DE10047771C2 - Method and device for controlling access by a network user - Google Patents

Description

The present invention relates to a method and an apparatus for Control a network user's access to one through the network provided information, such as Internet content.

The Internet provides a collection of worldwide information sources without one Central or main database. It is rather a collection thousands of computers with their own individual properties and content that are connected to a network connected to other networks. The Many of these computers have documents in HTML (HyperText Mark-up Language) written and open to the public. This publicly available HTML documents are generally referred to as web pages or web pages net.  

The World Wide Web (WWW) consists of an extremely large number of such web Pages, where a URL (Uniform Resource Locator) to access a Web page of the Internet is used. The web pages are typically assigned to a subclass known as the Hypertext Transport Protocol (http), with other subclasses for file servers, information servers and others attached to the Internet connected devices are provided. The URLs are an important one Part of the internet as it is used to find a web page and therefore to find it a desired information is required. A so-called "linking" radio tion "provides another method of providing a URL for an Internet User represents. The user accesses a specific URL address through, so "links" to other URL addresses can be found on the web page his. This expanding directory structure is seemingly endless and can when searching a single web page to view a variety of new ones unknown web pages.

Thus, large amounts of information are available on the WWW, to which everyone Person with internet access can easily access it. In many Situations it is desirable to determine the amount and type of information for to limit the number of people. For example, access to pornogra phical content or scenes of violence in educational institutions when used of the WWW can be prevented. As another example, Internet access from Employees in companies for private purposes (video, MP3, pictures, etc.) be limited, as this causes financial damage such as personnel costs for ineffective Working hours or loss of capacity and performance of the computer system arise. Through the uncontrolled access to questionable internet offers companies also run the risk of having their URL address through their employees appear in connection with web pages or in so-called hot lists.

The connection of schools or companies to the Internet is therefore one complex challenge. In addition to a well thought-out system distribution and  their connection to the internet requires internet filtering in order to Not to make content accessible or to make it accessible in a controlled manner For example, extreme political and pornographic content in schools is only accessible to a limited extent his.

The use of internet filtering in schools has so far been local Use of filter solutions. The orders of filter products through Teachers and directors are the norm when it comes to schools and schools School areas because long-term decision-making paths of the school authorities are avoided should be. Thus, the present filter solutions are inconsistent and constantly changing release and blocking claims, resulting in a extraordinary burden on administrators responsible for filter management ren leads. In addition, there is usually the problem that the for Connection to the school school proxy server provided in certain schools specific periods of high peak utilization.

The well-known Internet filters are based on so-called exclusion lists (NOT lists) and preference lists (YES lists), the NOT lists for preventing the To accesses questionable websites (ie "everything is accessible except ...") and the YES lists to enable access to predefined websites (i.e. "nothing is accessible except ...") can be used. The NOT and YES lists are continuously checked by filter operator companies and are auto every day can be updated mathematically. For example, the NOT lists are based on Criteria such as nude photos of all kinds, discriminatory content against races, skin colors, religions etc., sexual acts or texts, satanic or ritual Content, alcohol and tobacco, militant and extreme content, arbitrary or gross violence, depicting deliberately insulting or vulgar acts, ethically questionable or legal content as well as gambling, drugs and content of the Drug scene and content of sex education created.

US 6 065 055 discloses a system for managing access  on databases or on the internet in schools using a filter list and a keyword search. The frequency of access attempts determined forbidden material while circumventing security measures. at A threshold value set by the administrator is exceeded a report to a responsible body.

Furthermore, the publication US 5 884 033 discloses a filter system for Ver same parts of incoming and / or outgoing messages with an in a filter database stored filter information, and to allow or Block incoming and / or outgoing message transmissions in the address che on the comparison. Depending on a match between the part The system can use one or a number of the message and the filter information different specific locking options. The system also has one Update server accessible via the Internet and with the new filter information for updating the filter database be put. The filter database can be partially in a user's server network saved.

From WO 97/50259 A2 is a system for controlling the information content and to prevent interactive attempts between a person and a personnel Computer described. It is particularly about having certain content sites from the Internet, for example those with pornographic or pedophi len information is not called.

DE 195 31 121 A1 describes a system for remote programming, remote addressing and remote control of VCRs, television and multimedia enabled devices known. It is also proposed here by means of a so-called youth protection identifier to mark the transmission of certain programs of certain content and thereby also to be excluded from a recording on a video recorder.

It is the object of the present invention, a method and a device for control a network access, through which simplified management for individual filter control is made possible.

This object is achieved by a method according to claim 1 and a direction solved according to claim 10.

Thus, schools or other facilities can be designed according to their orientation can be integrated into various filter group systems in order to use the to maintain the filter list provided by the filter management device and thereby the specific orientations of the different schools or companies areas to take care of and a deductible in the form of blocking and / or Enable sharing of Internet content.  

By constantly comparing the specific or local access authorization Information with the filter list is a quick response to approval requests current topics on the Internet and a participation in the school's own Internet filters possible through working groups. The central filter list enables a central one Restrict access to legally critical content such as MP3 Archives, pirate portals, extreme political and pornographic content.

The filter system is easily configurable in group management, ensures high access speed, enables instant, current and individually required blocks and releases of Internet offers and can can be used on any operating system.

The filter list and group-specific access control information can preferably based on editable NOT and / or YES lists. The filter list can be updated by continuously updating the NOT and / or YES lists become. The NOT and / or YES lists preferably have URL addresses, that can be blocked or activated. The blocking or activation can preferably be carried out in groups. According to an advantageous Further training is compared to the group-specific access control information priority of the access control information of the filter list. This affects regional Entries, for example in the YES list compared to the specified central one Filter list dominant and can remove a lock so that the filter list automatically modified according to regional requirements and to the filter groups systems is transferred.

The filter management server facility and the filter group server facility can be connected in a logical root structure. The logical root structure enables the use of automatic synchronization for any number of filter group server facilities. The filter group server facility conditions can be scalable or expandable to achieve load distribution. As a result, the greatest possible load distribution is dependent on that in the filter group server devices  Blocking times allocated possible.

The system is for access control from both schools and sub corporate areas or other facilities with network access.

The invention is described below using a preferred exemplary embodiment explained in more detail with reference to the accompanying drawing figures. It demonstrate:

Fig. 1 is a schematic block circuit diagram of a filter system for controlling play of a network access by schools according to the preferred Ausführungsbei,

Fig. 2 is a flow diagram of a filter update method according to the preferred embodiment,

Fig. 3 is a screen view of a menu interface to the local change of an access control information, and

FIG. 4 shows a screen representation of a menu surface for setting access control information for individually locking or unlocking predetermined information categories.

In the following the preferred embodiment is used as access control for explained a school network.

Fig. 1 is a schematic block circuit diagram showing an Internet filter system for a school network interconnection, which is for example provided in a large city.

The filter system consists of a central filter management server 15 , in which a filter list 16 for blocking and releasing predetermined information categories for certain school areas combined as filter group systems is stored. In the present case, four filter group systems FGS-1 to FGS-4 are provided for the school areas elementary schools 17 , high schools 18 , secondary schools 19 and vocational schools 20 . These filter group systems 17 to 20 are connected in a logical root structure to the filter management server 15 . Each of the filter group systems 17 to 20 is in turn connected in a logical root structure to individual schools such as elementary schools 171 to 17 m, high schools 181 to 18 n, secondary schools 191 to 19 o or vocational schools 201 to 20 b. Each of the individual schools 171 to 17 m, 181 to 18n, 191 to 19o and 201 to 20p has a server (hub 21 ) for connecting several terminals 211 to 21 q. These terminals 211 to 21 q form the workplaces of the users, ie students in the schools.

The categories provided in the filter list 16 can include, for example, the areas of violence, nude scenes, sexual acts, drugs, sects, right-wing extremism, occultism, intolerance, sex education, militarism etc. and can be set or deleted externally by a categorization device 20 . The categorization device 20 can be a simple input / output device, such as a terminal with a keyboard or mouse. The filter list 16 is used in the filter management server 15 to define a filter function for the Internet content (web pages) retrieved from the Internet 21 . This takes place based on a NOT list 13 and / or YES list 14 provided in a database 11 , in which the URL addresses for the specified information categories are stored. The NOT or YES lists stored in the database 11 are continuously updated by a system operator 12 . This can be done, for example, by a continuous search for certain keywords or URL addresses, so that new Internet content to be blocked is constantly being recorded.

The group rights for the filter group systems 17 to 20 are configured and managed in the filter list 16 . As shown in Fig. 1, the filter group system 18 (high schools) has access to the information categories sects, occultism, intolerance, sex education and militarism, while the filter group system 19 (secondary schools) only has access to the information categories drugs and sex education. The greatest scope of access is provided in the present example for the filter group system (vocational schools) 20 , in which only the information categories violence, sexual acts and right-wing extremism are blocked (in the filter list 16 shown in FIG. 1, the character “X” means a blocking of the corresponding information category. The respective group rights are transferred to the corresponding filter group system and can optionally be edited there.Furthermore, further releases and blocking URL addresses on categories can be carried out on the filter management server 15 or alternatively on the individual filter group systems 17 to 20 .

According to the preferred exemplary embodiment, there is an automatic synchronization of editable and administrable NOT and YES lists, which can be expanded to any number of filter group systems due to the logical root structure of the connection between the filter group systems 17 to 20 and the filter management server 15 , wherein each of the filter group systems 17 to 20 enables the group-specific management features. Specifically, the YES and NOT lists 13 , 14 provided and updated by the system operator 12 are automatically transferred to the filter management server 15 at regular intervals in order to be automatically compared with the group-specific access control information in the form of local before use in the school administration network released and blocked Internet offers. After this comparison, the modified YES and NOT lists are transmitted in their specified division to the filter group systems 17 to 20 , a further comparison being possible. This means that URL addresses on filter group systems 17 to 20 can be blocked or activated immediately and without delay and made valid for all school areas or individual school groups.

In a merely exemplary implementation, the filter management server 15 can be a server with a working memory of 1 GB RAM, the use of a RAID system (Redundant Array of Independent Disks) being advantageous in order to achieve a new selection security. Two hard disks with a storage volume of, for example, 36.7 GB can be advantageous as a minimum requirement for a mirror set per RAID system. The mirroring ensures the security of the data, filter modules, configuration and proxy server, so that a new installation of the systems and the associated downtime can be avoided. Furthermore, a UPS system (uninterruptible power supply) is advantageous to compensate for voltage peaks and possible voltage drops. In the filter group systems 17 to 20 , servers with a working memory of, for example, 512 MB RAM and a hard disk with a storage capacity of, for example, 36.7 GB can be used.

Fig. 2 shows a flowchart of an exemplary update operation for automatic synchronization of the central filter list with the regional or local filter systems lists of filter group 17 to 20.

According to Fig. 2 an updated key is transmitted emergency list 13 from the database 11 to the filter management server 15 in step S100. This can be done at regular intervals. After receiving the central NOT list 13 , the regional NOT and YES lists of the filter group systems 17 to 20 are called up in step S101. The central NOT list 13 is then compared with the regional entries in step S102. The entries in the regional EMERGENCY lists are expanded to expand the central EMERGENCY list 13 in accordance with the school board blocking specified in the filter list 16 . Regional entries in the regional YES lists have a dominant or priority effect over the specified central NOT list 13 and can remove a block. The systems thus automatically according to regional preferences of the filter groups 17 to 20 modified EMERGENCY list is then group distribution systems to filter transmitted in step S103, 17 to 20. There, for example, a further regional filter adjustment (S104) can be carried out with the individual schools 171 to 17 m, 181 to 18 n, 191 to 19 o or 201 to 20 p. The filter group systems 17 to 20 contain the group administration of the school group in question and the associated individual schools. Own blocking pages can inform about the allocation of a blocking and serve to avoid peak loads. By providing freely scalable and short-term expandable servers of the filter group systems 17 to 20 , the greatest possible load distribution can be guaranteed.

After step S104, the flow returns to step S101 so that can be carried out again.

Fig. 3 shows a server on a local one of the filter group systems 17 to 20 provided menu interface for modifying the regional emergency list or YES list. First, each of the URL address entries can be confirmed or deleted separately. In addition, new URL addresses can be added and individually synchronized with the other filter group systems (here: FGS-1 and FGS-2). Such a setup process can be carried out selectively for the NOT list or the YES list. All modifications can be initiated in a simple manner, for example by a mouse click.

FIG. 4 shows a screen view of a menu surface provided on the categorization device 20 for controlling the filter list 16 . The menu buttons FGS-1 and FGS-2 are used to select the appropriate school area primary schools or high schools. In the present case, the filter group system FGS-1 (primary schools) 17 was selected. Here too, the information categories displayed in English can be blocked or released with a simple mouse click. As already mentioned, a category is blocked in the filter list 16 by the character "X".

Furthermore, the start and end of school time can be set in the menu interface shown in FIG. 4, so that the filter function is activated accordingly. A "Submit" button is used to transmit the entered information to the filter management server 15 , and a "Reset" button is used to reset the settings already made.

A simple update and synchronization of the filter system is possible through the aforementioned menu interfaces according to FIGS . 3 and 4.

The filter composite system according to the invention gives the school authority the possibility to integrate schools into different filter group systems according to their orientation. These are coordinated by filter administrators in the form of blockings and releases of Internet content. User peak times, especially during the school hours in the morning, can be intercepted by the filter group systems 17 to 20 .

The filter composite system described is of course also for others Institutions such as corporate divisions, branches, authorities etc. can be used advantageously, including access to other networks or database information can be controllable.

Claims (13)

1. A method for controlling a network user's access to information provided by the network, comprising the steps of:

• a) providing a filter list ( 16 ) with access control information for individually blocking or releasing predetermined information categories for at least two filter group systems ( 17 to 20 ) for predetermined user groups,
• b) retrieving group-specific access control information from the at least two filter group systems ( 17 to 20 );
• c) comparing the filter list ( 16 ) with the specific access control information retrieved, and
• d) transferring the adjusted filter list ( 16 ) to the at least two filter group systems ( 17 to 20 ).

2. The method according to claim 1, wherein the filter list ( 16 ) and the group-specific access control information are based on editable NOT and / or YES lists. 3. The method according to claim 2, wherein the filter list ( 16 ) is updated by continuously updating the NOT and / or YES lists. 4. The method according to claim 2 or 3, wherein the NOT and / or YES lists Have URL addresses that are blocked or activated. 5. The method according to claim 4, wherein the blocking or activation group can be carried out pen by pen. 6. The method according to claim 3, wherein the adjustment step takes place after each update of the filter list ( 16 ). 7. The method according to any one of claims 1 to 6, wherein the group-specific access control information is priority over the access control information of the filter list ( 16 ). 8. The method according to claim 7, wherein a group-specific entry in a YES list removes a block in the filter list ( 16 ). 9. The method according to any one of claims 1 to 8, wherein the method for Control Internet access used by schools and filters group systems are assigned to certain school areas. 10. Device for controlling the access of a network user to information provided by the network, comprising:

• a) a filter management server device ( 15 ) for managing a filter list ( 16 ) with access control information for individually locking or unlocking predetermined information categories for at least two filter group systems ( 17 to 20 ) for predetermined users, and
• b) at least two filter group server devices for managing group-specific access control information of the at least two filter group systems ( 17 to 20 ),
• c) wherein the filter management server device ( 15 ) is designed to retrieve the group-specific access control information from the at least two filter group server devices, to compare the filter list ( 16 ) with the retrieved group-specific access control information and to transmit the matched filter list ( 16 ) to the at least two filter group server devices.

11. The device according to claim 10, wherein the management of the filter list ( 16 ) and the group-specific access control information is based on editable NOT and / or YES lists. 12. The apparatus of claim 10 or 11, wherein the filter management server device ( 15 ) and the filter group server devices are connected in a logical root structure. 13. The device according to one of claims 10 to 12, wherein the filter groups server facilities to achieve load distribution scalable or extendable are terbar.