This invention relates generally to monitoring access by a client to a plurality of sites, and more particularly to such monitoring via an intervening control layer within the client.
With the advent of the Internet, monitoring access to world-wide web sites has reached paramount importance. For example, a school or parent may desire that children only be able to access a limited number of sites that are known not to contain material believed not suitable for children. As another example, an employer may only want its employees to access information from sites that are believed to be relevant to the employees"" jobs, and not the entire Internet.
Prior art solutions aimed at monitoring access to world-wide web sites are not fool proof, however. One approach is to incorporate within the program by which Internet access is accomplished safeguards to prevent access to unauthorized sites. For example, versions of Netscape Navigator or Microsoft Internet Explorer may be modified such that Internet access is monitored (viz., access to certain site prohibited). However, this approach is easily circumvented by merely installing an unadulterated version of Netscape Navigator or Microsoft Internet on the computer.
Another approach is to limit access to objectionable sites on the Internet at the Internet Service Provider (ISP) level. To connect to the Internet, a user must have an account with an ISP, through which the user accesses content on the Internet. The ISP thus can limit the content to which the user has access. This approach is also easily circumvented, however. The user may merely connect to the Internet using an account with a different ISP, which allows complete access to the entire Internet, including objectionable content.
Therefore, there is a need for better monitoring of Internet access that is not as easily circumvented as solutions found in the prior art are.
The above-identified shortcomings as well as other shortcomings and problems are addressed by the present invention, which will be understood by reading and studying the following specification. In one embodiment, a computerized system includes a plurality of sites, a monitoring server, and a client. Each site has content referenced be addresses. The monitoring server maintains a database of permissible content on at least one of the plurality of sites, where the permissible content is also referenced by addresses. The client has an intervening control layer within an otherwise standard mechanism by which programs running on the client access the content on the plurality of sites. The intervening control layer polls the monitoring server to determine whether a program attempting to access content on one of the sites as referenced by an address should be permitted to do so.
More specifically, in one particular embodiment of the invention, the plurality of sites are Internet world-wide-web sites, and the monitoring server and the client are also communicatively coupled via the Internet. In this particular embodiment, content is referenced via a Universal Resource Locator (URL), and the otherwise 3standard mechanism of the client includes a socket services program and a TCP/IP handler program, such that the intervening control layer resides between the two. Thus, any sort of program accessing the Internet must go through the socket services program and the TCP/IP handler program, and also the intervening control layer.
The invention thus provides for advantages not found in the prior art. With respect to the specific embodiment described above, monitoring access to the Internet is not contingent on the browser program being run on the client. Any browser programxe2x80x94Microsoft Internet Explorer, Netscape Navigator, or a different browser programxe2x80x94must go through the socket services program (e.g., WinSock), and the TCP/IP handler program (e.g., the TCP/IP stack), such that the intervening control layer may intercept URL addresses, and via a call to the monitoring server, determine whether they access should be permitted thereto.
Furthermore, also with respect to the specific embodiment described above, monitoring access to the Internet is also not contingent on the Internet Service Provider (ISP) through which the Internet is accessed. Regardless of the ISP used, access at the client must go through the socket services program, the TCP/IP handler program, and thus the intervening control layer, so that URL address may be intercepted, and via a call to the monitoring server, deemed to be permissible or not.
In different embodiments of the invention, computerized methods, computerized systems, computers, servers and computer-readable media of varying scope are described. Still other and further embodiments, aspects and advantages of the invention will become apparent by reference to the drawings and by reading the following detailed description.