1. Field of the Invention
The present invention relates to communications systems, and more particularly to a communications system that transfers packets containing business-related files over an enterprise network or other network using the Internet Protocol (IP).
2. Description of the Related Art
Users of an enterprise local-area network (LAN) or a similar IP network often encounter a situation where they need to send files to one or more colleagues of theirs for the purpose of business activities. To achieve this, they use email attachment encoded in the Multipurpose Internet Mail Extension (MIME) format. Other typical applications and protocols used for file transfer purposes are: the Direct Client-to-Client (DCC) function of Internet Relay Chat (IRC), File Transfer Protocol (FTP), and Hyper Text Transfer Protocol (HTTP).
Document and data files transferred over an enterprise network often contain company-confidential information, which must be protected from being viewed by third parties, or even by other staffs in the same company, to prevent the information from leaking out. The network manager of the company is responsible for establishing a system for controlling access to such confidential files.
A typical method to implement restricted file access is to use an authentication mechanism of file servers. Specifically, a password is set in a server accommodating uploaded files. This password is only known by a concerned party, thus protecting those files from unauthorized access.
The above protection method using an authentication mechanism, however, cannot avoid a possibility that the sender of a file mistakenly sends that file as an email attachment directly to a wrong destination. Another possibility that cannot be avoided by the conventional method is that the sender accidentally uploads files to a wrong file server where the destination file directory is not password protected. Those possible human errors would lead to an information leakage problem.
Firewall servers may be used to avoid a wrong file transfer. This firewall server solution enables or disables file transfer operations in a comprehensive manner, rather than fine tunes the control of file delivery on an individual sender basis, for example. That is, while a firewall server effectively prevents files from being delivered to a party outside of the company, it is not possible to configure the server to restrict file transfers between, for example, particular departments within the same company.
Yet another example of an existing file protection technique is to use a gateway server with a mechanism of checking labels attached to the files to be transmitted to represent their respective confidentiality levels. See, for example, Japanese Patent Application Publication No. 2003-173284, paragraphs Nos. 0014 to 0017 and FIG. 1. The technique disclosed in this publication, however, is not always effective since it does not consider applications where the checking has to act on an individual network segment basis.