The present invention relates to an access server and a connection restriction method, and particularly to filtering by a terminal or a communication system, and to an access server and a connection restriction method which is provided with a function to be capable of controlling the restriction of a time period when, even after a user terminal is authenticated, the user terminal can communicate by the access server.
A cellular phone, a personal computer, and a portable game machine become widespread in daily life, and the environment becomes such that the Internet can be used. Everybody, including children, uses a service such as a site access, download of music, or download of games through the Internet. Although everybody can use the Internet, there is a problem that a child accesses a harmful site such as a dating site and is harmed. Besides, from the viewpoint of leakage of personal information, also for the purpose of preventing the information from carelessly leaking, the access restriction to the harmful site is an important function.
A filtering technique is used for the access restriction to the harmful site, and for example, there is one in which a dedicated tool provided by an Internet browser or an Internet service provider (hereinafter referred to as ISP) is installed in a client terminal, and filtering is performed. Besides, for example, there is one in which filtering is performed by a house external apparatus such as a home router, there is one in which a proxy server is used in the network of an in-house LAN of a company or the like (see, for example, patent document 1), or there is one in which filtering is performed by the Web gateway server of a contract ISP.
As functions of the filtering, for example, there is one using a keyword (such as, for example, violence), there is one in which a specified Web address is not displayed or only a specified Web address is displayed, or there is one in which a display is inhibited according to a time period.
In the restriction using the keyword, inappropriate keywords are previously listed, and in the case where the keyword is included in a specified URL, the page of the Web is not displayed. However, there is a possibility of erroneous recognition that even if showing may be made for a URL, in case the keyword is included, the display can not be performed.
In the case of the restriction using a Web address, when the page of a specified Web address is not displayed, there is no effect on an unregistered URL. On the other hand, when the page of a specified Web address is displayed, Web pages which are freely seen are few. In the case where it is taken into consideration that a child sees a site, the child tends to desire to see what can not be seen by using any means from curiosity, and for example, the child may directly write the address of the URL of a harmful site to access it, and therefore, the restriction using the keyword or the web address has a problem in usefulness as the filtering.
In the case of the restriction using the time period, the restriction time is set, so that the excessive use of the Internet is prevented, and the use of a child in the time period when parents are absent can be restricted. There is known that detailed setting such as designation of a keyword or a Web address is not required, and the filtering can be performed without piquing child's curiosity and without being noticed by the child.
As the restriction using the time period, for example, as described before, there is one in which the dedicated tool is installed in the client terminal and the restriction is performed by the software, or there is one in which in the network of an in-house LAN of a company or the like, an administrator executes the restriction by using a database by a proxy server (see patent document 1), a Web gate server of an ISP or the like.
Besides, in JP-A-2006-60862 (patent document 2), there is disclosed a communication method in which information delivery is controlled by, for example, a time period. In this method, for example, when the user obtains information, a communication apparatus including a timer circuit uses the timer to compare the contents registered in a database in advance, with an information provision start time and an end time registered in the database, and when it becomes the start time, the requested information is delivered after connection to the communication network of the user, and when it becomes the end time, the delivery to the communication network of the user is stopped.
Further, in a communication apparatus accommodating subscribers, as a communication method of controlling network connection of each user terminal after authentication, there is one disclosed in, for example, JP-A-2003-174482 (patent document 3). In this method, for example, at the time when the user terminal requests connection to the Internet, the communication apparatus previously constructs the closed network by bridge connection or router connection after authentication. The method is such that after the closed network is constructed, the communication apparatus changes the management table of the communication apparatus in accordance with the setting request of the filter information from the terminal, and the filtering condition of the terminal can be freely changed.
[Patent document 1] Japanese Patent No. 3605343
[Patent document 2] JP-A-2006-60862
[Patent document 3] JP-A-2003-174482
However, with respect to the access time setting by the user himself/herself using the software tool of the user terminal or the home router, it is the condition that for example, the dedicated tool is installed, and in the case where it has been uninstalled, or the time setting is not accurately performed in the terminal, access to a harmful site in a time period becomes possible by the operation mistake of the user. Besides, since the setting is performed in the terminal, a user using it releases the restriction and can access a site.
In the technique disclosed in patent document 1 in which the proxy server is used in the in-house LAN or the like, since the filtering is performed by the dedicated proxy server, it is suitable for a small network such as the in-house LAN, however, in the case of a large-scale network in which the kinds and forms of user terminals vary and for example, wired and wireless terminals are included, it is necessary to install the same proxy server in each network. Besides, since one proxy server has many databases, the load is large, and there remains a problem also in redundancy.
In the execution of filtering by the Web gate server at the ISP side, it is the use condition to contract with the ISP, and the content of the service varies according to each ISP.
Besides, as the communication method in which the control of information delivery can be made by the time period, in the technique disclosed in patent document 2, desired information can be delivered in the desired time to the previously registered network of the user by the management of the timer of the communication apparatus and the database, however, only the desired information is registered in the database, and the communication condition of the user can not be restricted. For example, with respect to information not desired to be seen or unwanted information, the restriction is not made based on the time period, and everybody can acquire the information not desired to be seen or the unwanted information.
Further, in the communication apparatus accommodating subscribers, as the communication method for controlling the network connection of each user terminal after authentication, in the technique disclosed in patent document 3, the closed network is constructed after the authentication, the communication apparatus changes the management table of the communication apparatus in accordance with the setting request of the filter information from the terminal, and can freely change the filtering condition of the terminal. However, since the setting change of the filtering is based on the notification from the terminal, for example, in the case where the filtering condition in the time period is desired to be performed (for example, the filter condition is not provided in the daytime, and the filtering condition is made strict in the night), since the notification is required twice a day, a complicated operation is required. When the notification is forgotten, for example, there is a possibility that the filtering condition in the night is applied in the daytime, and the management of the filtering service based on the time setting is difficult.
It is required that independently of the form of a user terminal such as a wired or wireless terminal or the service function at the ISP side, the access server capable of accommodating subscribers or ISPs has a function to be able to restrict communication based on a time period and a function to perform distribution to apparatuses restricted in communication and web browsing.