1. Field of the Invention
The present invention relates to a communication apparatus communicating with IPsec (Internet Protocol Security), a control method therefor, and a storage medium storing a control program therefor.
2. Description of the Related Art
Conventionally, a power saving mode for reducing power consumption of an information processing system at the time of standby is known. A communication apparatus that comprises a main information processing device with a main CPU and a NIC (Network Interface Card) device with a sub CPU is known as an example of an information processing system with the power saving mode. In general, such a communication apparatus stands by to stop power supply to the main information processing device and to supply regular power to modules of the NIC device that consumes less power.
In relation to this, Japanese Laid-Open Patent Publication (Kokai) No. 2006-259906 (JP 2006-259906A) discloses a technique that the main CPU notifies the sub CPU of an address of a multicast packet that should be responded when shifting to the power saving mode to stop the power supply to the main CPU. Accordingly, since the sub CPU can respond to a received multicast packet instead of the main CPU in the power saving mode, it becomes unnecessary to activate the main CPU. Therefore, the stop period of the power supply to main CPU can be extended, which increases power saving effect.
The encryption technology of the IPsec is known in recent years as a technique that communicates with an encrypted network packet in order to protect confidential information. Use of such techniques enables to transmit and receive encrypted data via a network. This prevents a leak of information. In this case, it is thinkable to take over SA information of the IPsec to the sub CPU from the main CPU when shifting to the power saving mode. This enables that the module of the NIC device communicates by taking over a network session even in the power saving mode.
Thus, when the SA information of the IPsec is taken over to the NIC device at the time of the shift to the power saving mode of the main information processing device, the NIC device can respond to an incoming packet instead of the main information processing device even in the power saving mode.
Life time information of an IPsec session is managed at this time by monitoring residual time and data transfer quantity in the SA information from the time when the connection was established.
However, when the SA information is taken over, unless processing time yielded by the taking over of the SA information between the information processing device and the NIC device is taken into consideration, the life time information of the session cannot be managed accurately and normal IPsec communication may be unable. This processing time includes a period required to transfer the SA information between the information processing device and the NIC device, and a period from the receipt of the SA information by the devices to their actual starts of management using their IPsec modules.
That is, when taking over the SA information from the information processing device to the NIC device, a period from a start to transfer the SA information from the information processing device to the NIC device until the shift to the power saving mode is completed and the IPsec module of the NIC device starts management of the SA information using a timer etc. of the NIC device is not reflected to the life time information of an IPsec session.
In the same manner, when taking over the SA information from the NIC device to the information processing device, a period from a start to transfer the SA information from the NIC device to the information processing device until return from the power saving mode is completed and the IPsec module of the information processing device starts management of the SA information using a timer etc. of the information processing device is not reflected to the life time information of an IPsec session.
Thus, a difference between the proper life time information from the session establishment and the life time information when shifting to the power saving mode increases whenever the shift to the power saving mode and the return from the power saving mode arise. Therefore, when the shift to the power saving mode and the return from that are repeated frequently, the difference becomes large to a minute unit. In such a case, there may be the following problems. That is, a session is not normally completed even if a period shown by life time information expires, and an actual communication is impossible in spite of the fact that a session is in a period in the device itself.
As mentioned above, the prior art may disturb the communication when the life time information is taken over.