1) Field of the Invention
The present invention relates to an apparatus for and a method of filtering packets transmitted and received over a plurality of networks, and a computer program product for executing the method. More particularly, this invention relates to filtering of a packet to which security evaluation information indicating security evaluation of the packet is added.
2) Description of the Related Art
When secret data such as internal documents is transmitted and received in an enterprise, it is necessary to ensure confidentiality, integrity and authenticity of data. To meet such a demand, several methods using the encryption technology and authentication technology are proposed.
For example, there is a method of ensuring security of data between networks by using a Virtual Private Network (VPN) with the encryption technology and authentication technology taken in.
Besides, there is also a method of ensuring authenticity of data by adding passage information indicating that the packet has passed through a filtering apparatus to a packet when the packet is transmitted and then ensuring at the time of reception that the passage information is added properly (see Japanese Patent Application Laid-Open Publication No. H11-205388).
However, the two methods explained above are for ensuring the confidentiality or authenticity between a network as being a sender and a network as being a receiver, but not for ensuring the authenticity concerning a user or a communication device which has transmitted a packet. Specifically, even if a packet is transmitted by a communication device which is poor in reliability in view of security within the sender network or by a spoofing user using a communication device, the receiver network receives the packet to be appropriate. Therefore, damage may be caused despite appropriate receipt of the packet. In other words, there is a problem that the receiver network cannot acquire information concerning the security of the communication device of the packet transmission source or the user using the communication device, therefore check the security of the packet.