1. Field of the Invention
This invention relates to computer networks and methods of monitoring usage and regulating access to network resources. More particularly, the invention relates to a system and method for monitoring computer usage by computers connected to a local network and restricting network access to any computer that fails to verify its compliance with the computer monitoring system of the invention. Computer usage is monitored by a client program operating on each client computer that collects activity information including screen captures, keyboard activity, and/or selected network traffic. The activity information is aggregated on a server that provides the information to each client computer for automatic display through display means including screen savers, automatically changing desktop background images, and popup or sidebar windows. The automatic display feature enables peer review as well as review by parents or other supervisory personnel. User-initiated review of activity information is also permitted.
2. Description of Related Art
The continuing proliferation of increasingly inexpensive portable computers capable of wired or wireless network access has aggravated the problems of monitoring computer usage and regulating network access on home and workplace computer networks. These problems may be in the form of minors using either portable or desktop computers to access pornography or gambling web sites. The problems may also arise in a workplace environment where employees may use computers and networks intended for business use to access inappropriate or unauthorized materials when the employees are expected to be performing their work duties.
A variety of solutions have been developed in previous attempts to solve these problems. One technique is to block access to a predefined list of web sites, often referred to as network filtering. Access to web sites can be blocked based on matching complete web site addresses or partial addresses. This simple blocking technique has been implemented in software that must be installed on each computer the supervisor intends to monitor. Such software-only implementations are easily circumvented by removing or disabling the filtering software, or by booting the computer to a different operating system using either a portable disk drive or a CD-ROM. In addition, these software-only solutions do not monitor or regulate access by non-approved computers temporarily connected to a network. These non-approved computers may include a notebook computer without such filtering software that is brought into a home or workplace and either plugged into a wired network or connected to a wireless access point. Internet filtering has also been implemented in hardware devices such as wireless network routers. The network router-based filtering solution has the advantage that it filters all traffic on the network, and thus filters network access by all computers whether or not client monitoring software is installed and operating. Network filtering is inherently an imperfect technique, however implemented, because the list of blocked web sites must be frequently updated, requiring either extensive time updating the list by the supervisor or a paid subscription and reliance on an outside source for the list. Due to the imperfect nature of filtering, parents and other supervisors must still maintain some monitoring procedure to detect users' access to inappropriate material that was not blocked by the filter. In addition, filtering is readily circumvented using proxy servers and VPN connections, both of which may be easily discovered by users using ordinary Internet search methods. A further problem with filtering is that there will often be an imperfect match between what a third party filtering provider deems inappropriate and what a parent or supervisor might consider to be inappropriate.
Another solution to the problems of monitoring and regulating computer network usage is that of computer activity monitoring software. Conventional examples are marketed to parents seeking a solution to effectively monitor their children's computer network usage. These products include features such as tracking all web pages visited and generating reports of time spent online as well as web sites visited. Additional features of these programs include collecting all chat and instant message activity on the computer for later review by parents and collecting screen capture images for later review of what material was displayed on the computer screen at various times. These products all require the parents to take affirmative and time consuming steps to review the collected computer activity data.
Another alternative approach available to parents is the kid-safe browser. These products, such as KidRocket (www.kidrocket.org) and Kidzui (www.kidzui.com), lock a computer into a kid-safe web browser and require a password to exit the program. Within the program, only pre-screened web pages that are deemed safe for children are allowed to be accessed. In addition to allowing access to only approved content, these products also allow parents to receive regular reports on what materials are being accessed by their children. Programs of this type do allow for automatic email updates about children's computer activity, but the email delivery mechanism limits the volume of graphical information that can be presented to parents and still requires the manual step by the parents of accessing the email account that receives the activity reports.
In view of the foregoing, there is a need in the art for a computer network security system capable of monitoring computer activity on a network and restricting network activity by unmonitored computers. A further need exists for such a system implemented in a physical device such as a switch or router that can restrict network access by all computers on a network. There is also a need for timely, automatic presentation of computer activity information to both supervisors and peers in order to ensure prompt review without waiting for affirmative steps by the supervisor and also to maximize the deterrent effect on the monitored users.