With the advent of higher data rate wireless communication networks, wireless devices are required to provide higher data processing speeds. This can be a problem for real-time communications, such as for voice or video data. The problem can be compounded where data must be intensively processed by a wireless communication device, such as when providing software encryption of the data.
Cryptographic algorithms require a great amount of computational power. As a result, cryptographic modules, and particularly those that are implemented completely in software are very processing-intensive. In addition, the computation requirements can vary based on the encryption/decryption algorithm being used. Network security modules such as Internet Protocol Security (IPSec), whose implementation relies on software cryptography, need to address the heavy processor load that using these modules bring with them. Further, the use of a data tunnel mode requires both encryption/decryption and hashing algorithms to be applied on an Encapsulating Security Protocol (ESP) packet. These combined requirements put even more load on the processor.
As a result, real-time networking devices can process much more normal unencrypted data traffic as compared to data traffic that requires software cryptography security like IPSec. For example a device which can handle 1 Gbps of normal unencrypted traffic, may only be able to handle 100 Mbps of IPSec/ESP traffic based on the software cryptography implementation. So when the device is handling ESP traffic at the maximum rate that it can handle, the processor is at full load (at 100%). In this state the entire processor is taken by software cryptography and any user space processes are starved for processor time. However, for stable operation real-time networking devices require some processor time to be periodically available for user space processes. For example, on a Linux based real-time device, the process “is_Diag” requires some processing time to ping the watchdog and keep the device alive. If “is_Diag” does not get any time on the processor and hence does not ping the watchdog, then the device reboots, which is unacceptable.
It is also necessary to ensure that the device can handle normal traffic at desired data rates along with traffic that requires cryptographic processing (like IPSec) in order to avoid network congestion. Therefore, it must be ensured that software cryptography module does not take up the entire processor load.
Accordingly, there is a need for new data rate limiting technique which automatically adapts to the cryptographic algorithms and features in use at any time on the wireless device to limit the amount of data processed by software cryptography, such that only a portion of the available processor load is taken at all times.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.