SYSTEM AND METHOD FOR MONITORING NETWORK ACCESS
BACKGROUND OF THE INVENTION
Technical Field
This invention relates generally to computer and telephone network subscriber services and apparatus.
More particularly, the invention relates to monitoring and control of terminal access to network nodes in a global computer network.
History of Related Art
The use of global computer and telecommunication networks and their resources has grown exponentially during the last decade. Every day, more and more people of all ages gain access to such services, especially as they are represented on the Internet. This newly-available and widespread access to information has provided many benefits to society. However, there is also a burden presented by such access. Mainly, uncontrolled access to information may be damaging in a moral sense, a technical sense, or both.
Currently, almost anyone may access the plethora of adult websites, web T.V. channels, banking accounts, electronic commerce, etc. available on the Internet. Such access may be obtained conventionally, such as via computer terminals in libraries, in homes, and in various offices. Access may also be obtained via wireless computer terminals, telephones, pagers, and intelligent systems located in automobiles and other locations, both mobile and stationary.
As is the case with pay-per-call telephone numbers and pay-per-view television, it may be desirable to
limit or terminate access to various websites. With the variety of terminals available to access the Internet, young children are tempted into accessing sites which are morally undesirable, or which may result in excessive charges to electronic banking accounts, and other undesirable outcomes. While parents may be able to spend some time with their children to directly monitor activity on the Internet, this is not always possible. However, many parents are equipped with cellular telephones, computer terminals, and other devices which may be used to access the Internet to obtain information. Moreover, these parents would like to be made aware of undesirable activity by their children on the Internet. Therefore, what is needed is a system and method for monitoring network access, especially on the Internet; reporting such access to concerned individuals' and providing some mechanism for limiting or terminating such access. The system and method should be simple to implement, easily applied to conventional terminals and other devices which can access the network, and operate in a dependable fashion. Finally, such a system and method should be flexible enough to accommodate the desires of various Internet users and those that monitor such use.
SUMMARY OF THE INVENTION
The method of the present invention for monitoring network access may be implemented in several different embodiments. In each case, however, the method operates by using a monitoring terminal which is connected permanently, periodically, or on demand to the network so as to observe a selected user terminal with respect to user network access activity. The observations typically take the form of capturing * terms", such as words, alphanumeric text, and Uniform
Resource Locator (URL) information received (or sent) by the user terminal, for ongoing comparison with a predetermined list of such terms, to determine whether a match can be found. In a first embodiment of the method of the invention, after capturing a matching term, a message (including the matching term) is formulated and sent to the monitoring terminal. While waiting for a response to the message, a response timer is started. If the monitoring terminal responds, the response is processed according to the command embedded in the response. If the timer counts down and times out before a response is received, the user terminal connection is left intact . In an alternative embodiment of the method, the monitoring terminal may formulate a specific query which includes an identification of the user terminal to be monitored. This query may be sent to the network and processed so as to provide a list of addresses accessed by the user terminal. Typically, a selected number of addresses accessed, e.g., the ten most recently-accessed addresses, will be formulated as part of a message and transmitted to the monitoring terminal in response to the query. The message will indicate whether the most recent access is currently ongoing, and if so, the message will also include a timed request for response by the monitoring terminal, as described above.
In another embodiment of the method, periodic updates to the monitoring terminal may be provided. In this case, an access timer counts down for some predetermined period (e.g., thirty minutes) and a table of network addresses accessed by the user terminal is compiled. At the end of the access timeout period, a subset of the table equivalent to the list of addresses
provided in response to a query (described above) will be selected from the table, formulated into a message, and sent to the nonitoring terminal. Again, depending on whether the user terminal is currently connected to the network, a response timer will be set to count down and wait for a response from the monitoring terminal. Of course, if no user access activity occurs within the access timeout period, the monitoring terminal user may elect to receive no periodic update message whatsoever. The invention may also be described as a network adapted to monitor server access activity. The network includes a control module, which may be a central processing unit or software program module; a user terminal, a memory, and a message interface, all in electronic communication with the control module. The network also includes a monitoring terminal which is in electronic communication with the message interface. The memory is used to record terms, such as network server addresses accessed by the user terminal, and other information, as directed by the control module.
The message interface is used to send the network server address (or other information) stored in the memory to the monitoring terminal. The message interface may take many forms, depending on the specific implementation of the monitoring terminal. For example, if the monitoring terminal is a cellular telephone, the corresponding message interface would typically be a Public Land Mobile Network (PLMN) . Similarly, if the monitoring terminal is a personal computer with network access, the message interface would typically be a node, such as an Internet Service Provider (ISP), within the network.
Finally, the invention may be described as a network adapted to monitor server access activity
which includes a server in electronic communication with a monitored client and a monitoring client. The server includes a control module and a memory used to record terms captured from the monitored client for transmission to the monitoring client, as directed by the control module, on an alert, queried, or periodic basis .
BRIEF DESCRIPTION OF THE DRAWINGS A more complete understanding of the structure and operation of the present invention may be had by reference to the following detailed description taken in conjunction with the accompanying drawings, wherein: Fig. 1 is a flow chart diagram illustrating several embodiments of the method of the present invention;
Fig. 2 is a block diagram illustrating a first embodiment of the network of the present invention; and Fig. 3 is a block diagram illustrating a second embodiment of the network of the present invention.
DETAILED DESCRIPTION OF PRESENTLY PREFERRED EXEMPLARY EMBODIMENTS
The invention may be embodied in a method or network, and is primarily designed to offer adults the opportunity to supervise access to the Internet by minors. However, the invention has many other uses, as will become apparent in the discussion that follows. Essentially, the invention operates to track activity by a user terminal within a network, reports the activity to a monitoring terminal, and allows the monitoring terminal to control the activity. Such control may be evidenced by commands from the monitoring terminal to terminate a particular network access session, submit a warning to the person
operating the user terminal, or take no action at all, for example. Typically, the network access activity of the user terminal is reported to the monitoring terminal using any of several different operational modes, such as on a triggered/alert basis, a query/demand basis, or a periodic basis.
Turning now to Fig. 1, various embodiments of the method of the present invention can be seen. The method begins at step 100, and continues with step 110 to determine which mode of operation is desired by the monitoring terminal. If the alert mode is active, the method continues with step 120.
In step 120, * terms" received by the user terminal are compared to a predetermined list of terms stored in a memory. The list of terms is typically selected by the operator of the monitoring terminal, and stored in the user terminal, or in a network node (e.g. server) accessed by the user terminal. For the purposes of this invention, the word "term" is defined to mean a series of alphanumeric characters, a word, a Uniform Resource Locator (URL) file name, an Internet website address, a network node address, or any other series of characters which can serve to identify a particular access point within a network, or in the alternative, to convey information to a person operating a user terminal. Thus, the word "term" may also include common words found in various languages, slang, and other words not commonly found in the unabridged dictionaries of various languages. The predetermined list of terms, therefore, may in turn comprise one or more terms, which may include a list of words, phrases, network addresses, node addresses, or a combination of these elements, etc. Terms "received" by the terminal or client include terms selected by the operator of the terminal or client, usually by typing, voice
recognition, or other data entry activity, which are sent to the network or server, or terms sent to the terminal or client by the network or server in response to terminal/client access communication activity. If a term received by a user terminal operating within the network, or connected to the network, matches one of the terms within the predetermined list of terms stored in the memory, then the method will continue with step 140, otherwise, the comparison of terms received by the user terminal at step 120 will continue after verifying that the alert mode is still active at step 110.
Matching terms are formulated into a message at step 140, and the message (containing the term) is then transmitted to the monitoring terminal. For example, if a monitored user accesses a network and the word "sex" is received, which in turn matches an entry in the predetermined list of terms maintained in memory, the message sent to the monitoring terminal might be "User X has accessed website www. adult . com and received the term * sex" . Do you wish to terminate the session or send a warning? Enter #1 to terminate, enter #2 to warn." Another message choice might include the option of adding the website address www. adult . com to a blackout list in the memory which prohibits future access to the address by the user terminal.
After the message is sent to the monitoring terminal, a response timer is started in step 160, and a module, such as a central processing unit hardware module, or a software program module waits to receive a response from the monitoring terminal while the response timer counts down . If the response is received in step 170, the response will be processed in step 180 by the module. Such processing may include determining the command sent by the monitoring terminal
in step 190, anl activating the command in step 200. For example, if the monitoring terminal sends a "1" command in response to the message noted above, then the module may act to terminate the network access activity of the user terminal. If the response received is w2", then the module may act to send a preselected warning message to the user terminal, such as 'Your access to this site is being monitored. Please terminate this session and connect to a different site." If no response is received from the monitoring terminal at step 170, then the module will treat the response as equivalent to a null response, or a command to take no special action, leaving the access activity and/or network connection of the user terminal intact. The method may continue with comparison of other terms received by the user terminal in step 120 after checking for a mode change at step 110, or terminate at step 210.
The user terminal, as well as the monitoring terminal, may take any of several forms, for example, the terminals may be cellular telephones, pagers, wire line telephones, personal computers, etc. Any device which is capable of accessing a network, including the Internet global computer network, may be considered to be a * terminal" within the meaning of the invention.
Identification of the monitored user terminal may be by means of an e-mail address, a telephone directory dial-up number, a node address, or a URL file name.
Any series of alphanumeric characters which serve to identify a unique user terminal within the network may be used as a means of identifying the user terminal selected by the monitoring terminal for observation.
The response from the monitoring terminal to the message formulated above may include one or more instructions which operate to prevent future access to
the particular network node or address accessed by the user terminal. This may occur, for example, by adding the network address related to a particular matching (non-network address) term received by the user terminal to the predetermined list of terms used in the comparison at step 120, or to a blackout list maintained within the memory which is checked by the control module against every address accessed by the user terminal. If the query/demand mode of the method of the present invention is used by the monitoring terminal, the method continues from step 110 to step 220, wherein a query demand is formulated within the monitoring terminal and transmitted to the network accessed by the user terminal. The query typically includes an identification of the selected user terminal for which monitoring is desired. The query will operate to provide, as a response, a report to the monitoring terminal of network access activity by the selected user terminal.
Once the query is received, a list of addresses accessed by the user terminal within the network will be compiled. Typically, but not necessarily, the list will be limited in length, e.g., the ten most recently- accessed websites. Thus, while the module within the network may operate to record in memory the addresses accessed by the user terminal, the number of addresses so recorded will typically be limited, e.g., the one- hundred most recently-accessed addresses, and a subset of the recorded addresses will then be selected and compiled into a list of addresses to be reported to the monitoring terminal.
The list of addresses will typically be formulated into a message, possibly including the time each address was last accessed, and the amount of time spent
by the user accessing each address, and transmitted to the monitoring terminal. The list will often be accompanied by a request for response (if the user terminal is currently active) , which may include the possibilities noted above, or the choice of marking some, all, or none of the addresses for addition to the blackout list in memory (to prohibit future access) . A response timer will be started (as shown in step 270) , to wait for the response from the monitoring terminal. As noted above, the monitoring terminal may respond in step 280 and the response will be processed in step 290. If no response is received, then the assumption will be made that a null response has been made, such that no particular action will be taken, and the network activity will be left intact. In this case, the user terminal is completely unaware that the monitoring activity has taken place, and no messages will be sent to the user terminal, nor will any termination activity occur. As a variation from the message sent in step 150, the message sent in step 260 will typically include an indicator, such as an * *" next to the most recent website address, to indicate that the user terminal is activity accessing the network address, or was connected to the network address at about the same time that the query was transmitted to the network.
Processing the response of step 290 may include steps 190 and 200 as noted above. Thus, the command entered by the monitoring terminal may be determined and put into action by the software or hardware module operating within the network. Again, the method may end at step 210, or continue with processing at step 110.
If a periodic monitoring service is desired, then the method proceeds from step 110 to step 300. In this
instance, a timer will be started and simultaneously, a table of addresses accessed by the user terminal within the countdown period of the timer will be compiled at step 310. Typical time-out periods might be two hours, one hour, or thirty minutes. If the timer counts down to a time-out value in step 320, then the method will continue with step 330. Otherwise, the table of accessed addresses will be compiled until some predetermined upper limit is reached, e.g., the most recently-accessed one-hundred addresses. At this point, the oldest address in the table will be dropped and the newest address will be entered into the table. Thus, the most typical implementation will involve a rolling tabular entry of network addresses accessed by the user terminal during each periodic time-out period.
When the periodic timer has counted down and timed out, a table of network addresses accessed by the user terminal should exist. If no activity has occurred within the time-out period, then the table will comprise a series of "blank" or null addresses. If this is the case, and there is not at least one access address in the table, the method will continue with steps 335 and 300. That is, the periodic timer will be restarted, and a new table of accessed addresses will be compiled. Alternatively, a message may be formulated in step 340 to indicate that no network activity has occurred within the most recent time-out period. Otherwise, if at least one address has been compiled in the table, and the list of accessed addresses in step 330 then comprises a subset of the table (e.g., the ten most recently-accessed network addresses) , the method will continue in step 340 with formulating a message similar to that proffered in step 250. If it turns out that the address list compiled in step 240 contains no addresses (i.e., there has been no
network access activity by the user terminal), then the message may be formulated and transmitted to the monitoring terminal as "No network access activity has been recorded since the last query." The message formulated in step 340 is then transmitted to the monitoring terminal in step 350, and a timer is started in step 360 to await the response (if any) from the monitoring terminal. If a response is received, then it will be processed at step 290 as noted above. If a null response is received (i.e., the default or null response of "take no action"), then the method will terminate at step 210.
Turning now to Fig. 2, the network to monitor server access activity can be seen. In this embodiment of the invention, the network comprises a control module 80, which may take the form of a program module stored in memory 95 within a network terminal node 50. The module 80 may comprise an electronic hardware module 80, such as a central processing unit, personal computer, embedded processor, digital signal processor, or other microcomputer which resides in a network terminal node 50, or in the user terminal 20. The memory 90 also forms an element of the network, and may reside apart from the module 80, within the network terminal node 50 or within the user terminal 20, or the memory 90 may be used to store the program module 80 and operate as a combination 95.
The module 80 will typically include a first timer 91 and a second timer 92, which can be used to implement the timing functions of the methods disclosed herein. The first timer 91, for example, may be used to count down a predetermined time-out period for the module 80 to await the response of the monitoring terminal 30 after a message 35 is sent to the
monitoring terminal 30. As noted previously, the monitoring terminal 30 may take various forms, such as a cellular telephone 30, a wireline telephone 30', a pager 30", or a computer terminal 30*" operated within the network 10. Monitoring terminals 30, 30', 30", 30'" are equivalent, as are the messages 35, 35', 35", and 35'". A message interface 40 is used to place the monitoring terminal in electronic communication with the control module 80. In the case of a cellular telephone monitoring terminal 30, the message interface 40 typically takes the form of a public land mobile network, which is assisted by a short message system 60 and/or a wireless application protocol module 70. Similarly, if the monitoring terminal 30 is a wireline telephone 30', the message interface 40 typically takes the form of a public switching telephone network 40', assisted by an intelligent network 96, an announcement machine 97, and a text-to-voice converter 98. The Analog Display Services Interface (ADSI) interface protocol can be used with ADSI-compatible devices, such as a wireline telephone with a digital display, to display the message from the network 10. Further, if the monitoring terminal 30 takes the form of a pager 30", then the message interface typically takes the form of a paging service; and if the user terminal 30 takes the form of a computer terminal operating within the network 30"' , then the message interface 40 takes the form of a network monitoring node 40'".
Messages 35, 35', 35", and 35'", are equivalent in content, but are propagated by a signal which is appropriate to the medium required for transmission of the message 35 between the monitoring terminal 30 and the message interface 40. If the monitoring terminal is a mobile station 30, then the message 35 may be sent
in a wireless interface protocol format, such as the American National Standards Institute ANSI-136 or the Wireless Access Protocol. If the terminal is a wireline telephone 30', then the message 35' may be contained in an ADSI or voice message. If the terminal is a pager 30", then the message 35" may be contained in a Short Message Service message. If the terminal is a computer terminal 30"', then the message 35'" may be contained in an e-mail message using Hypertext Transfer Protocol (HTTP) or Transmission Control Protocol/Internet Protocol (TCP/IP) formatting. In each case, the message interface 40, 40', 40", and 40'" is adapted to send terms, which may include selected network server addresses accessed by the user terminal 20 to the monitoring terminal 30*, 30", or 30'", respectively. Terms, which may or may not include addresses, have been described in the method of the invention, and serve to indicate past and present activity of the user terminal 20 with respect to network 10 accesses.
As mentioned above, the control module 80 could be a software program module stored in the memory 90 and operating as a combination 95, or the module 80 may exist apart from the memory 90. The module 80 and memory 90 may reside in a node 50 within the network 10, or within the user terminal 20. The module 80 and memory 90 may be co-resident in a particular location as a combination 95, such as the user terminal 20 or the network terminal node 50, or in the alternative, the module 80 and memory 90 may reside in separate devices, e.g., the module 80 reside in the user terminal 20 and the memory containing server addresses or other terms may reside in a network terminal node 50. Typically, the user terminal 20 is in electronic
communication with the network terminal node 50 using a modem, or a plug-in card, as are well known to those skilled in the art, which provides the user terminal 20 with TCP/IP communication capability at the card input port, and ANSI-41 or Signaling System 7 (SS7) communication capability at the card output port.
When the command/response 35 is received from the monitoring terminal 30, the control module 80 may act to terminate or prohibit access to the website by sending a message to the user terminal 20 indicating that access has been prohibited by instruction of the monitoring terminal 30, and all future accesses to the noted site will be aborted by the Internet service provider implementing the method of the present invention. Thus, the network terminal node 50 which provides access to the network 10 for the user terminal 20 (owned by the Internet service provider or network service provider) is used to monitor future accesses to prohibited sites by the user terminal 20. The module 80 may use the message 35 received from the monitoring terminal 30 to present instructions to the Internet service provider, by way of network terminal node 50 operations, such that access attempts to prohibited sites by the use of terminal 20 will be intercepted and aborted.
Other embodiments of the invention may include the ability to request, via messages 35 sent from the monitoring station 30, a count of the accesses to any particular network site or node by the user terminal 20, the amount of time spent during each access, or the total time spent at a particular site. Confirmation messages, used to indicate that commands or responses from the monitoring terminal 30 have been activated and completed, can be sent to the monitoring station 30
from the network 10.
Turning now to Fig. 3, an alternative embodiment of the invention may be seen. The invention in this case may also be described as a network 10 adapted to monitor the activity of a monitored user, comprising a server 55 connected to first client (i.e., the monitored client) 22 with a first communication interface 23, and a second client (i.e., the monitoring client) 32 with a second communication interface 33. The server includes a control module 80 and a memory 95 used to record terms captured from the monitored client for transmission to the monitoring client, as directed by the control module 80, on an alert, queried, or periodic basis. The control module 80 may take the form of a program module stored in the memory 95 within the server 55. In the alternative, the control module 80 may comprise an electronic hardware module, such as a central processing unit, personal computer, embedded processor, digital signal processor, or other microcomputer which resides in the server 55.
The module 80 will typically include a first
(response) timer 91 and a second (access) timer 92, which can be used to implement the timing functions of the methods disclosed herein. The first timer 91, for example, may be used to count down a predetermined time-out period for the module 80 to wait for a response 36 from the second client 32 after a message 35 is sent to the first client 22 from the server 55. The first and second clients 22, 32 may take various forms, such as a computer terminal, a cellular telephone, a pager, or a wireline telephone, operated within the network 10. The first and second interfaces 23, 33 may also take various forms, according to the forms of the first and second clients 22, 32, such as
a Local Area Network (LAN) , Wide Area Network (WAN) , a global communications network (Internet), the Public Land Mobile Network (PLMN) , or the Public Switching Telephone Network (PSTN), etc. In each case, terms 37 which are received by the first client 22 (either by user selection and transmission to the server 55, or sent by the server 55 in response to user access activity) and matched to those in memory 95 will be placed into a message 35 and sent to the second client 32 so as to solicit a response (on an alert basis) , or the message 35 may be sent periodically, or on demand, as described above.
Although preferred embodiments of the method and apparatus of the present invention have been illustrated in the accompanying Drawings and described in the foregoing Detailed Description, it will be understood that the invention is not limited to the embodiments disclosed, but is capable to numerous rearrangements, modifications and substitutions without departing from the scope of the invention as set forth and defined by the following claims.