|
 |
 |
| |
Fully-centralized
database shall be established at the headquarters for
keeping the HR data of the staff. All users within the
group, including the HR managers and the general managers,
the lineal managers and all the employees both at the
headquarters and at the subsidiaries are entitled to realize
their respective applications through the various functions
and models of the eHR Software.
It can be illustrated as follows:
Administrators:
1) A-Level Administrators (users):
They are generally LAN users at the headquarters and they
may use the B/S mode for the management.
2) B-Level Administrators (users):
They are usually the branch offices and may perform the
management through DDN\VPN Leased Line in the modes of
B/S .
General manger, lineal
managers and the employee users:
Operational mode: B/S
Operational Scope: the query of the staff information;
the modification of certain information; the procedures
of examination and approval; the procedure of evaluation;
the downloading of report forms.
System
Security
System security assurance system consists of the following:
 Database
access right control
Field
user access authority control
Database
table encipherment control
System
user authority control
Network
transfer security control (PKI / CA)
Database Access Authority Control:
Connection with database is basic for the whole system
to run, for C/S user ends, each time when using the system£¬
there is a process to login database. User name, password
and connection characters which connecting with data are
the key point of security assurance. We store the above
enciphered documents data on the user local end to realized
functional requirement so that we can both guarantee security
and change the password freely. The encryption algorithm
of this document is provided by Israel Magic Company.
As for B/S structural system, the connection setting with
database is only at the server end with the same method.
Field User
Access Authority Control:
We may control IIS access authority, that is, we can specify
certain field user has access authority to human resources
network. When user enters into the system, clicks each
new network page, he/she can continue verify authority.
For details, please see system user authority control.
Database Table Encipherment Control:
When data are stored into each table of database, system
will carry out encipherment process for partial key data,
encryption algorithm is provided by Israel Magic Company
to avoid system manager querying data. Typical applications
are: salary data (some tables)/user password sheets, etc.
System
User Authority Control:
System user authority control refers to operation authority
of legal users after they enter into system. We control
it from three aspects:
a. Operational function (e.g. archive query, salary entering,
etc.)
b. Operational method (e.g. reading, writing, modifying,
etc.)
c. Operational object (e.g. stuff at certain level, etc.)
Network
Transfer Security Control:
Common measures taken by hackers to obtain user's information:
hackers mainly obtain interactional data packages between
user and Web Servers by means of frame-grab on the network,
aiming at finding user's information when they access
Web Servers, for example, user ID and password, afterwards,
hackers access Web Servers with legal user ID to steal
data then destroy them and so on. In order to avoid such
problems occurring, safety system on Web platform of HR-soft2000
guarantees data access security through strict inspection
on user authority and protection for interactional process
between user ends and servers.
Solution
Plan:
(1) When access Web Server at user end, we set up an enciphered
channel between user and Web Server through Secure Socket
Layer (SSL) to encipher user information (e.g. ID, password),
that is we create a pair of enciphering and deciphering
keys simultaneously both at user end and server.
(2) User information, after being verified by firewall,
reaches Web Server, then, Web Server will verify user
ID after deciphered the enciphered user information.
(3) If user passes through ID verification, Web Server
will send user's request to Magic Broker, then in Magic,
user account information will be verified, and will determine
how to process user's request in accordance with pre-setting
user authority.
(4) Once application program server finish processing
user's request, it will send the result to Web Server,
then Web Server will send the enciphered data to user
end through SSL, and then, user end will get request result
by decipher the enciphered data with a key.
Currently our system supported enciphered certificates
include: Thawte, Verisign, Baltimore.
System
Requirement
Software/OS
Datebase:MS SQL server 7.0/2000/2003/Oracle 8i or higher
Server:NT server 4.0/Windows 2000/¢2003Server.
Application software:eHR-soft2000 Server/IE6.0/MS Office
Hardware:
According to the number of the HR system users and the
employee .
Recommanded tow servers:Database server and Application
Server.
CPU: P4 1.0G or higher
Ram 512M or higher
Harddisk:40G or higher.
Data Backup.
|
|
|
