In the field of network communication technology, by performing communications using the Internet protocol (IP) which is a de facto standard, services can be provided to the entire Internet from independent networks and specific groups using manufacturer-specific communication protocols, enabling provision of services to people around the world.
This Internet protocol (IP) is an example of a protocol used in open systems interconnection; the specifications are published and can be obtained by anyone. Based on hardware and software for communication using this published specification, standardized Internet services are provided, and these also can be obtained and used by anyone.
When such circumstances, in which standardized means can be obtained by anyone to receive services, are applied to corporate activities and similar, there are dangers regarding consequences for confidentiality of communications and for corporate computer system security, and so numerous security methods to avoid such dangers have been devised and realized.
In general-use security equipment, security methods are adopted according to hierarchical communication layers used to achieve open systems interconnection.
In the Internet protocol (IP), communication is performed through the transmission and reception of data (packets) to which are appended original IP addresses assigned to communicating computers, protocol numbers, communication ports, and other information. In order to ensure security, a method is employed in which communication from computers which have not been permitted is blocked (packet filtering).
In this packet filtering, permitted IP addresses, protocol numbers, communication ports, and similar are set in devices (routers) which connect networks. A router then maintains security by deciding whether to pass data, based on permission setting information. However, packet filtering performed in the data link layer and the network layer, which are positioned at lower levels in open systems interconnections, have the drawback of a low level of security, due to the inability to set complicated conditions and execute control.
On the other hand, a firewall is a device which affords a higher level of security than do routers which interconnect networks. A firewall ensures security at a higher level than in open systems interconnections, in order to compensate for the drawbacks to security using IP filtering.
For example, one such firewall is a transport-level proxy, used to maintain security in the transport layer; as methods used in higher layers, there are application-level proxies which maintain security in the application layer and similar. Such application proxies are also called application gateways, and provide firewall functions which are the most intelligent and provide the highest level of security among proxy functions.    Patent Document 1: Japanese Patent Laid-open No. 2000-172597    Non-Patent Document 1: Intra & Internet Security (Ohm Co.) by Takahiro Sugimoto, ISBN4-274-06162-0
However, a firewall is a device constituted of a computer and software, and so is defenseless against illicit communication data such as spoofed packets, and moreover is defenseless against software incompatibilities and against security threats which attempt to exploit newly discovered security holes. In particular, when a computer system is being protected solely by a firewall, if the firewall is breached the computer system is reduced to a completely defenseless state. For this reason, mechanisms for shutting out unknown threats remain indispensable to maintain the security of corporate infrastructures and other control systems of a highly public nature.
Moreover, constant maintenance is essential for firewalls and other security equipment in order to provide protective measures against newly discovered security holes and other threats. In general, software updates provided by security equipment manufacturers must be carried out to perform maintenance; the updates are themselves performed over the Internet, which is a public network. Thus a contradiction arises in which, despite the fact that a device is within a secure network, the device must be connected to the network which is lacking in security.
In Patent Document 1, a communication method is disclosed in which TCP/IP communication is performed using a LAN in a communication interface with an external network, with serial communication to an internal network performed via a protocol conversion server function. In Patent Document 1, security is maintained through various filtering in the relay process; however, should illicit communication data once penetrate the device, because a standardized protocol is being used, the devices which exist beyond the interface, and the security of which must be maintained, can easily be accessed, so that there remain concerns with respect to security and reliability.
This invention was devised in order to resolve the above-described problems, and has as an object the provision of a security gateway system, and a method and program for such a system, in a gateway connecting a plurality of networks utilizing a standard protocol which has been standardized and the specifications of which have been published, which affords a high degree of security and reliability, and which, even in the event that illicit communication data has penetrated into the gateway from one network, prevents penetration of this communication data into other networks.