EP1449342A1 - Internet access system and method - Google Patents
Internet access system and methodInfo
- Publication number
- EP1449342A1 EP1449342A1 EP02781393A EP02781393A EP1449342A1 EP 1449342 A1 EP1449342 A1 EP 1449342A1 EP 02781393 A EP02781393 A EP 02781393A EP 02781393 A EP02781393 A EP 02781393A EP 1449342 A1 EP1449342 A1 EP 1449342A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- module
- internet access
- workstation
- access system
- uid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Definitions
- This invention relates to the Internet access, in particular filtering access to the World Wide Web.
- an Internet access system comprising a plurality of workstation modules adapted to transmit requests marked with a workstation UID (Unique IDentity) and a proxy server module adapted to receive said requests from said workstation modules, characterised in that said proxy server module retrieves rules from a database by matching workstation UIDs.
- a workstation UID Unique IDentity
- requests are HTTP (Hyper Text Transport Protocol) requests.
- an Internet access system comprising a plurality of workstation modules and a proxy server module, characterised in that the proxy server module is adapted to parse documents requested by said workstation modules and remove links.
- said documents are HTML (Hyper Text Mark-up Language) documents.
- said links are HREF (Hypertext REFerence)
- said proxy server module is adapted to drop
- said request is an HTTP (Hyper Text Transport
- a proxy server module parsing a document retrieval, responsive to said HTTP request
- said document is an HTML (Hyper Text Mark-up Language) .
- said links are HREF (Hypertext REFerence) statements.
- a method of approving websites for inclusion into a list of allowed websites comprising the steps of:
- said lists of good and bad words are related to at least one category.
- said workstation module comprises a browser plugin module for adding the workstation identity (UID) as a parameter to all outgoing HTTP headers.
- UID workstation identity
- said browser plugin module blocks access to all ports except port 80.
- More preferably said browser plugin module only allows access to one web server URL (Uniform Resource Locator) .
- the workstation module further comprises a driver module adapted to filter all outgoing packets coming to the transport layer of said workstation module.
- said workstation module further comprises a service module.
- Preferably said service module communicates to said proxy server module in order to update a list of ports allowed for said workstation module.
- said service module is automatically loaded at the start-up of said workstation module.
- said service module cannot be switched off or uninstalled unless a user possesses an administrator password.
- said service module transfers the list of IP (Internet Protocol) addresses allowed for said workstation module to said driver module.
- IP Internet Protocol
- said service module commands said driver module to drop all IP packets responsive to an integrity check of the workstation module software system.
- said service module freezes said workstation module responsive to said service module detecting that said driver is uninstalled or corrupted.
- said freezing of said workstation module is ended responsive to the entering of a password into said workstation module.
- Preferably said proxy server module stores web pages that have been requested in a cache area.
- said web server module responsive to user input of a login name and password, checks user authorisation and defines the user session which, combined with said UID from said workstation module, creates a record in a database for linking a user profile with its current workstation module UID that has been used to login.
- Figure 1 illustrates in schematic form a block diagram of a workstation and servers in accordance with the present invention
- Figure 2 is a flowchart illustrating the steps of Internet access filtering
- Figure 3 is a screen shot illustrating a ToolBand
- Figure 4 is a screen shot illustrating a mini-window
- Figures 5 to 7 are screen shots illustrating group management
- Figures 8 to 10 are screens shot illustrating access rights management
- Figure 11 is an illustration of a screen shot of a scheduling screen for access rights.
- Figure 12 is a screen shot illustrating access rights that have been set being displayed.
- the invention is an Internet access system that functions to provide administration and application of allowed website and filtering rules.
- the embodiments of the invention described with reference to the drawings comprise computer apparatus and processes performed in computer apparatus, the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice.
- the program may be in the form of source code, object code, a code of intermediate source and object code such as in partially compiled form suitable for use in the implementation of the processes according to the invention.
- the carrier may be any entity or device capable of carrying the program.
- the carrier may comprise a storage medium, such as ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example, floppy disc or hard disc.
- the carrier may be a transmissible carrier such as an electrical or optical signal which may be conveyed via electrical or optical cable or by radio or other means.
- the carrier may be constituted by such cable or other device or means.
- the carrier may be an integrated circuit in which the program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant processes.
- FIG. 1 illustrates a block diagram of an Internet access system 10 a system for school pupils to access the Internet and a web service referred to herein as Mylnternet.
- the workstation module 11 for use by pupils comprises a driver module 12, a browser plugin module 13 and a service module 17.
- An installer module 14 comprises a master installer module 15 that generates at least one workstation installer module 16.
- the workstation module is connected via an Internet connection to a proxy server module 18 and a web server module 19.
- the Driver 12 is an NDIS (Network Driver Interface Specification) Pseudo-Intermediate (PIM) driver for Windows 9x.
- the driver filters all outgoing TCP/IP (Transmission Control Protocol/Internet Protocol) packets coming to the transport layer of the workstation (client) computer and: 1. checks if the destination IP/destination port combination falls into the allowed region obtained from the service component; 2. the only allowed destination IP for ports 80 and 8080 should be proxy-server IP address; 3. if packet destination address does not meet the allowed region, the packet is dropped; 4. if packet destination address meets the allowed region the packet is transparently sent; 5. the driver should not affect LAN services; 6. the driver should test the integrity of the whole system and if service component is suspected to be cracked the driver should turn off Internet connection completely, preferably leaving LAN connectivity active.
- NDIS Network Driver Interface Specification
- PIM Pseudo-Intermediate
- the browser plugin module 13 is a Microsoft ⁇ Internet Explorer (MSIE) plugin.
- MSIE Microsoft ⁇ Internet Explorer
- the plugin adds a ToolBand 30 on top of the MSIE window and browser panel on the bottom and synchronises their content with main browser window.
- the plugin works on MSIE version 4.x and higher.
- the ToolBand includes the following objects: - Login button 31 - Home button 32 - Search input box with drop-down menu of recent queries 33 - Search options radio-switch (search site, subject, category, Mylnternet) 34 - Restore browser panel button.
- the browser panel includes MSIE control displaying relevant information to the page browsed in main browser window.
- the ToolBand should provide means to easily- restore itself if user attempts to switch it off by means of placing COM-menu button on menu area of the MSIE window.
- the browser plugin adds the unique workstation ID (UID) as a parameter to all HTTP headers outgoing.
- UID unique workstation ID
- the browser plugin module 13 is a Netscape Navigator plugin.
- the plugin draws a mini-window 40 on top of Navigator and synchronises its content with focused Navigator window.
- the mini-window includes all the same objects as the MSIE plugin.
- the ToolBand should provide means to easily-restore itself if user attempts to switch it off by means of placing COM-menu button on menu area of the MSIE window.
- the ToolBand adds Workstation ID (UID) as a parameter to all HTTP headers outgoing.
- UID Workstation ID
- the Installer 14 is a two-step installer: - a master installer 15 for location administration; and - a workstation installer 16.
- the master installer obtains location ID during installation/online registering process. Then it generates workstation installers identified with location ID.
- UID workstation ID
- Plugins installed by workstation installers use these UID' s to mark each HTTP packet outgoing, so that there always can be built relation between person logged in to particular PC (Personal Computer) and its UID.
- While installing to workstation an administrator user can select "admin install” using her administrator password to conform rights to do so; in this case location admin is allowed from this workstation.
- location admin While performing master installation, location admin should determine its LAN/WAN (Local Area Network/Wide Area Network) topology in the form of the IP addresses mask and/or IP addresses range allowed, DNS (Domain Name Server) server IP etc. This info is later used by drivers on pupils' workstations to allow or drop IP packets.
- LAN/WAN Local Area Network/Wide Area Network
- DNS Domain Name Server
- the service module 17 is a Windows service (console application running in background) .
- the service When a user switches on a computer, the service is automatically loaded at start up. It cannot be switched off or uninstalled unless the user possesses an admin password.
- the service communicates to the server each, say, 5 minutes to update the list of ports allowed for this workstation.
- the service transfers the list of IP addresses allowed for this workstation to the driver.
- the service checks integrity of the whole system and if suspects that plug-in has been uninstalled or corrupted, commands the driver to drop all IP packets; if the service detects that driver is uninstalled or corrupted, it freezes the computer not allowing users to work on it any more, without an admin password.
- the proxy server software 18 is a dynamic filtering non- transparent proxy server with caching.
- the proxy server queries database using the UID to determine user settings and: 1. Either allows URL (Uniform Resource Locator) opening or drops at least one packet 2. Either allows port opening or drops at least one packet.
- URL Uniform Resource Locator
- proxy parses the HTML result document and cuts away unwanted HREF statements according to the rules.
- Web pages requested by any user and parsed (with unwanted HREFs erased) are stored into cache area for specified period of time (e.g. one hour) . This eliminates unnecessary server load in cases when the whole group (e.g. 30 pupils) are working together on the same web site, having all the same access rights defined for group. Proxy server may then just retrieve a cached version of the page parsed before. The cache period is selected so that it is unlikely that dynamically built web sites change their content within this period.
- the web server software 19 provides dynamic JSP (Java Service Pages) based portal pages to users.
- the server should generate default web page for the users who are not yet logged in or their session timed-out.
- the plug in will block access to all ports except port 80 and will only allow access to the Mylnternet home page. Any Internet access attempting to be made will be denied unless it is browsing to a specific (e.g. Mylnternet) home page.
- Content on the home page should be editable via admin interface and include general interest areas like sports, weather, education, etc.
- the server When the user browses to the Mylnternet Home page the server will use the users location so a location specific page can be viewed as the home page.
- User log in is provided by the web server using a web form with LOGIN NAME and PASSWORD fields to be posted to server for authentication.
- the action of this form is to check validity and define user session. Together with the marking of HTTP packets with UIDs by the browser module, this creates record in database which links the user profile with the current workstation ID he or she used to log in.
- the web server After the user has logged in, the web server generates a default web page taking into consideration the user' s profile and schedule of activities. The default page includes a list of categories allowed for this user. When user selects some category from this list, a sub-list of subjects allowed opens. Again, if the user selects some subject, a sub-list of web sites allowed appears.
- a cross-reference panel contains on a first tab a list of web sites allowed for this user, which are relevant to the page which the user is currently viewing in main browser window. Relevancy is measured using keywords linked to the current page.
- a second tab contains information obtained from page meta tags and while page admission process, including: - title of page (META) - keywords of page (META) - keyword of page used while admission by admin (AUTO) - author of page (META) - date of page indexing (AUTO) - date of page creation (META)
- the panel further contains in a third tab page views statistics regarding Mylnternet views only; and voting for page (two-level voting "good/not good") : - page views - average time spent on page - votes meter in form of percentage of "good" votes against total votes - button to vote for this page Reasonable measures against vote cheating should be taken.
- a fourth tab displays the user name.
- the web server provides a pupils' search engine to display search results in main browser window.
- a pupil can enter search query in browser ToolBand and select restrictions on search: weather to perform it within the current site, subject or category. When the pupil presses the SEARCH button, search results should appear in main browser window.
- the search engine looks up relevant pages using Mylnternet database of indexed pages only. Relevancy criteria should take into consideration e.g.; - number of words from search query found on page; - how close these words are to each other - if page meta tags (content and keywords) include query words.
- the web server provides a location administration backend. Location authorised personnel should be able to control Mylnternet restrictions. If the logged in user has administrator privileges, and installed version of plug-in is an admin version, then the web server should add "Admin" link to default page. This links leads to location administration page.
- a location administrator can perform the following actions: - search web sites in unrestricted Internet search engines and add found pages to approval queue; - create location specific category with its own subjects, adding web sites without Mylnternet approval; - Manage user groups - Manage access rights
- the web server provides a Mylnternet administrator backend to approve web sites for inclusion into the Mylnternet index. Requests for web pages approval come in queue from all locations and from a central office.
- web page body text is indexed into the Mylnternet database word-by-word.
- the web server provides management of location accounts.
- a web server administrator is able to create, edit and delete location accounts.
- the web server administrator should have the same rights inside a location as location administrators; for remote assistance.
- both panels can display either groups or pupils. If user changes the state of pull-down menu 51, which has two options: Users and Groups, full list of all Pupils (users) or Groups in this location is displayed in corresponding panel. If groups are displayed in a panel 52, double-clicking on any group will open users belonging to this group (like e.g. panel 53) . This is similar to folders and files in Norton Commander.
- Users can be: - moved to any group selected or opened in panel 52 from a complete list of users or from any group opened in panel 53; - created (Make button) which makes them appear in complete list of users only; - deleted (Delete button) which erases them from the group view which is opened in panel 52; to delete user from complete list admin should select Users in pull-down menu 51, thus opening the complete list, then press Delete button, and after confirmation message selected user will be erased from all groups she belongs and from the complete list.
- Groups can be: - copied to another group: it means copying group from panel 53 with both users who belong to original group and Mylnternet access rights assigned for original group; - cloned to another group: it means that new group will have the same access rights as original group selected in panel 53 but new group will be empty (no users) ; - spawned to another group: it means that new group will have the same list of users as original group selected in panel 53 but new group will have no access rights assigned to it; - created (Make button) which results in empty group with no users and no access rights; - deleted (Delete button) which erases the group selected in panel 52 after confirmation message "Are you sure?".
- Panel 87 displays complete list of existing web sites with their categories and subjects when pull-down menu 88 is set to "Sites". First, it displays categories existing in system; if user double-clicks on a category then panel 87 will show subjects within this category; if user double-clicks subjects then panel 87 will show web pages (i.e. their titles) belonging to this subject. Label 89 shows what we see in panel 87: categories, subjects or web pages.
- pull-down menu 88 is set to "Ports” then panel 87 will display possible ports settings. Ports are grouped in commonly used groups labelled e.g. "HTTP” or "FTP”. If user double-clicks on a label (e.g. "HTTP”) panel 87 will display list of ports assigned to this label (e.g. "80, 8080”) .
- HTTP HyperText Transfer Protocol
- Panel 86 displays web sites and ports (depending on pull- down menu 85 setting) allowed for the selected group (designated by label 84), in the same manner as panel 87 with some differences explained here under. First, we describe some examples how to give access rights to a group permanently.
- example B give permanent access to subject "Middlesex" in category “Geography”: 1. Switch 88 to "Sites” 2. Double-click “Geography” in 87 3. Select “Middlesex” in 87 4. Press “Permanent” button 4. Intermediate dialogue box Dl will show up containing: You are giving permanent access rights for category “Geography” to group “B-Geography” ⁇ OK> ⁇ Cancel>. 6. "Middlesex" category will appear in 86.
- a user points and clicks on grid items. Multiple grid items can be selected at once (usual shift- and control- operations applicable) .
- the invention allow teachers or managers or employees to give unmonitored Internet access to pupils with the knowledge that the only materials they can access are directly relevant to the curriculum and more importantly the lessons or business at hand.
- This is accomplished by creating a dynamic and intelligent web catalogue of curriculum or business relevant web sites, and a specialised "Client Side Plug In” that allows access to only sites that are listed within the catalogue.
- the "Client Side Plug In” also allows authorised users (e.g., teachers) the ability to refine this catalogue to only allow access to materials that the individual teacher deems necessary for that specific class.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0127416A GB0127416D0 (en) | 2001-11-15 | 2001-11-15 | Internet access system and method |
GB0127416 | 2001-11-15 | ||
PCT/GB2002/005143 WO2003043287A1 (en) | 2001-11-15 | 2002-11-14 | Internet access system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1449342A1 true EP1449342A1 (en) | 2004-08-25 |
Family
ID=9925821
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP02781393A Withdrawn EP1449342A1 (en) | 2001-11-15 | 2002-11-14 | Internet access system and method |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1449342A1 (en) |
GB (1) | GB0127416D0 (en) |
WO (1) | WO2003043287A1 (en) |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5696898A (en) * | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
US6233618B1 (en) * | 1998-03-31 | 2001-05-15 | Content Advisor, Inc. | Access control of networked data |
-
2001
- 2001-11-15 GB GB0127416A patent/GB0127416D0/en not_active Ceased
-
2002
- 2002-11-14 EP EP02781393A patent/EP1449342A1/en not_active Withdrawn
- 2002-11-14 WO PCT/GB2002/005143 patent/WO2003043287A1/en not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO03043287A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2003043287A1 (en) | 2003-05-22 |
GB0127416D0 (en) | 2002-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10009356B2 (en) | Redirection method for electronic content | |
Chau et al. | Analysis of the query logs of a web site search engine | |
CA2413057C (en) | System and method for adapting an internet filter | |
US6983320B1 (en) | System, method and computer program product for analyzing e-commerce competition of an entity by utilizing predetermined entity-specific metrics and analyzed statistics from web pages | |
US7062475B1 (en) | Personalized multi-service computer environment | |
DE602005003449T2 (en) | IMPROVED USER INTERFACE | |
US7552109B2 (en) | System, method, and service for collaborative focused crawling of documents on a network | |
US7089246B1 (en) | Overriding content ratings and restricting access to requested resources | |
US5826267A (en) | Web information kiosk | |
CA2418568C (en) | Method and system for classifying content and prioritizing web site content issues | |
US7689666B2 (en) | System and method for restricting internet access of a computer | |
JPH0926975A (en) | System and method for database access control | |
CN102594934B (en) | Method and device for identifying hijacked website | |
US20050210102A1 (en) | System and method for enabling identification of network users having similar interests and facilitating communication between them | |
US20090055354A1 (en) | Method and Apparatus for Searching | |
WO2006110850A2 (en) | System and method for tracking user activity related to network resources using a browser | |
CN1430753A (en) | Internet browsing control method | |
WO2005089336A2 (en) | Integration of personalized portals with web content syndication | |
US20020032870A1 (en) | Web browser for limiting access to content on the internet | |
US20100125781A1 (en) | Page generation by keyword | |
Ding et al. | Centralized content-based Web filtering and blocking: how far can it go? | |
KR20010025209A (en) | Business method for providing harmful information intercept service using network and computer readable medium having stored thereon computer executable instruction for performing the method | |
EP1449342A1 (en) | Internet access system and method | |
Sun et al. | Botseer: An automated information system for analyzing web robots | |
JP4945776B2 (en) | Filtering processing apparatus, content filter creation method, content filter creation program, and content filter creation program recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20040615 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
17Q | First examination report despatched |
Effective date: 20061013 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20090213 |