KR101124634B1 - integrated management system of network based on embedded operating gateway - Google Patents

Abstract

The present invention relates to a gateway that manages a network integrated based on an embedded operating system to perform security and performance improvement of the network.

A network integrated management gateway based on an embedded operating system includes a firewall module that performs filtering on a packet passing through the gateway by using an IP table, an authentication key and an IP (internet) set between a local host and a remote host. protocol) A virtual private network providing module for providing a virtual private network (VPN) using address authentication, storing contents requested by an arbitrary web server by a first terminal on a network connected to the network integrated management gateway, and storing the network. When the content is requested from the web server of the second terminal on the web, a web caching module and an operating system (OS) kernel and the firewall that provide the stored content to the second terminal in response to the request. Module, the virtual private network providing module, and the web Including an embedded operating system level module that contains the application source for the control of the module Singh.

Gateway, network management

Description

Integrated management system of network based on embedded operating gateway

The present invention relates to a network integrated management gateway based on an embedded operating system, and more particularly, to a gateway that performs network security and performance enhancement by integrated network management based on an embedded operating system.

Recently, with the rapid increase of the use of the Internet and the general use of the network in the enterprise, network security problems are emerging. In particular, there has been a rapid increase in the leakage of confidential information about not only individuals but also companies, and there are cases where personal and corporate terminals, such as desktops, are used as waypoints to attack third parties. There is a growing need for security in network usage.

One of the security threats is an attack that targets a specific target for financial gain. Existing viruses and spyware have been distributed and spread to unspecified number of people, and it has been a form of disruption by increasing traffic on the network. Recently, the security threats that have been questioned are hacking attempts for financial information, financial transactions, It is evolving in a way that damages such as hacking aimed at leaking personal information, certificates, and account information necessary for the use of online games are revealed.

In particular, due to vulnerable security problems, damages were caused by phishing and spoofing, using the leaked personal information, to impersonate financial institutions, hacking memory, tampering with information, or conducting DDoS attacks on item trading sites. There was something going on.

Due to these problems, security issues at the application level that attack gateway-level security issues or endpoint solutions, such as individual terminals and servers, and their operating systems, to gradually monitor and block attacks from outside. Security issues are gradually diversifying.

In addition, due to the surge in the use of the Internet, not only security problems, but also problems caused by increased traffic on the network are emerging. In other words, as the use of the Internet increases and the capacity of the content provided by the Internet increases, the performance of the network is deteriorated due to the gradually increasing traffic.

An embodiment of the present invention includes a firewall function to block unnecessary intrusion from the outside, such as a hacking attempt, and provide a virtual private network function to a terminal on a network connected to the Internet, including a virtual private network function, and provides a web caching function. To provide a network integrated management gateway that can improve the performance of the network, including.

As a technical means for achieving the above-described technical problem, a first aspect of the present invention is a firewall module, local host and remote host to perform filtering using a rule by an IP table on a packet passing through the gateway. A virtual private network providing module for providing a virtual private network (VPN) using an authentication key set in between and an IP (internet protocol) address authentication, wherein a first terminal on a network connected to the network integrated management gateway is connected to an arbitrary web server. A web caching module and operating system for storing the content requested from the web server and providing the stored content to the second terminal in response to the request when the content is requested from the web server of the second terminal on the network. kernel) and the firewall module and the virtual private network providing module A network integrated management gateway based on an embedded operating system including an embedded operating system module including a module and an application source for controlling the web caching module may be provided.

According to the above-described problem solving means of the present invention, it is possible to block unnecessary intrusion from the outside, such as hacking attempt, and to provide a virtual private network service to the terminal on the network to enable more secure network use. In addition, by providing caching functions when connecting to the Web, the information required by the user can be provided more quickly, and the network traffic can be reduced by reducing Internet traffic.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is "connected" to another part, this includes not only "directly connected" but also "electrically connected" with another element in between. . In addition, when a part is said to "include" a certain component, this means that it may further include other components, except to exclude other components unless otherwise stated.

1 is a diagram illustrating a configuration of a network integrated management system based on an embedded operating system according to an embodiment of the present invention.

The network integrated management gateway 100 according to an embodiment of the present invention may include an embedded operating system (OS) module 110, a firewall module 120, and a virtual private network (VPN) providing module 130. And web caching module 140.

The embedded OS 110 module includes an OS kernel and an application source for controlling and managing each module. Embedded OS 110 according to an embodiment of the present invention may be configured based on open source.

The firewall module 120 provides a hybrid firewall. That is, the firewall module 120 provides a firewall in which a packet filtering method and an application method are mixed.

The VPN provision module 130 provides for the use of a virtual private network (VPN). A virtual private network (VPN) is a network method that can be used like a private network constructed by using a public line, for example, using a public network such as the Internet.

Therefore, the VPN providing module 130 provides a virtual private network with connectivity and security more than a public network to a terminal of a network connected to the public network through the network integrated management gateway 100.

The web caching module 140, when the second terminal requests access again for a site accessed from the first terminal of the network connected to the network integrated management gateway 100, data such as content stored when the first terminal is connected To the second terminal.

As such, the web caching module 140 reduces the number of times that a terminal of a network accesses a web server, and as a result, the Internet traffic in the network can be reduced.

Hereinafter, after the kernel compilation for the embedded OS 110 according to an embodiment of the present invention will be described, each module will be described.

Kernel compilation using the uClibc compiler may be performed on the embedded OS 110 according to an embodiment of the present invention. That is, in one embodiment of the present invention, the OS kernel and the application source is installed in a Flash (Disk On Module), a kernel compilation using the uClibc compiler is performed, an example of the kernel compilation progress is as follows.

cd / usr / src / linux
make menuconfig
make clean
# .config file analysis
make dep
cp /usr/src/makebz.sh /usr/src/linux/makebz.sh

######## start makebz.sh content ########
nohup make bzImage >> /tmp/compile.log 2>& 1
######## makebz.sh End of content ########

./makebz.sh
#make bzImage

# Compress bzImage using upx
cd / usr / src
cd /usr/src/upx-1.90-linux/
./upx --best -f -o linux.upx / usr / src / linux / arch / i386 / boot / bzImage

# Modules Make
cd / usr / src / linux
make modules

In the above example, after the 'make menuconfig' command is executed, the options for kernel compilation are set.

Before the kernel compile is executed by the 'make clean' command, the previously set values are initialized and the dependencies of the configuration values set in the menuconfig can be checked by the 'make dep' command. The actual kernel can be compiled with the command 'make bzImag'.

An example of the kernel compilation options selected in 'make menuconfig' is shown below.

#
# Automatically generated by make menuconfig: don't edit
#
CONFIG_X86 = y
# CONFIG_SBUS is not set
CONFIG_UID16 = y

#
# Code maturity level options
#
CONFIG_EXPERIMENTAL = y

#
# Loadable module support
#
CONFIG_MODULES = y
# CONFIG_MODVERSIONS is not set
# CONFIG_KMOD is not set

#
# Processor type and features
#
# CONFIG_M386 is not set
CONFIG_M486 = y
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
# CONFIG_MK7 is not set



########## Omit ############

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET = y
CONFIG_GRKERNSEC_RANDISN = y
CONFIG_GRKERNSEC_RANDID = y
CONFIG_GRKERNSEC_RANDSRC = y
CONFIG_GRKERNSEC_RANDRPC = y
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging options
#
CONFIG_GRKERNSEC_FLOODTIME = 10
CONFIG_GRKERNSEC_FLOODBURST = 4

Kernel compilation option settings are important in kernel compilation, and the values that are set in the kernel can be modified. That is, the processing speed of the embedded OS 110 may be improved by setting a recommended value and a necessary part in the embedded OS 110 and excluding an unnecessary part from the kernel.

In the example above, 'Y' indicates the kernel includes the configuration, and 'N' indicates the kernel excludes the configuration. 'M' indicates that the setting is modularized and then activated and used if necessary. Thus, the compilation for the module set part can be executed by "make module" command after kernel compilation is executed.

2 is a flow chart showing the flow of a packet processing method in a firewall module according to an embodiment of the present invention.

The firewall module according to an embodiment of the present invention may perform a firewall function by using an open source netfilter, and in particular, may perform a firewall by using an iptable of the netfilter.

In Netfilter, a protocol defines a hook, which is a pointer in the packet protocol stack. At the pointer, each protocol invokes the netfilter framework using packets and hook numbers.

A netfilter is a collection of contiguous hooks that exist at various points in the protocol stack. In one embodiment of the present invention, a method of processing IPv4 packet progress by a netfilter is as follows.

In step S105, the data contained in the packet is checked. The data check may be performed by checking whether the data included in the packet is in a complete state, that is, part is not damaged or the like.

In step S110, the packet on which the data check is performed is transferred to the NF_IP_PRE_ROUTING hook of the netfilter framework, and in step S115, it is determined whether the packet can be routed.

In step S120, if it is determined that the packet cannot be routed in step S115, the packet is removed. In step S125, if it is determined that the packet can be routed in step S115, the packet is determined. Determines whether the destination of a local process or another interface.

If it is determined in step S130 that the destination of the packet is a local process, the netfilter framework calls the NF_IP_LOCAL_IN hook, and in step S1350, transmits the packet to the destination local process.

In step S140, if it is determined that the destination of the packet is another interface, the netfilter framework calls NF_IP_FORWARD hook, and in step S145, the last netfilter hook before the packet is transmitted to the network line. After passing to the NF_IP_POST_ROUTING hook, the packet is transmitted to another interface as a destination in step S150.

As described above, the packet progression is performed by a hook called by the NetFilter framework. When the hook is called, an IPtable is called to select a packet. Provide rules for:

The packet selection system, which calls the IP table, is based on the netfilter framework. The kernel module can register a new table and request that any packet go through the given table. This packet selection method is used for packet filtering (ie 'filter' table), network address translation ('nat' table), and comprehensive pre-route packet mangling ('mangling' table).

An IPtable provides a named array of rules in memory and the information that packets are delivered from each hook. The iptable is not registered with any netfilter hook. That is, one module must separately register a netfilter hook and an iptable, and an iptable is called in response to the hook call.

The iptable according to an embodiment of the present invention expresses rules by user space and rules within the kernel using the same data structure for convenience. Each rule may include a 'struct ipt_entry' structure, a 'struct ipt_entry_match' structure, and a 'struct ipt_entry_target' structure.

Here, 'struct ipt_entry' may include fields of 'struct ipt_ip', 'nf_cache', 'target_offset', 'next_offset', 'comefrom', and 'struct ipt_counters'.

The 'struct ipt_ip' field contains details about the IP header, the 'nf_cache' field indicates which part of the packet should be examined for the current rule, and the 'target_offset' field indicates the current rule where the ipt_entry_target structure begins. 'Next_offset' field indicates the maximum size of the current rule, 'comefrom' field is used by the kernel to trace the path of the packet, and 'struct ipt_counters' Field is a field containing a byte counter and a packet for a packet matching the current rule.

3 is a diagram illustrating a configuration of a virtual private network to which a virtual private network (VPN) providing module according to an embodiment of the present invention is applied.

The local host 210 and the remote host 220 are connected through a network integrated management gateway 100 according to an embodiment of the present invention through the Internet, which is a public network, to the network integrated management gateway 100. The virtual private network (VPN) providing module 130 receives the virtual private network (VPN) communication.

Virtual private network (VPN) is a technology that obtains the effect of a private network using a public network, such as the Internet, and for performing the virtual private network (VPN), a key exchange algorithm and a data exchange algorithm are required. The key exchange algorithm is ISAKMP (IPSec Key Exchange and Mangement Protrocols), and the data exchange algorithm is an authentication algorithm using an authentication header (AH) and an encryption algorithm using an encapsulating security payload (ESP). .

IPSec Key Exchange and Management Protrocols (ISAKMP) is a protocol for merging security associations and key exchange management. When IPSec is used, security negotiation is performed between peers attempting communication. In this case, ISAKMP may be used in the process of exchanging and determining SAs.

The operation of opening, changing, and deleting SAs may be performed by ISAKMP, and various security algorithms may be supported to support higher layer communication and to easily change security algorithms. Currently, ISAKMP is used to establish Key Exchange and SA in IPSec. The actual protocol uses IKE and the packet format follows the packet format of ISAKMP.

The authentication header (AH) authenticates the source of the received data and ensures the integrity of the data. MMA-MD5. An authentication algorithm such as HMAC-SHA1 can be used.

The authentication header (AH) can confirm the integrity of each IP packet, a serial number is assigned to the authentication header (AH) can be prevented from a replay attack (Replay Attack).

Secure payload encapsulation (ESP) provides confidentiality and integrity for IP networks. That is, Secure Payload Encapsulation (ESP) encrypts IP packets to ensure confidentiality when transmitting data.

Unlike the authentication header (AH), the secure payload encapsulation (ESP) encrypts the packet itself through DES (56 bit) encryption or 3DES (168 bit) encryption, thereby providing confidentiality of data. Secure payload encapsulation (ESP) can authenticate the source of data and prevent replay attacks.

The VPN providing module 130 according to an embodiment of the present invention may perform a setting operation such as generating an authentication key, setting an IP of a VPN device, applying an authentication key, and the like using an open source openswan source.

An example configuration using openswan source is shown below.

ipsec showhostkey --left # Create authentication key of local VPN device
# RSA 2048 bits xy.example.com Wed Aug 26 15:01:41 2009
leftrsasigkey = 0sAQOnwiBPt ...

ssh2 ab.example.com # ssh to remote VPN device

ipsec showhostkey --right # Generate authentication key of remote VPN device
# RSA 2192 bits ab.example.com Wed Aug 26 15:26:20 2009
rightrsasigkey = 0sAQOqH55O ...

vi /etc/ipsec.conf # Apply Settings from Local VPN
conn net-to-net
left = 192.0.2.2 # Local VPN device ip
leftsubnet = 192.0.2.128 / 29
leftid=@xy.example.com
leftrsasigkey = 0sAQOnwiBPt ... # Apply generated authentication key value
leftnexthop =% defaultroute
right = 192.0.2.9 # Remote VPN Device ip
rightsubnet = 10.0.0.0 / 24
rightid=@ab.example.com
rightrsasigkey = 0sAQOqH55O ... # Apply created key value
rightnexthop =% defaultroute
auto = add

scp2 ipsec.conf root@ab.example.com: /etc/ipsec.conf #Copy the environment file set in Local VPN to Remote VPN device.

ipsec auto --up net-to-net # Run and test LAN-to-LAN VPN

4 is a flowchart illustrating a method of providing web caching of a web caching module according to an embodiment of the present invention.

Web caching providing method of the web caching module according to an embodiment of the present invention can be compared with the process according to the use of the cache in the conventional terminal shown in FIG. That is, in a conventional cache use process, when a storage command occurs in an application or the like (S210), the cache is accessed for processing the storage command (S220), and the memory mapping table of the operating system (OS) is searched ( In operation S240, the mapping table determines whether the memory exists in the real memory or the virtual memory. Judgment shows that if it is in virtual memory, page change, that is, discarding pages that are not being written to in physical memory, inserting a hit instruction, then updating the cache's mapping table, and if in physical memory, Run the save to process the save command.

The configuration of the terminal in the conventional cache usage process and the configuration used when performing web caching can be compared as shown in Table 1 below.

object Response component PC (terminal) CPU Cache Memory Web Client (PC) Web cache server Website

TABLE 1

In the above configuration, the web cache server may be a web caching module according to an embodiment of the present invention.

Hereinafter, a method of providing web caching in a web caching module will be described.

In step S205, the web caching module receives a content request from a terminal on a network connected to a network integrated management gateway according to an embodiment of the present invention. In this case, the web caching module may receive content information together with the content request. The content information may include an address of the content, that is, an address of a web server providing the content.

In step S210, it is determined whether the content requested in step S205 exists in the web cache module. As described above, in web caching, the content received by any terminal on the network is stored in a web cache server, that is, a web caching module.

Therefore, it is determined using the content information received in step S205 whether the content requested in step S205 is already stored in the web cache module. For example, the web caching module may determine whether the requested content exists by searching for content corresponding to the address of the content requested from the terminal among the stored content.

In step S215, if it is determined in step S210 that the requested content does not exist in the web caching module, the web caching module receives the content from the web server providing the requested content, and the received content corresponds to the received content. Send to the terminal.

In step S220, when it is determined that the content requested in step S210 exists in the web caching module, the web caching module determines the freshness of the stored content. If a considerable time passes after the content is stored in the web caching module, the content stored in the web caching module may have different contents even though the address is the same as the content currently provided by the web server. Therefore, the web caching module must determine the freshness of the stored content, that is, the reliability of the content.

In step S225, when it is determined in step S220 that the freshness, that is, the reliability, of the content stored in the web caching module is greater than or equal to a certain level, the web caching module transmits the stored content to the terminal.

In step S230, if it is determined in step S220 that the freshness, that is, the reliability, of the content stored in the web caching module is less than a certain level, the determination is made as to whether the content stored in the web server providing the requested content is available. Ask. That is, the web caching module requests the web server to confirm whether the stored content is the same as the content currently provided by the web server.

In step S235, the determination result requested in step S230 is received, and in step S240, it is determined whether the content stored in the web caching module is reusable based on the received determination result.

In step S245, when it is determined in step S240 that the content stored in the web caching module may be reused, the header information of the content stored in the web caching module is changed, and then the freshness of the corresponding content is determined later. To be used.

In step S250, the web caching module transmits the stored content to the terminal.

In step S255, if it is determined in step S240 that the content stored in the web caching module cannot be reused, the content is received from the web server and stored in the web caching module to be updated.

In step S260, the web caching module transmits the newly received and stored content to the terminal.

6 is a diagram illustrating a configuration of a web caching module according to an embodiment of the present invention.

The web caching module 140 according to an embodiment of the present invention includes a content storage unit 141, a reliability determination unit 142, a content requesting unit 143, and a content transmission unit 144.

The content storage unit 141 stores the content received from the web server (not shown). The content received from the web server includes an image, text, video, and the like included in the web site provided by the web server.

When the content storage unit 142 subsequently receives a request for the same content from any terminal on the network, for example, when any terminal requests access to the same web site, the content storage unit 142 provides previously stored content to the terminal. can do.

The reliability determination unit 142 determines the freshness of the content stored in the content storage unit 141, that is, the reliability. As described above, when the storage period of the content stored in the content storage unit 141 is more than a predetermined level, the content stored in the content storage unit 141 may be different from the content provided by the web server.

Therefore, the reliability determination unit 142 determines the reliability of the stored content using information such as the storage period of the stored content and whether or not to update the stored content.

The web server request unit 143 requests the web server to reuse the content when the reliability of the stored content is less than a predetermined level, and requests the web server to transmit the corresponding content if the stored content cannot be reused.

The content manager 144 changes the header information of the content determined to be reusable from the web server, and stores the changed content in the content storage unit 142.

The content transmitter 145 transmits the content stored in the content storage unit 141 to the corresponding terminal.

As such, the web caching module 140 according to an embodiment of the present invention may be programmed by an open source-based squid, and Table 2 is an example of squid's log information.

Timestamp Milliseconds since 1970/01/01 when the server was started Elapsed time Time taken to open and close client sockets (milliseconds) Client IP IP of client Cache Result / HTTP Code Cache result and HTTP status code for the requested content size Bytes sent to client Request method Client's Request Method URL Requested URL Identifier Identifier used for authentication as described in RFC 931 Hierarchical Data / Host Indicates where the requested object came from The content type Type of object passed by server

TABLE 2

Table 3 shows an example of an HTTP code and a corresponding cache result in web caching according to an embodiment of the present invention.

HTTP code Cache result TCP_HIT The requested content responds in the cache TCP_MIS The requested content is not in the cache and the response is made by making a request to the real server. TCP_IMS_HIT The client sent an If-Modified-Since field in the request header and HIT occurs. TCP_IMS_MISS If the request header contains If-Modified-Since, but the cache is not fresh and is re-requested to the real server. TCP_REFRESH_HIT If the requested content is not fresh and requested to the real server, but received '304 Not Modified' and responded from the cache to the client. TCP_REFRESH_MISS The requested content is not fresh and requested to the real server. The server receives the new content, stores it in the cache, and responds back to the client. TCP_CLIENT_REFRESH If you include 'no_cache' in the client request header TCP_CLIENT_REFRESH_MISS If the cache fetches content from the server, including the fields that control cache such as 'no-cache' or 'no-store' in the client request. TCP_DENIED If the client request is rejected by the cache (associated with content filtering)

TABLE 3

One embodiment of the present invention may also be embodied in the form of a recording medium including instructions executable by a computer, such as program modules, being executed by a computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, computer readable media may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transmission mechanism, and includes any information transmission medium.

While the methods and systems of the present invention have been described in connection with specific embodiments, some or all of those elements or operations may be implemented using a computer system having a general purpose hardware architecture.

The foregoing description of the present invention is intended for illustration, and it will be understood by those skilled in the art that the present invention may be easily modified in other specific forms without changing the technical spirit or essential features of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and similarly, components described as distributed may be implemented in a combined form.

The scope of the present invention is shown by the following claims rather than the above description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

1 is a diagram showing the configuration of a network integrated management system based on an embedded operating system according to an embodiment of the present invention;

2 is a flowchart illustrating a flow of a packet processing method in a firewall module according to an embodiment of the present invention;

3 is a diagram illustrating a configuration of a virtual private network to which a virtual private network (VPN) providing module according to an embodiment of the present invention is applied;

4 is a flowchart illustrating a web caching providing method of a web caching module according to an embodiment of the present invention;

5 is a diagram illustrating a process according to the use of a cache in a conventional terminal;

6 is a diagram illustrating a configuration of a web caching module according to an embodiment of the present invention.

Claims (6)

A network integrated management gateway based on an embedded operating system, A firewall module for filtering the packet passing through the gateway using a rule provided by an IP table, Virtual private network providing module that provides a virtual private network (VPN) using an authentication key and IP (internet protocol) address authentication set between a local host and a remote host, When the first terminal on the network connected to the network integrated management gateway stores the content requested from any web server and requests the content from the web server of the second terminal on the network, the stored content is stored in response to the request. A web caching module provided to the second terminal; An operating system module including an operating system (OS) kernel and an application source for controlling the firewall module, the virtual private network providing module, and the web caching module Including, The web caching module A content storage unit for storing the first content requested by the first terminal; A reliability determination unit determining the reliability of the first content when the second content having the same address as the address of the first content is requested by the second terminal; If the reliability of the first content is less than a predetermined level, the web server request unit for requesting whether or not to reuse the first content to the web server corresponding to the address of the second content, A content manager configured to change the header information of the first content and store the first content whose header information is changed, in the content storage unit when receiving a response indicating that the first content can be reused from the web server; Content transmission unit for transmitting the content in which the header information is changed to the second terminal Network integrated management gateway comprising a. The method of claim 1, And the IP table is called in response to a call of a hook, which is a pointer in a packet protocol stack, to provide the rule. The method of claim 1, The virtual private network providing module exchanges the authentication key between the local host and the remote host using IPSec Key Exchange and Management Protocols (ISAKMPs), and uses an authentication header for a packet received from the outside. Verify integrity and encrypt packets exchanged between the local host and the remote host using Encapsulating Security Payload (ESP). The method of claim 1, The authentication key and the IP address set in the virtual private network providing module is configured through an openswan source. delete The method of claim 1, The reliability determination unit determines the reliability of the first content on the basis of the storage period of the first content and whether or not to change the header information.

Images