JP2010117874A - Url filtering system - Google Patents

Abstract

Provided is a URL filtering system that enables a guardian to change settings in real time when a guardian makes a Web access.
A filtering server 101 performs access control using a URL when a terminal device (for a protected person) 102 accesses a site of a Web server 104 that can be browsed from an unspecified number of terminal devices. When the filtering server 101 determines that access is prohibited, the terminal device (for the protected person) 102 transmits an access restriction release request to the filtering server 101, and the filtering server 101 that has received the request receives the terminal device (for the guardian). ) 103 to send the cancellation request contents by mail. Upon receiving the cancellation request, the terminal device (for the guardian) 103 informs the filtering server 101 whether or not cancellation is possible, and if the cancellation is possible, the filtering server 101 sets filtering.
[Selection] Figure 1

Description

  The present invention relates to a URL filtering system for restricting access to a website from a terminal device such as a PC or a mobile phone, and more specifically, it is possible to restrict access to a site that is not preferable for the protected person to browse. The present invention relates to a URL filtering system capable of changing filter settings (access settings) in real time.

  With the spread of the Internet now, for example, anyone can easily access various information by accessing a website from a mobile phone. In addition, Web services such as online shopping, SNS (Social Networking Service), blog, chat, bulletin board, etc. are diversified, and convenient services can be freely used by user selection.

  However, in these situations, there is a risk of giving unsuitable information to an unskilled child or a user unfamiliar with the net, and a risk of involving an access user in trouble.

  In particular, with the recent aging of mobile phone users, the number of Web access users for children has increased. Therefore, filtering services for restricting access to Web sites are provided by various companies, and the number of subscribers is also increasing.

  In such a filtering service, a specific URL that permits access is registered in advance, a whitelist method that permits access only to the registered URL, and a URL that denies access is registered and registered in advance. There is a black list method that denies access to a URL. In addition, since it is impossible to pre-register individual URLs of countless websites, a database classified into several categories such as games, music, and violence is provided, and access for each category is provided. Services that can implement regulations are provided. For example, there exists what is shown to patent document 1. FIG.

  According to these filtering services, it is possible to prevent a user from giving unsuitable information to a child or the like by subscribing to the service and registering access restrictions in advance. However, there is a problem that access cannot be made when it is desired to temporarily access a site for which access has been denied by means of research.

  Further, in the conventional category-based filtering, a URL list is not prepared for each user, and settings for accessing a specific URL of a category cannot be made.

  In order to solve these problems, it is necessary to prepare a URL list for each user and easily change the settings when accessing the site. For example, as shown in Patent Document 2, there is one that allows an administrator to temporarily issue a password when accessing a restricted site so that it can be viewed. In this method, a URL list is prepared for each user, and filtering in URL units is not realized. Moreover, although the method of making site browsing possible by obtaining a guardian's permission at the time of access to a regulated object is conceivable, there is a problem that the guardian gives permission to browse without fully understanding the contents of the target site.

JP 2005-107831 A Japanese Patent Laid-Open No. 2004-362031

  The present invention has been made in view of the above problems, and a first object of the present invention is to prepare a URL list for each user and perform filtering in units of URLs, thereby enabling a flexible filtering setting filtering system. Is to provide.

  In addition, the second object of the present invention is filtering that enables site browsing by obtaining permission from the guardian when the guardian accesses the regulated site, thereby enabling real-time access regulation setting change. To provide a system.

  Further, even if a filter can be set in real time by the permission of the guardian, the filtering function does not work sufficiently in a system in which the guardian gives permission manually. The guardian can determine whether to give the browsing permission by confirming the contents of the target site, but there are many parents who have little knowledge about the Web service, and there may be cases where it cannot be determined.

  Therefore, a third object of the present invention is to provide a filtering system capable of providing a guardian with a judgment material such as age-specific filtering setting status of all filtering service subscribers to the target site.

  In the URL filtering system, the present invention communicates with a relay device and a relay device such as a proxy and a gateway that receive web access from a terminal having a web-accessible communication device such as a PC, a mobile phone, a PDA, and a mobile terminal. Access restriction means, restriction release request means, filter setting change means, site information provision means, and filter setting result notification means are provided on the server to be executed.

  According to the present invention, for example, a terminal device having a Web-accessible communication device such as a PC, a mobile phone, a PDA, or a mobile terminal accesses the Web server via TCP / IP communication using the HTTP protocol based on the URL. It is possible to provide a URL filtering system that restricts access and prevents browsing of information that is not appropriate for the protected person. In addition, a URL filtering system that allows a protected person to send an access restriction release request for a specific URL to the guardian, and allows the guardian to change filtering settings for the access restriction release request. realizable.

  Furthermore, it is possible to realize a URL filtering system that can provide an access restriction ratio for each age / sex regarding the URL of the target site as a judgment material when the guardian receives a request to cancel filtering and changes the setting of filtering. .

  Access to the Web server is TCP / IP communication based on the HTTP protocol, and the access restriction means is realized by a filtering processing unit, and performs access restriction (filter setting) based on URL information in the communication request. The URL filtering system implements access control in units of categories by holding user information, URL category information obtained by classifying URLs, and information on whether each user can access each category in a database (DB). In addition, the URL whitelist information permitting access by each user is held in the database DB, thereby realizing access restriction in units of URLs. The flexible filtering setting which is the subject is achieved by combining the access regulation in the category unit and the URL unit.

  The deregulation request means is realized by a combination of a filtering processing unit and a mail notification processing unit. When access to the site is denied, the terminal of the person to be protected is connected to the target site that is TCP / IP communication using the HTTP protocol. Receives the deregulation request, and communicates the details of the deregulation request to the guardian's terminal by email. The guardian determines whether to grant access permission by changing the filter setting of the URL of the target site in response to the restriction release request.

  The target filter setting changing means is realized by a filter setting processing unit, receives a filter setting request which is TCP / IP communication based on the HTTP protocol from a guardian's terminal, and changes the setting of the filter.

  The filter setting result notifying means is realized by an e-mail notification processing unit, and notifies the guardian's terminal of the filter setting change result by the e-mail. By these restriction release requesting means, filter setting changing means, and filter setting result notifying means, the above-described filtering system capable of changing settings in real time is achieved.

  The site information providing means is realized by a site information generation processing unit, and includes user information held by the URL filtering system, URL category information obtained by classifying URLs, access permission information for each category of each user, and access permission for each user. A filtering system capable of providing the determination material, which is the subject, is achieved by generating a ratio of access restrictions for each age / sex related to the URL of the target site from the URL whitelist information and providing it to the guardian.

  Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic diagram showing an outline of the filtering system of the present invention.

  In the URL filtering system of the present invention, a terminal device (protected person) 102 and a terminal device (guardian) 103 having a web-accessible communication device such as a PC, a mobile phone, a PDA, and a mobile terminal are on a network such as the Internet. On a filtering server 101 that is a server that communicates with a relay device such as a proxy and a gateway that exist on a communication path in an environment where access to the Web server 104 by TCP / IP communication using the HTTP protocol is performed. It is realized with.

  The filtering server 101 has a database (DB) that holds user information, URL category information obtained by categorizing URLs, access availability information for each category of each user, and URL white list information that each user is permitted to access. The terminal device 102 (for the person to be protected) and the terminal device 103 (for protection) are appropriately referred to for the TCP / IP communication by the HTTP protocol from the (for the person to be protected) and the terminal device 103 (for the parent). Processing for communication to the Web server 104, mail transmission to the terminal device 102 (for the person to be protected) and the terminal device 103 (for the parent).

  Hereinafter, embodiments of the present invention will be described in detail with reference to a configuration diagram of a filtering server.

  FIG. 2 is a configuration diagram of a filtering server showing an example of the embodiment of the present invention. In this figure, a filtering server 101, a terminal device 102 (for a guardian), a terminal device 103 (for a guardian), and a Web server 104 are the same as those in FIG.

  The filtering server 101 includes a filtering processing unit 201, a filter setting processing unit 202, a site information generation processing unit 203, and a mail notification processing unit 204 that implement the URL filtering system according to the present invention. The filtering processing unit 201 includes access restriction means for restricting access from the terminal device to the Web server. The filtering processing unit 201 constitutes a restriction release request unit in cooperation with the mail notification processing unit 294. The filter setting processing unit 202 includes filter setting changing means for changing the filter setting. The site information generation processing unit 203 includes site information providing means for providing site information to a user of a terminal device (for a guardian). The mail notification processing unit 204 constitutes filter setting result means for notifying the user of the terminal device (for guardian) of the filter setting result. These processing units are realized on a server by executing a program stored in a hard disk (not shown).

  Further, the filtering server 101 includes a user information management database (DB) 205, a URL category management database (DB) 206, a filter information management database (DB) 207, and a URL white list management database that store information referred to by each processing unit. (DB) 208. The user information management DB 205 manages user information subscribed to the URL filtering service.

  FIG. 3 is a configuration example of the user information management DB 205. In the figure, items of a user ID part 301, a user name part 302, a mail address part 303, a guardian mail address part 304, a gender part 305, an age part 306, and a service period part 307 are set. The user ID section 301 stores an ID that can uniquely identify a service subscriber user. The user name portion 302 stores information that can identify the user name. The mail address section 303 stores the user's mail address. The guardian's mail address section 304 stores the mail address of the user's guardian. The gender section 305 stores the gender of the user. The age part 306 stores the age of the user. The service period unit 307 stores the use period of the filtering service, for example, the service end date.

  The URL category management DB 206 manages information obtained by classifying URLs.

  FIG. 4 is a configuration example of the URL category management DB 206. In the figure, items of a URL part 401, a category part 402, and an expiration date part 403 are set. The URL section 401 stores URLs classified by category. The category section 402 stores a category in which URLs are classified. The expiration date 403 stores the expiration date for associating the URL with the category.

  The filter information management DB 207 manages access permission information for each category of each user.

  FIG. 5 is a configuration example of the filter information management DB 207. In the figure, items of a user ID portion 0501 and each category name portion 502 are set. The user ID portion 501 stores an ID that can uniquely identify a service subscriber user. Each category name portion 502 stores whether or not the user can access the category. For example, set value 0: accessible, set value 1: access denied.

  The URL white list management DB 208 manages URL white list information that permits access by each user. Even URLs belonging to categories for which access is denied are accessible if they are registered in the white list.

  FIG. 6 shows a configuration example of the URL white list management DB 208. In the figure, the user ID section 601 stores an ID that can uniquely identify a service subscriber user. The URL part 602 stores a URL that permits access to the user. The registration date portion 603 stores the date when the URL is registered.

  Next, a description will be given of a sequence in which the URL filtering service subscriber uses the URL filtering system in the present invention, and details of processing of the URL filtering system in the sequence.

  FIG. 7 is a sequence diagram of the use of a URL filtering system for an access restriction site. FIG. 8 is a sequence diagram of using a URL filtering system for an access-permitted site.

  In the figure, a sequence S1 is a Web access from the terminal device (for the person to be protected) 102 to the Web server 104 by the HTTP protocol. Web access is performed via the filtering server 101, and the filtering processing unit 202 of the filtering server 101 determines whether access to the Web server 104 is permitted. This determination is made as follows.

  FIG. 9 is a flowchart showing the processing procedure of the filtering processing unit 202. The filtering processing unit 202 acquires a request URL for Web access, searches for a line that matches the URL unit 401 of the URL category management DB 206, and determines to which category the request URL belongs from the setting value of the category unit 402. . An expiration date is provided for the association between the URL and the category, and the association is invalidated when the set value of the expiration date section 403 is earlier than the current date and time.

  Next, referring to the filter information management DB 207, the user ID portion 501 of the person to be protected is specified, and whether or not the category can be accessed is determined by referring to the set value of the item in each category name portion 502. The method for identifying the user ID portion 501 of the protected person may be specified from the IP of the terminal device (for protected person) 102, but is omitted here.

  If the filtering processing unit 202 determines that access to the target URL is possible, a Web access request is transferred to the Web server 104.

  Next, a sequence S2 is a response from the Web server 104 that has received the request to the terminal device (for the person to be protected) 102. When access to the target URL is rejected by the filtering processing unit 202, an access rejection response of sequence S3 is generated and transmitted to the terminal device (for the protected person) 102.

  FIG. 13 is an example of an access rejection response (sequence S2) response screen generated by the filtering processing unit 202. In the access restriction information 1301 for the target URL, a user ID 1302, a URL 1303, and a restriction reason 1304 are displayed. The user ID of the identified protected person is set as the user ID. The URL of the request is set in the URL. The category of the URL subject to restriction is displayed as the restriction reason. A release reason entry text box 1305 and a release request transmission button 1306 are provided in the lower part of the screen. The guardian can send an access restriction release request by pressing the release request transmission button 1306 after entering the reason. It is. Information regarding the target site generated by user information, filter setting information, and the like managed by the filtering server 101 can be added to the cancellation request content, and the guardian can use it for determining whether cancellation is possible.

  Sequence S4 is an access restriction release request from the terminal apparatus (for the person to be protected) 102 to the filtering server 101. The access restriction release request is a TCP / IP communication based on the HTTP protocol, and information such as the user ID, URL, and category displayed in the access denial response and the input release reason are stored in the CGI parameter, HTTP header, request body, etc. Stored and transmitted.

  FIG. 10 is a flowchart showing a processing procedure of the site information generation processing unit 203. The filtering server 101 that has received the access restriction release request acquires URL information from the access restriction release request by the site information generation processing unit 203, and generates filtering setting information for all users for the target URL. A method for generating the filtering setting information will be described later.

  FIG. 12 is a flowchart showing the processing procedure of the mail notification processing unit 204. After the processing in the site information generation processing unit 203 is completed, the mail notification processing unit 204 generates an access restriction release request notification mail. The generated mail is transmitted to the mail address of the terminal device (guardian) 103 that can be acquired from the mail address 304 of the guardian of the user management information DB 205.

  Sequence S5 is an access restriction release request notification from the filtering server 101 to the terminal device (guardian) 103.

  FIG. 14 is an example of an access restriction release request notification mail. In the user name portion 1401, a value obtained by referring to the user name portion 302 of the user management information DB 205 is set using the user ID obtained from the access restriction release request as a key. The category acquired from the access restriction cancellation request is set in the category part 1402. In the cancellation request reason section 1403, a cancellation request reason acquired from the access restriction cancellation request is set. The URL acquired from the access restriction cancellation request is set in the site URL section 1404, and the contents of the site can be confirmed by the guardian accessing the URL. In the site information URL 1405, a URL for referring to the filtering setting information generated by the site information generation processing unit 203 is set, and a guardian can check the filtering setting information of all users for the URL by accessing the URL. It is. The access permission URL 1406 and the access denial URL 1407 are URLs for informing the filtering server 101 whether or not access restriction can be released.

  Next, a method for generating the filtering setting information will be described. FIG. 15 is an example of filtering setting information generated by the site information generation processing unit 203. The content of the filtering setting information includes a filtering restriction rate (male) 1501, a filtering restriction rate (girls) 1502, an individual restriction release rate (boys) 1503, and an individual restriction release rate (girls) 1504.

  The filtering restriction rate (male) 1501 indicates the ratio of the number of users subject to restriction to the target URL in the total number of male users by age, and the male part from the sex part 305 and the age part 306 of the user management information DB 205. The ratio is calculated from the calculation of the age-specific number of users and the calculation of the number of restricted users for the target URL category with reference to the filter information management DB 0207. The category to which the URL belongs is acquired as a parameter given to the access restriction release request. The filtering restriction rate (girls) 1502 is calculated in the same manner.

  The individual restriction release rate (male) 1503 indicates the number of users who have made a restriction release by the access restriction release request within the number of restricted users to the target URL, and the age-specific restriction users calculated by the filtering restriction rate (male) 1501 The ratio is calculated from the number and the calculation of the number of users whose restriction is released to the target URL from the URL whitelist management DB 208. The individual restriction cancellation rate (girls) 1504 is calculated in the same manner.

  Sequence S6 is a filter setting request from the terminal device (for guardian) 103 to the filtering server 101. The access restriction release request is a TCP / IP communication based on the HTTP protocol, and is transmitted by accessing the access permission URL 1406 and the access denial URL 1407. The information on the user ID and the target URL is given to the CGI parameter of the access restriction release request in the form of a character string that can be encrypted or uniquely specified.

FIG. 11 is a flowchart showing a processing procedure of the filter setting processing unit 202. When the URL of the access restriction release request is the access permission URL 1006, the filtering server 0101 registers the user ID and URL acquired from the access restriction release request in the URL whitelist management DB 208 in the filter setting release unit 202 of the filter setting release. Thus, the access restriction for the user is released.
FIG. 12 is a flowchart showing the processing procedure of the mail notification processing unit 204. After the processing in the filter setting processing unit 202 ends, the mail notification processing unit 204 generates a filter setting result notification mail. The generated mail is transmitted to the mail address of the terminal device (for the protected person) 102 that can be acquired from the mail address 303 of the user management information DB 205.

  Sequence S <b> 7 is a filter setting result notification from the filtering server 101 to the terminal device (for the person to be protected) 102. The protected person can know whether or not the guardian has permitted the cancellation of the access restriction by the notification.

  In a filtering service that regulates the browsing of sites on the network that provides information disclosure to a large number of unspecified users, it is possible to generate and provide information on temporary regulation release means and sites that are subject to regulation Is possible.

It is a schematic diagram which shows the outline | summary of this invention. It is a block diagram which shows an example of implementation of this invention. It is a structural example of user information management DB which is a component of this invention. It is a structural example of URL category management DB which is a component of this invention. It is a structural example of filtering information management DB which is a component of this invention. It is a structural example of URL white list management DB which is a component of this invention. It is a sequence diagram at the time of accessing to an access prohibition site for demonstrating the system operation | movement of this invention. It is a sequence diagram at the time of accessing to an access permission site for demonstrating the system operation | movement of this invention. It is a flowchart which shows the process sequence of the filtering process part which is a component of this invention. It is a flowchart which shows the process sequence of the site information generation process part which is a component of this invention. It is a flowchart which shows the process sequence of the filter setting process part which is a component of this invention. It is a flowchart which shows the process sequence of the mail notification process part which is a component of this invention. It is an example of an access rejection response screen produced | generated with the system of this invention. It is an example of access restriction cancellation request notification generated by the system of the present invention. It is an example of the filtering setting information produced | generated with the system of this invention.

Explanation of symbols

101: Filtering server
102: Terminal device (protected person)
103: Terminal device (guardian)
104: Web server 201: Filtering processing unit 202: Filter setting processing unit 203: Site information generation processing unit 204: Mail notification processing unit 205: User management information DB
206: URL category management DB
207: Filter information management DB
208: URL whitelist management DB
S1: Web access S2: Web access response S3: Access rejection response S4: Access restriction release request S5: Access restriction release request notification S6: Filter setting request S7: Filter setting result notification

Claims (11)

The terminal device, the web server, and the filtering server are combined with the guardian and the unspecified number of terminal devices for the guardian, the web server, the filtering server that restricts access from the terminal device to the web server, and the terminal device, the web server, and the filtering server In a URL filtering system consisting of a network,
The filtering server includes access restriction means for restricting access by a protected person to the site of the Web server on the network accessible from the unspecified number of terminal devices, and access restriction when accessing the restricted site. A restriction release requesting means for sending a release request to the terminal device for guardian, a filter setting changing means for changing a filter setting for setting the access restriction content from the guardian terminal device in response to the release request; A URL comprising: site information providing means for providing information relating to a target site to the terminal device for guardian; and filter setting result notifying means for notifying the result of the filter setting changing means to the terminal device for guardian Filtering system.   The terminal device is a terminal device having a Web-accessible communication device such as a PC, a mobile phone, a PDA, or a mobile terminal and a browser capable of browsing a Web site, and accesses the Web server via a relay device such as a proxy or a gateway. The URL filtering system according to claim 1.   The access restriction means, the restriction release request means, the filter setting change means, the site information provision means, the filter setting result notification means on the filtering server that communicates with a relay device and a relay device such as a proxy and a gateway. The URL filtering system according to claim 1, which is realized.   The access control unit performs access control for each URL of the Web site, holds user information, category information obtained by categorizing URLs, and information on whether each user can access each category. The URL filtering system according to claim 1, wherein the URL filtering system can be regulated.   The access restriction means holds the URL whitelist information that each user is allowed to access in addition to the access restriction on a category basis according to claim 4, and registers the URL whitelist even in the access restriction target category, The URL filtering system according to claim 1, wherein access to the Web site is possible.   In addition to information on the site URL, category, etc., the site information providing means can provide information for parents to set access restrictions, such as the percentage of access restrictions for each age / gender of the site. The URL filtering system according to claim 1.   The URL filtering system according to claim 1, wherein the terminal device uses TCP / IP communication based on an HTTP protocol for communication with the Web server.   The URL filtering system according to claim 1, wherein the restriction release request unit uses TCP / IP communication based on an HTTP protocol for a restriction release request from a terminal device of a protected person.   2. The URL filtering system according to claim 1, wherein the filter setting changing unit uses TCP / IP communication based on an HTTP protocol for a filter setting change request from a guardian's terminal device.   The URL filtering system according to claim 1, wherein the restriction cancellation requesting unit uses mail as a unit for transmitting a cancellation request to a guardian's terminal device.   The URL filtering system according to claim 1, wherein the filter setting result notifying unit uses mail as means for transmitting the filter setting change result to the terminal device of the person to be protected.

Images