US8397273B2 (en) Policy based provisioning in a computing environment
US8769621B2 (en) Method and system for providing permission-based access to sensitive information
Albeshri et al. Mutual protection in a cloud computing environment
JP2010515158A (en) Permission based on time
US20220224535A1 (en) Dynamic authorization and access management
CN110519306A (en) A kind of the equipment access control method and device of Internet of Things
US10402558B2 (en) Device restrictions during events
US11539700B2 (en) Secure document storage system
CN113689005A (en) Enhanced transverse federated learning method and device
CN110677407A (en) Safety control method of lightweight block chain platform
US20230216892A1 (en) Artificial intelligence (ai) devices control based on policies
US10075431B1 (en) Image capture to enforce remote agent adherence
US9232078B1 (en) Method and system for data usage accounting across multiple communication networks
KR101277507B1 (en) System for security smart phone
Katsikogiannis et al. An identity and access management approach for SOA
US20240163289A1 (en) Federated identity verification and access control for public service entities
US8458314B1 (en) System and method for offloading IT network tasks
Jonnada et al. An OAuth-based authorization framework for access control in remote collaboration systems
KR102086003B1 (en) Smartphone Camera Control System in connection with Personnel Access Rights
Oriola COLLABORATIVE-BASED DYNAMIC TRUST MODEL FOR BRING-YOUR-OWN-DEVICE ACCESS CONTROL MANAGEMENT IN CLOUD ENVIRONMENT

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11821019

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11821019

Country of ref document: EP

Kind code of ref document: A1