Controlling client access to networked data based on content subject matter categorization
First Claim
1. A hardware network device for controlling access by clients on a private network to a data file data files stored at servers in a public network, the hardware network device being interconnected between the private network and the public networks network, the hardware network device comprising:
- a first interface receiving a request from a client one of the clients on the private network to access a data file one of the data files stored at servers on in the public network;
an access control processor coupled to the first interface, the access control processor analyzing data in the request from the client one of the clients and determining if the request should be forwarded to the public network for processing by a server, of the servers in the public network, to which it the request is destined, the determination being made by cross referencing resource identifier information in the request with access control data in at least one access control database, the access control data containing categorized resource identifier information, the categorized resource identifier information specifying a content subject matter category to which the data file one of the data files is assigned, and the categorized resource identifier information associated with each data file so categorized being assigned by prior locating of each data file, storing data file information comprising a uniform resource locator for each data file in a first database, reading the data file information for each data file from the first database, human interpretation of the content in the each data file, and then, as a result of such human interpretation, determining a subject matter category to which the each data file is to be assigned, the data file stored at the servers on the public network and storing said data file information and said subject matter category in the access control database;
a second interface coupled between the first interface and the public network and coupled to the access control processor, the second interface forwarding the requests request from the first interface to the servers on in the public network if the access control processor determines the request should be forwarded to the public network for processing by a the server to which it the request is destined; and
means for permitting a network administrator of the public network to control the operation of the hardware network device.
0 Assignments
0 Petitions
Accused Products
Abstract
An access control technique to limit access to information content such as available on the Internet. The technique is implemented within a network device such as a proxy server, router, switch, firewall, bridge or other network gateway. The access control process analyzes data in each request from the clients and determines if the request should be forwarded for processing by a server to which it is destined. Access control may be determined by comparing client source information against a database of Uniform Resource Locators (URLs), IP addresses, or other resource identification data specifying the data requested by the client. The invention therefore provides access control not based only upon content, but rather, based primarily upon the identity of the computers or users making the requests. The technique further avoids the problems of the prior art which categories or filters the content of only web pages based solely upon objectionable words. This is because a category database is used by the network device to control access and is created via a process involving human editors who assist in the creation and maintenance of the category database.
40 Citations
34 Claims
-
1. A hardware network device for controlling access by clients on a private network to a data file data files stored at servers in a public network, the hardware network device being interconnected between the private network and the public networks network, the hardware network device comprising:
-
a first interface receiving a request from a client one of the clients on the private network to access a data file one of the data files stored at servers on in the public network;
an access control processor coupled to the first interface, the access control processor analyzing data in the request from the client one of the clients and determining if the request should be forwarded to the public network for processing by a server, of the servers in the public network, to which it the request is destined, the determination being made by cross referencing resource identifier information in the request with access control data in at least one access control database, the access control data containing categorized resource identifier information, the categorized resource identifier information specifying a content subject matter category to which the data file one of the data files is assigned, and the categorized resource identifier information associated with each data file so categorized being assigned by prior locating of each data file, storing data file information comprising a uniform resource locator for each data file in a first database, reading the data file information for each data file from the first database, human interpretation of the content in the each data file, and then, as a result of such human interpretation, determining a subject matter category to which the each data file is to be assigned, the data file stored at the servers on the public network and storing said data file information and said subject matter category in the access control database;
a second interface coupled between the first interface and the public network and coupled to the access control processor, the second interface forwarding the requests request from the first interface to the servers on in the public network if the access control processor determines the request should be forwarded to the public network for processing by a the server to which it the request is destined; and
means for permitting a network administrator of the public network to control the operation of the hardware network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 28, 29, 30, 31, 32)
-
-
18. A method executing on a first client computer connected to a public network and on an access controller connected to a private network, the method being for controlling access by clients of a the private network to data files stored on servers connected in a the public network, the method comprising the steps of:
-
at a the first client computer connected to the public network, using the first client computer to; searchingsearch for uncategorized data files being stored on servers connected in the public network, the uncategorized data files being available on demand;
store data file information comprising at least a uniform resource locator (URL) for each of the uncategorized data files in at least one initial database;
retrieve one or more selected data files from the initial database, at a time after the step of using the first client computer to store data file information in the at least one initial database; presentingpresent a view of each selected data file in human readable form on the first client computer connected to the public network;
permittingpermit a human being to review the contents of each selected data file so presented;
determining aassociate, with each selected data file, a determined content rating for each selected data file in response to presenting the contents of the selected data file to a human being, the content rating being determined as a result of the human being assigning the selected data file to at least one content subject matter category;
andstoringstore a uniform resource locator (URL) of each selected data file together with the associated content subject matter categoriescategory in a category-destination database;
at an access controller connected to the private network, using the access controller to; downloadingdownload the category-destination database;
receivingreceive requests from second client computers connected to the private network, the requests from the second client computers indicating requested data files stored on the servers ofconnected in the public network;
analyzinganalyze the data in each request from a client computer of the second client computers against the data from the category-destination database; and
determiningdetermine whether to forward the request from the client computer of the second client computers to a server of the servers connected in the public network for processing, the determination being made based upon the content rating of the requested data file. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 33, 34)
-
Specification