1. Field of the Invention
The present invention relates to techniques for exchanging and aggregating information associated with cryptographic transformations.
2. Related Art
The recent proliferation of computer networks and associated advances in networking technology are enabling businesses to improve their services and to offer new services. For example, banks can now provide consumers with the ability to access their bank records and to perform transactions online. However, the ability to exchange such sensitive information over networks creates significant security risks. Indeed, in the wrong hands personal financial information can be used for hacking, identity theft, and other types of criminal activity. To address this problem, systems commonly use encryption to protect data that is transmitted over networks.
Unfortunately, cryptographic transformations such as those used in encryption and decryption are computationally intensive. As a consequence, these transformations place significant demands on system resources and are a dominant expense in the processing of data packets. In order to manage systems that perform such cryptographic transformations effectively, it is desirable for the associated resource utilization to be accurately measured. However, the statistics that are measured in existing systems are typically limited to data-packet or byte counts. The actual cost incurred by the system cannot be determined using this information, because the cost also depends on whether or not cryptography was employed, and if so, on what cryptographic technique is used.
For example, the processing of network data packets may involve asynchronous-cryptographic operations. These operations often run in a context that is disconnected from the application that consumes the data packets. The ability to effectively manage the associated data flow requires the system to accurately account for resources used or spent by the system to process the data packets. However, in the case of cryptographic asynchronous processing operations these costs are not attributable to the application that generated the data flow. Instead, when executed in software, asynchronous cryptography requests are run in the context of a process (such as a system daemon) that sits idly in the background of the operating system until it is invoked to perform its task, and is then charged for the associated cost. And when offloaded to a hardware cryptographic accelerator, the scheduling cost and time spent in callbacks is diluted in measurement of the overall system overhead.
Therefore, in the absence of the ability to accurately monitor cryptographic resource utilization, the increasing use of encrypted data poses challenges to the operators of networks. In particular, it is difficult for the operators to determine cryptographic resource needs, to optimize data processing using the existing resources, to account for expenses, and to provide economic incentives for users to use cryptographic resources efficiently.
Hence what is needed is a method and an apparatus that facilitates the tracking of resource utilization during cryptographic transformations without the above-described problems.