FIG. 1 illustrates a conventional prior art approach for restricting access to Websites. The user of client computer 1 attempts to access a Website over a network 4, such as the Internet. Control software 2 is associated with client computer 1, and serves to limit access to the requested Websites. In the case where the user of client computer 1 is a minor child, the control software 2 may have been installed on client computer 1 by the user's parent, and be controlled by said parent. In the case where client computer 1 is one of many computers in an enterprise environment, the control software 2 may have been installed, and be operated, by the system administrator of the enterprise. In the conventional prior art system, a URL (Universal Resource Locator) list 5, containing millions of URLs grouped by category, is maintained on the network 4 by the publisher of control software 2. The contents of URL list 5 are periodically downloaded from network 4 to a buffer memory 3 associated with client computer 1. When the user of client computer 1 wishes to access a Website, the URL of the Website is sent as an input to buffer memory 3, which outputs the category or categories of Website associated with the URL and sends these categories to control software 2. Control software 2 then compares the returned categories with a pre-stored list of categories. In blacklist mode, the categories are those that the administrator of control software 2 has decided are categories that should be blocked from the user of computer 1. In whitelist mode, the pre-stored list of categories lists those categories that the administrator of control software 2 has decided should be allowed to be viewed by the user of client computer 1. As a result of this comparison, the desired Web page is either sent to client computer 1 or blocked from client computer 1.
A disadvantage of this method is the fact the size of URL list 5 tends to grow over time, and thus it becomes slow and unwieldy to send updated URL lists 5 to all the client computers 1 in the serviced group. This problem is exacerbated as the number of client computers 1 grows larger and larger over time.
The present invention overcomes these disadvantages, while preserving the privacy of the users of client computers 1.