United States Patent [19]
`Cirasole et al.
`
`US005987606A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,987,606
`NOV. 16, 1999
`
`[54] METHOD AND SYSTEM FOR CONTENT
`FILTERING INFORMATION RETRIEVED
`FROM AN INTERNET COMPUTER
`NETWORK
`
`[75] Inventors: Peter Cirasole, Babylon; Robert
`DeRosa, SmithtoWn, both of NY;
`Robert FoX, Danbury, Conn.
`
`[73] Assignee: Bascom Global Internet Services,
`Inc., Farmingdale, NY.
`
`Appl. No.: 08/820,955
`Filed:
`Mar. 19, 1997
`
`l
`[
`l
`[
`[51] Int. Cl.6 ...................................................... .. H04L 9/00
`[5 ] US. Cl. ................ ..
`713/200; 713/201; 713/202
`[
`]
`Field of Search
`............... .. 395/186, 187.01,
`395/18801, 200.59, 200.33, 200.49, 200.58;
`713/200, 201, 202
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,673,322
`5,706,507
`5,732,216
`
`9/1997 Pepe et a1. .............................. .. 380/49
`1/1998 Schloss .
`3/1998 Logan .............................. .. 395/200.33
`
`OTHER PUBLICATIONS
`
`Internet Censorship: The Top Shelf, The Economist, May
`18, 1996, at 84.
`Surfwatch Filtering Products from Spyglass (visited Oct. 7,
`1996)
`<htt://WWW.surfWatch.com/products/surfWatch/
`datasheet.html>.
`
`Spyglass Server Application Development Interface (visited
`Oct. 7, 1996) <http://WWW.spyglass.com/techspec/specs/
`adiispec.html>.
`SurfWatch ProServer from Spyglass (visited Oct. 7, 1996)
`<http://WWW.spyglass.com/products/proserver/>.
`Trove Investment—News Page (visited Oct. 7, 1996) <http://
`WWW.netnanny.com/netnanny/nnfaq.html>.
`Trove Investment Corporation—Net Nanny Product Page
`(visited Oct. 7, 1996) <http://WWW.netnanny.com/netnanny/
`product.html>.
`CYBERsitter Product Information (visited Oct. 7, 1996)
`<http://WWW.solidoak.com/cysitter.htm>.
`Spyglass: Case Studies (visited Oct. 7, 1996) <http://WW
`W.spyglass.com/cases/index.html>.
`
`Primary Examiner—Ly V. Hua
`Attorney, Agent, or Firm—AndreW F. Strobert; Skadden,
`Arps, Slate, Meagher & Flom LLP
`
`[57]
`
`ABSTRACT
`
`A method and system for ?ltering Internet content retrieved
`from an Internet computer network (110) by a remote
`Internet Service Provider (“ISP”) server (100) and for
`Warded to a local client computer (10). The method and
`system matches at least one ?ltering scheme (121), such as
`an inclusive or exclusive ?lter, and at least one set of
`?ltering elements (120), such as a list of alloWed or excluded
`sites, to each Internet access request generated at the local
`client computer (10). The ?ltering scheme is implemented
`on the ISP server (100).
`
`25 Claims, 6 Drawing Sheets
`
`20
`
`ISP
`SERVER
`lQQ
`
`INTERNET
`1_1Q
`
`121
`
`Unified Patents Ex. 1009, pg. 1
`
`

`

`U.S. Patent
`
`Nov. 16, 1999
`
`Sheet 1 of 6
`
`5,987,606
`
`LANYSLNIdsl
`
`
`
`ortHIAYSS
`
`oor
`
`
`
`LZhaE
`
`—S
`
`¢Old
`
`LANYSLNILOLdsl0z1907
`OrHAASHAAWgS
`oorst
`
`
`kOld
`
`Unified Patents Ex. 1009, pg. 2
`
`Unified Patents Ex. 1009, pg. 2
`
`
`
`

`

`U.S. Patent
`
`Nov. 16,1999
`
`Sheet 2 of6
`
`5,987,606
`
`RECEIVE INTERNET
`LOG-IN REQUEST
`
`200
`
`VERIFY
`LOG-IN
`PASSWORD
`?
`
`VI‘ACKITD
`
`REJECT
`
`202
`
`204
`
`CONTROLLED
`ACCESS
`CUSTOMER
`?
`
`MARK AS
`OPEN ACCESS
`
`IDENTIFY
`FILTERING
`SCHEME
`
`205
`
`IDENTIFY SETS OF
`FILTERING ELEMENTS
`FOR USER
`
`206
`
`MARK AS
`CONTROLLED
`ACCESS
`
`_../ 207
`
`FIG. 3
`
`Unified Patents Ex. 1009, pg. 3
`
`

`

`U.S. Patent
`
`Nov. 16,1999
`
`Sheet 3 of6
`
`5,987,606
`
`PC
`25
`_'
`
`REQUEST
`
`'SP
`sERvER
`m
`
`2g:
`_
`
`ISP
`REJECTION ‘ SERVER
`m
`
`APPROVED
`?
`
`INTERNET
`m
`
`INCOM|NG
`REQUEST
`
`PARSE
`REQUEST
`
`257
`
`ON
`MASTER
`LIST
`'?
`
`ON
`PERSONAL
`INCLUSIVE
`LIST
`?
`
`ISP
`SERVER
`192
`
`FIG. 4
`
`251
`
`CONTROLLED
`ACCESS
`ACCOUNT
`7
`
`252
`/
`PROCESS
`REQUEST
`
`—>
`
`254
`
`NO
`
`ON
`PERSONAL
`EXCLUSIVE
`LIST
`?
`
`DENY
`REQUEST
`
`_/ 256
`
`FIG. 6
`
`Unified Patents Ex. 1009, pg. 4
`
`

`

`U.S. Patent
`
`Nov. 16,1999
`
`Sheet 4 0f 6
`
`5,987,606
`
`RECEIVE INTERNET
`ACCESS REQUEST
`
`220
`
`222
`
`CONTROLLED
`ACCESS
`ACCOUNT
`?
`
`IMPLEMENT FILTERING
`SCHEME UTILIZING
`MATCHED FILTERING
`ELEMENTS
`
`224
`
`FILTERING
`SCHEME
`AUTHORIZES
`REQUEST
`?
`
`225
`
`FIG. 5
`
`Unified Patents Ex. 1009, pg. 5
`
`

`

`U.S. Patent
`
`Nov. 16,1999
`
`Sheet 5 of6
`
`5,987,606
`
`mw_
`
`mm>mmw
`
`lad
`
`aqm
`
`mw_
`
`Em>mmw
`
`Iw>mmw
`
`an
`
`N .GE
`
`Unified Patents Ex. 1009, pg. 6
`
`

`

`U.S. Patent
`
`Nov. 16,1999
`
`Sheet 6 of6
`
`5,987,606
`
`am
`
`mom .
`
`Iw>Iww
`
`m .GE
`
`.2004
`
`mm>mwm
`
`wlwm
`
`Unified Patents Ex. 1009, pg. 7
`
`

`

`5,987,606
`
`1
`METHOD AND SYSTEM FOR CONTENT
`FILTERING INFORMATION RETRIEVED
`FROM AN INTERNET COMPUTER
`NETWORK
`
`FIELD OF THE INVENTION
`
`This invention relates generally to a method and system
`for ?ltering Internet content, and more particularly to a
`method and system for alloWing an Internet Service Provider
`(“ISP”) to perform user-customiZable content ?ltering of
`information retrieved from the Internet.
`
`10
`
`BACKGROUND OF THE PRESENT
`INVENTION
`
`The Internet contains a Wealth of information for
`consumers, students and businesses. Users generally access
`this information through softWare knoWn as a “browser,”
`such as the Netscape NavigatorTM or the Microsoft
`ExplorerTM. BroWsers alloW an end-user to access “Web
`sites,” Which contain content typically in the form of HTML
`?les. The broWser softWare interprets the HTML data and
`provides the user With graphical images, textual data, audio
`sound or other forms of output. Other softWare utilities for
`accessing Internet content include NeWs Groups, FTPs, IRC
`chat rooms and e-mail. Additionally, other traditional
`programs, such as games and database or spread-sheet
`programs, may also be programmed to directly access Inter
`net content.
`Many entities have found a need to block access to some
`Web sites for certain end-users. For example, corporations
`may Wish to alloW their employees to access technical or
`business sites but not entertainment oriented sites, While
`families may Wish to prevent access to sexually explicit or
`other objectionable information. Indeed, even advocates of
`free and open speech on the Internet have recogniZed the
`need for technology Which alloWs for individualiZed self
`censorship of the content of information received as a means
`to avoid government censorship of the content Which is
`posted on the Internet.
`SoftWare developers have attempted to alloW some con
`trol over the content of information received on end-user
`machines (“clients”) by ?ltering the information available.
`Several mechanisms for ?ltering are available: exclusive
`?ltering (“black-listing”) Which prevents access to all sites
`on a predetermined list of Internet sites; inclusive ?ltering
`(“White-listing”) Which alloWs access only to a predeter
`mined list of Internet sites; and Word-screening or phrase
`screening Which prevents access to Web site “pages” Which
`contain any Word or phrase on a predetermined list. Other
`methods of ?ltering include blocking access to
`“neWsgroups”—open discussion areas that alloW users to
`easily interact and post content. Another ?ltering method is
`the Platform for Internet Content Selection (PICS) standard
`Which alloWs individual Internet content providers to self
`label their content according to standard criteria. PICS also
`alloWs for third party labeling of sites.
`Initial attempts at Internet content control implemented
`the ?lter function on the local (client) machine. FIG. 8 shoWs
`a typical prior art con?guration, implementing inclusive or
`exclusive ?ltering Where the client personal computer 500
`stores a database 501 of alloWed (inclusive) or disalloWed
`(exclusive) Internet sites. Client 500 is connected through an
`asynchronous dial-up line 502 to the Internet Service Pro
`vider (“ISP”) server 503. The ISP server 503 is typically
`connected via a high speed connection 504 such as a T-l, T-3
`or greater, to the global Internet 505. There are several
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`2
`disadvantages With this single-user con?guration. First, it is
`subject to be modi?ed or thWarted by a computer literate
`end-user, such as a teenager or corporate employee. Second,
`in either the home, school or corporate environment, it is
`dif?cult and time consuming to install on every end-user’s
`client machine. Third, this con?guration is dependent upon
`individual end-user hardWare and operating systems and
`requires modi?ed softWare for different end-user platforms.
`Finally, the client database 501 must be updated frequently
`to track changes in the content of various Internet sites. This
`requires frequent doWnloads from the Internet or disk
`updates.
`A variation of the single-user con?guration of FIG. 8 is
`shoWn in FIG. 9. In this local server-based con?guration, a
`plurality of client computers 520, running any of a number
`of platforms such as WindoWsTM, MacOSTM or Unix,TM are
`coupled to a local area netWork 521. The local area netWork
`521 is connected to the ISP server 523 through a local server
`522 and a dial-up or ?xed connection 524. End-user requests
`for Internet content are ?ltered by the local server 522. The
`local server 522 accesses its stored database 525 and utiliZes
`a single set of ?ltering criteria for all of the end-users of the
`client computers 520. This is disadvantageous because a
`single set of ?ltering criteria is often not appropriate for all
`of the end-users. While this local server con?guration makes
`it far more dif?cult for a computer literate end-user to
`modify or thWart the system, it suffers from many of the
`disadvantages of the single-user con?guration in that it
`requires time-consuming local service to initiate and main
`tain the system on the local server 522. Many organiZations
`do not have the resources and expertise to install and
`maintain such a system. Further, While this con?guration can
`often be used With a variety of end-user platforms, softWare
`implementing the ?ltering functions is typically tied to a
`single local area netWork or a local server platform.
`Additionally, some service providers, such as America
`Online, have used a third “server-based” con?guration
`Where the ?ltering function is performed at the remote server
`site. To the inventors’ knoWledge, hoWever, each of the
`existing systems implementing this server-based con?gura
`tion utiliZe a single set of ?ltering criteria for all of their
`controlled-access end-users. Thus, While this system solves
`some of the problems associated With the local server
`con?guration above, it still suffers from the fact that a single
`set of ?ltering criteria is not appropriate for all end-users.
`Accordingly, there exists a need for a remote ISP server
`based method and system for ?ltering Internet content
`received by controlled access subscribers on an individually
`customiZable basis.
`
`SUMMARY OF THE INVENTION
`The object of the present invention is to overcome these
`and other disadvantages of the prior art systems by provid
`ing individual end-user customiZable access control ?ltering
`and data storage on the ISP server. These objectives include
`providing an Internet access system Which: requires no
`special or proprietary softWare to be installed at the user’s
`site, such as on an end-user (client) computer or a local
`server; Will Work With any user hardWare or operating
`system platform or local-area netWorks; alloWs users to
`select ?ltering schemes, such as inclusive or exclusive
`?ltering, and ?ltering elements, such as ISP provided
`inclusive-lists or exclusive-lists, or their oWn customiZed
`inclusive-lists or exclusive-lists; and is dif?cult to tamper
`With or circumvent.
`The method and system of the present invention includes
`an ISP server Which executes or interprets softWare incor
`
`Unified Patents Ex. 1009, pg. 8
`
`

`

`5,987,606
`
`3
`porating one or more ?ltering schemes and accesses data
`bases including any ?ltering elements required by the ?l
`tering scheme. Individual end-user accounts are matched by
`the ISP server to the ?ltering scheme and the individualized
`set of database ?ltering elements associated With the end
`user account. For example, a controlled access end-user
`account may be matched to an exclusive-list ?ltering scheme
`and a database of restricted sites. Alternatively, the con
`trolled access end-user account may be matched to Word
`screening or phrase-screening ?lter and a database of
`restricted Words or phrases and context rules. In a preferred
`embodiment of the present invention, the ISP server further
`includes end-user databases containing additional sets of
`?ltering elements for further customiZing the ?ltering
`scheme. While the ISP server preferably accesses the ?lter
`ing schemes and ?ltering elements directly from main
`memory or local storage, the ?ltering schemes and ?ltering
`elements may, alternatively, be located remotely on other
`servers, or ISP servers, and be accessed through the Internet
`or a separate computer netWork connecting the ISP server to
`the data.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For a more complete understanding of the present
`invention, reference is made to the folloWing Detailed
`Description taken in connection With the accompanying
`draWings in Which:
`FIG. 1 is single-user con?guration embodying the present
`invention;
`FIG. 2 is a multiple-user local area netWork based con
`?guration embodying the present invention;
`FIG. 3 is a ?oW diagram shoWing the ISP server’s process
`for processing an Internet log-in request;
`FIG. 4 is a How diagram shoWing the Internet access
`process for a controlled access subscriber;
`FIG. 5 is a How diagram shoWing the ISP server’s process
`for servicing an Internet access request;
`FIG. 6 is a How diagram shoWing a preferred ?ltering
`scheme of the present invention;
`FIG. 7 shoWs a distributed implementation of the present
`invention in Which ?ltering schemes and ?ltering elements
`may be distributed across a netWork;
`FIG. 8 shoWs a prior art single-user con?guration; and
`FIG. 9 shoWs a prior art local area netWork con?guration.
`
`DETAILED DESCRIPTION
`
`Preferred embodiments of the present invention Will noW
`be described With continued reference to the draWings.
`FIGS. 1 and 2 shoW single-user and multiple-user local
`area netWork con?gurations, respectively, embodying the
`present invention. In the single-user con?guration, local
`client 10 is connected to the ISP server 100. The connection
`20 is typically a dial-up asynchronous telephone line, but
`may be any of a number of knoWn means, such as a cable
`connection or a continuous direct connection.
`In the multiple-user local area netWork a plurality of
`clients, shoWn as 11, 12 and 13 on FIG. 2, are coupled to a
`local server 15 through local area netWork 16. The clients,
`11, 12 and 13 as shoWn, may be using any of a number of
`platforms such as the WindoWsTM, MacOSTM, or UnixTM
`operating systems. The clients communicate With the ISP
`server 100 through local server 15 and connection 20. In this
`embodiment, connection 20 is preferred to be a continuous
`direct connection.
`
`4
`The ISP server 100 typically provides a plurality of
`end-users, or subscribers, With access to the Internet 110.
`The ISP server 100 is coupled to the Internet 110, preferably
`through a high speed connection 101, such as a T-3 line.
`Communications across the Internet 110 and ISP servers is
`through the Transmission Control Protocol/Internet Protocol
`(TCP/IP). Preferably, the clients, 10 on FIGS. 1 and 11, 12
`and 13 on FIG. 2, also communicate With ISP server 100
`using the TCP/IP protocol, although other proprietary or
`public protocols may also be supported.
`The ISP server 100 typically includes at least one ?lter
`scheme 121, stored in main memory or other storage, and a
`database 120 of a plurality of sets of ?ltering elements
`associated With individual end-users. The ?ltering scheme
`may consist of any type of code Which may be “executed,”
`including object codes, interpreted code, such as J avaTM or
`JavaScriptTM, other high-level code, or combinations
`thereof. The ?ltering scheme may be customiZed by com
`bining portions of other ?ltering schemes, such as through a
`high-level language or visual editor.
`The embodiment described beloW utiliZes a single ?lter
`ing scheme shoWn in FIG. 6 and sets of ?ltering elements
`consisting of a master inclusive-list and a personal inclusive
`list and a personal exclusive-list. Accordingly, in the
`embodiment described, each controlled access end-user Will
`be associated With a set of ?ltering elements comprising a
`master inclusive-list and a personal inclusive-list and a
`personal exclusive-list. HoWever, it Will be obvious to one of
`ordinary skill in the art that the ?ltering scheme can be any
`of a number of knoWn-schemes, or hybrids thereof. The
`types of sets of ?lter elements Will also be different depend
`ing on the ?ltering scheme. Thus, When using a Word
`screening type ?ltering scheme, the sets of ?ltering elements
`may consist of master lists of disalloWed Words or phrases
`together With individual Words, phrases or rules.
`FIG. 3 shoWs the ISP server 100 process for accepting a
`log-in request 200, the ISP server 100 ?rst veri?es 201
`Whether the user is a registered subscriber. Invalid users are
`sent a rejection notice 202. The ISP server 100 then deter
`mines 203 Whether the end-user is a controlled access
`subscriber. If not, the connection is marked 204 as an open
`access connection. If the end-user is a controlled access
`subscriber, the log-in process identi?es the ?ltering scheme
`205 and the ?ltering elements 206 associated With the
`end-user. The connection is marked 207 as a controlled
`access connection. The ISP server 100 may utiliZe a single
`?ltering scheme for all controlled access users, in Which
`case, individualiZed customiZation is achieved solely
`through the individualiZation alloWed by modifying the
`?ltering elements.
`FIGS. 4 and 5 shoW the How of the Internet access process
`Which is executed When a logged-in subscriber sends a
`request to the ISP server 100 for Internet access.
`The Internet access request process begins When an
`end-user at a client computer (25 in FIG. 4) sends a request
`to the ISP server 100 for a Web page or other Internet service,
`such as an FTP request. Typically, these requests are sent
`from the client 25 by an end-user utiliZing a broWser. In the
`preferred embodiment, the request is in the TCP/IP format.
`As seen in FIG. 5, ISP server 100 receives an Internet
`access request 220 from client 25. ISP server 100 determines
`221 Whether this request is from a controlled access sub
`scriber or an open access subscriber. If the request is from
`an open access subscriber, the request is processed 222 and
`forWarded to the Internet 110 in the traditional manner.
`If the Internet access request is from a controlled access
`subscriber, the ISP server 100 implements 223 the ?ltering
`
`10
`
`15
`
`35
`
`45
`
`55
`
`65
`
`Unified Patents Ex. 1009, pg. 9
`
`

`

`5,987,606
`
`5
`scheme associated With the end-user utilizing the custom
`iZed ?ltering elements also associated With the user from the
`ISP database 120. The ISP server 100 determines 224
`Whether the ?ltering scheme authoriZes the request. If the
`request is authoriZed, it is processed 222 and forWarded to
`the Internet, if not, the ISP server 100 provides the end-user
`With a rejection notice 225.
`For certain ?ltering schemes, such as Wordscreening or
`phrase-screening schemes, the end-user Internet access
`request may be partially processed While the ISP server 100
`monitors the content for certain Words or phrases. The ISP
`server 100 maintains a table of logged-in end-users associ
`ated With this type of ?ltering scheme. Internet access
`requests for such end-users are forWarded directly to the
`Internet 110. The ISP server 100 then monitors all data
`packets to determine Which Will be forWarded to users on
`this table. If a packet is being sent to such a user, the ISP
`server 100 screens the packet based on the speci?c ?ltering
`scheme and ?ltering elements. For certain schemes or
`elements, multiple data packets may have to be buffered. If
`the data packet or packets trigger the ?ltering scheme, such
`as by containing speci?c Words or phrases, the transmission
`to the user may be terminated. The sending site may be put
`on a list of excluded sites used in a hybrid exclusive-list
`Word-parsing scheme.
`In the preferred embodiment, the ISP server 100 provides
`a user-friendly HTML message denying the Internet access
`request When appropriate. This message may contain a
`statement of a client corporation’s “acceptable use policy” if
`the end-user subscriber is associated With a corporation.
`The preferred embodiment further includes a privileged
`class of controlled access users. These privileged users are
`typically parents, in the case of family accounts; teachers,
`for educational accounts; and corporation administrators, for
`corporate accounts. The privileged users are responsible for
`selecting the ?ltering scheme and ?ltering elements Which
`are associated With controlled access end-user accounts
`under the privileged user’s control. The ?ltering scheme
`may be selected from a ?xed set of options, or may be
`further customiZed by alloWing the privileged user to select
`and combine elements, such as through a graphical user
`interface from a number of existing ?ltering schemes.
`When a request by a privileged user is denied, the user
`receives a special denial message Which alloWs the privi
`leged user to override the denial. Alternatively, the privi
`leged user is alloWed to modify the ?ltering schemes and
`?ltering elements (such as exclusive-list sites) associated
`With the privileged user and controlled-access end-users
`controlled by the privileged user.
`FIG. 6 shoWs a preferred ISP server ?ltering scheme
`comprising a hybrid master inclusive-list combined With
`personal exclusive and inclusive lists. ISP server 100
`receives 250 Internet access requests and determines 251
`Whether the end-user is a controlled access subscriber. If not,
`the request is forWarded to the Internet 110 and processed
`252. If the request is from a controlled access subscriber, the
`ISP server 100 parses the request 257 and determines 253
`Whether the requested site is on a master inclusive-list of
`alloWed sites. In the TCP/IP protocol, each Internet access
`request or “packet” includes the address of the destination
`computer from Which content is requested. Thus, the parsing
`routine simply examines this destination address and com
`pares it to the address list. The master inclusive-list may be
`supplied by the ISP or third-party list suppliers. If the site is
`on the master inclusive-list, the ISP server then checks 254
`the site against the subscriber’s personal exclusive-list.
`
`1O
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`6
`Alternatively, if the site is not on the master inclusive-list, it
`is checked 255 against the subscriber’s personal inclusive
`list. If the site is either
`on the master inclusive—list and
`not on the personal exclusive-list; or (ii) on the personal
`inclusive-list, the request is processed 252 and forWarded to
`the Internet. If not, the request is denied 256 With an HTML
`message as noted above. The set of ?ltering elements
`associated With each end-user account for this preferred
`embodiment therefore comprise the master inclusive-list and
`the personal exclusive-list and personal inclusive-list. Any
`of those lists, as Well as any of the other sets of ?ltering
`elements described herein, may be optionally set to be empty
`lists or sets.
`FIG. 7 shoWs a distributed implementation of the present
`invention. Local client 310 may access ISP server 300
`through a dial-up, or other connection 20. Alternatively,
`clients may be connected through a local server as shoWn in
`FIG. 2. ISP server 300 is coupled to the Internet 110 through
`a high-speed connection 101. The ?ltering scheme 321 and
`sets of ?ltering elements 320 are stored locally to another
`server 304 either in main memory or secondary storage such
`as disk storage on the line. Alternatively, the ?ltering scheme
`321 and ?ltering elements 320 may be stored on separate
`servers, such as 300, 304 or 301. Server 304 may be coupled
`through a connection 305 to the Internet 110 thereby alloW
`ing ISP server 300 to access server 304 through an Internet
`connection. Alternatively, ISP server 300 and server 304
`may be coupled directly or through a separate computer
`netWork (not shoWn). ISP server 300 simply queries server
`304 for the user’s status as a controlled access user and the
`user’s ?ltering scheme and set of ?ltering elements, if any.
`Alternatively, ISP server 300 may forWard the local client
`310 Internet access requests to server 304 for processing.
`This distributed architecture alloWs an end-user, Who might
`normally use local client 325 to dial-up server 304, to access
`the Internet 110 through different local clients, 310 and 311
`as shoWn on FIG. 7, and Internet points-of-presence, such as
`through ISP server 300 and 301 as shoWn in FIG. 7, provided
`by the Internet Service Provider, While maintaining the
`user’s customiZed content ?ltering. Thus, for example, cor
`poration users could use the same ISP While traveling aWay
`from the of?ce.
`It is understood that various other modi?cations Will be
`apparent to and can be readily made by those skilled in the
`art Without departing from the scope and spirit of the present
`invention. For instance, the ?ltering scheme may be based
`on any of a plurality of ?ltering techniques, such as phrase
`and content ?ltering or PICS type ?ltering and consist of any
`of various types of “programs,” such as executable code,
`interpreted code, script languages, or other high level pro
`grams. Additionally, many combinations of such ?lters are
`possible. Similarly, the present invention may be applied
`equally for various types of communications hardWare such
`as ISDN or cable modems and utiliZe various types of
`distributed processing across a computer netWork, such as
`the Internet itself. Accordingly, it is not intended that the
`scope of the claims be limited to the description or illustra
`tions set forth herein, but rather that the claims be construed
`as encompassing all features of patentable novelty that
`reside in the present invention, including all features that
`Would be treated as equivalents by those skilled in the art.
`What is claimed is:
`1. A content ?ltering system for ?ltering content retrieved
`from an Internet computer netWork by individual controlled
`access netWork accounts, said ?ltering system comprising:
`a local client computer generating netWork access
`requests for said individual controlled access netWork
`accounts;
`
`Unified Patents Ex. 1009, pg. 10
`
`

`

`5,987,606
`
`7
`at least one ?ltering scheme;
`a plurality of sets of logical ?ltering elements; and
`a remote ISP server coupled to said client computer and
`said Internet computer network, said ISP server asso
`ciating each said netWork account to at least one
`?ltering scheme and at least one set of ?ltering
`elements, said ISP server further receiving said netWork
`access requests from said client computer and execut
`ing said associated ?ltering scheme utiliZing said asso
`ciated set of logical ?ltering elements.
`2. The content ?ltering system of claim 1 further com
`prising privileged netWork accounts, said ISP server alloW
`ing said privileged netWork accounts to modify the set of
`logical ?ltering elements matched to said controlled access
`netWork accounts.
`3. The content ?ltering system of claim 1 further com
`prising a local server coupled to said local client through a
`local area netWork, said remote ISP server being coupled to
`said local server through a telephonic connection.
`4. The content ?ltering system of claim 1 further com
`prising a second ISP server coupled to said remote ISP
`server, said matched set of logical ?ltering elements being
`stored locally to said second ISP server.
`5. The content ?ltering system of claim 4, Wherein said
`second ISP server is coupled to said remote ISP server
`through said Internet computer netWork.
`6. The content ?ltering system of claim 1 Wherein said
`netWork access request contains a destination address, said
`at least one ?ltering scheme monitoring said destination
`address of said netWork access request.
`7. The content ?ltering system of claim 6, Wherein said at
`least one ?ltering scheme comprises an eXclusive-list
`scheme and said plurality of sets of logical ?ltering elements
`comprise lists of eXcluded Internet sites.
`8. The content ?ltering system of claim 6, Wherein said at
`least one ?ltering scheme comprises an inclusive-list scheme
`and said plurality of sets of logical ?ltering elements com
`prise lists of alloWed Internet sites.
`9. The content ?ltering system of claim 6 further com
`prising a master set of logical ?ltering elements comprising
`a list of excluded sites, said at least one ?ltering scheme
`comprising a hybrid exclusive-list inclusive-list scheme,
`said plurality of logical sets of ?ltering elements comprising
`lists of alloWed sites, each controlled access netWork
`account being associated With at least one list of alloWed
`sites.
`10. The content ?ltering system of claim 9, Wherein said
`hybrid ?ltering scheme eXcludes Internet access requests to
`Internet sites listed on said master list of eXcluded sites
`unless said Internet site is listed on said associated list of
`alloWed sites.
`11. The content ?ltering system of claim 9 further com
`prising a plurality of lists of eXcluded sites, each controlled
`access netWork account being associated With at least one
`list of said plurality of lists of eXcluded sites, said hybrid
`?ltering scheme excluding Internet access requests to Inter
`net sites on said master list of eXcluded sites or said
`associated list of eXcluded sites, unless said Internet site is
`listed on said associated list of alloWed sites.
`12. The content ?ltering system of claim 11, Wherein said
`at least one ?ltering scheme comprises a Word-parsing
`scheme and said plurality of sets of logical ?ltering elements
`comprise lists of eXcluded Words, said Word-parsing scheme
`monitoring the content of data packets being forWarded to
`the controlled access netWork account for occurrences of
`Words on the list of eXcluded Words associated With said
`controlled access netWork account.
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`8
`13. The content ?ltering system of claim 1, Wherein said
`at least one ?ltering scheme monitors the data being for
`Warded to said remote client computer.
`14. A content ?ltering system for ?ltering content
`retrieved from an Internet computer netWork by individual
`controlled access netWork accounts, said system comprising:
`a local client computer generating netWork access
`requests for said individual controlled access netWork
`accounts;
`at least one master site list;
`a plurality of ?rst personal site lists, each controlled
`access netWork account being associated With at least
`one ?rst personal site list; and
`a remote ISP server coupled to said client computer and
`said Internet computer netWork, said ISP server receiv
`ing said screening said netWork access requests based
`on said master site list and said associated ?rst personal
`site list.
`15. The content ?ltering system of claim 14 further
`comprising a plurality of second personal site lists, each
`controlled access netWork account being associated With at
`least one second personal site list, said ISP server screening
`said netWork access requests based on said master site list
`and said associated ?rst personal site list and said associated
`second personal site list.
`16. The content ?ltering system of claim 15, Wherein said
`netWork access requests comprise a destination address
`?eld, said ISP server denying said netWork access request if
`said netWork access request destination address is listed on
`said associated ?rst personal site list, said ISP server further
`denying said netWork access request if said netWork access
`request destination address is listed on said master site list
`and not on said associated second personal site list.
`17. The content ?ltering system of claim 14 further
`comprising a second ISP server coupled to said remote ISP
`server, said plurality of ?rst personal site lists and said
`plurality of second personal site lists being stored locally to
`said second ISP server.
`18. An ISP server for ?ltering content forWarded to
`controlled access netWork accounts accessing an Internet
`computer netWork from a remote client computer, said
`remote client computer generating netWork access requests
`containing a destination address, said ISP server comprising:
`a plurality of sets of logical ?ltering elements, each
`controlled acces