Method for securely creating, storing and using encryption keys in a computer system

Abstract

A secure environment for entering and storing information necessary to conduct encryption processes. In a computer system according to the invention, session keys, passwords, and encryption algorithms are maintained in a secure memory space such as System Management Mode (SMM) memory. In one disclosed embodiment of the invention, a user password is entered via a secure keyboard channel. The password is maintained in a secure memory space that is not accessible during normal computer operation. In addition to the user password, optional node identification information is stored in secure memory. The node identification information is appended to the user password, and both are subsequently encrypted by an encryption algorithm and encryption keys that are also stored in secure memory. Following the encryption process, the encrypted password and node identification information are communicated directly from secure memory to network interface circuitry for communication over a network. In another disclosed embodiment of the invention, data entered in a secure manner is utilized as an encryption key (or to generate an encryption key) for securely encrypting packets of data prior to communicating the data over a computer network. The encryption key data entered by the user is securely stored for use in multiple encryption processes during a communication session, thereby alleviating the overhead of repeated key renegotiation that is typically required. In addition, an encryption key that is no longer needed can be safely destroyed in secure memory without the danger of unidentified copies of the key remaining in computer memory.