US 11,783,094 B2
System and method for providing protected data storage in data memory
Tuomas Kärkkäinen, Turku (FI); and Jouni Laine, Turku (FI)
Assigned to Gurulogic Microsystems Oy, Turku (FI)
Appl. No. 17/270,967
Filed by Gurulogic Microsystems Oy, Turku (FI)
PCT Filed Aug. 30, 2019, PCT No. PCT/EP2019/073247
§ 371(c)(1), (2) Date Feb. 24, 2021,
PCT Pub. No. WO2020/043893, PCT Pub. Date Mar. 5, 2020.
Claims priority of application No. 1814149 (GB), filed on Aug. 31, 2018.
Prior Publication US 2021/0319142 A1, Oct. 14, 2021
Int. Cl. G06F 21/78 (2013.01); G06F 21/54 (2013.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); G06F 21/75 (2013.01)
CPC G06F 21/78 (2013.01) [G06F 21/54 (2013.01); G06F 21/602 (2013.01); G06F 21/6209 (2013.01); G06F 21/75 (2013.01); G06F 2221/0751 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A system that, when in operation, provides protected data storage in a first data memory of a computing device, wherein the system comprises:
an encoder executing on a processing hardware of the computing device, wherein the encoder, when in operation:
generates encryption information from at least one initialization value according to an encryption algorithm, wherein the at least one initialization value is used only internally in the encryption algorithm to generate the encryption information,
encrypts unencrypted data using the encryption information to generate encrypted data, and
stores the encrypted data in an allocated portion of a first data memory and the encryption information in an allocated portion of a second data memory of the computing device, wherein the second data memory is different from the first data memory; and
a decoder executing on the processing hardware of the computing device, wherein the decoder, when in operation:
accesses the encrypted data and the encryption information from the allocated portion of the first data memory and the allocated portion of the second data memory, respectively, and
decrypts the encrypted data using the encryption information to re-generate the unencrypted data;
wherein the encoder, when in operation:
generates new encryption information according to the encryption algorithm,
re-encrypts the unencrypted data using the new encryption information to generate new encrypted data, and
replaces the encrypted data and the encryption information with the new encrypted data and the new encryption information in the allocated portion of the first data memory and the allocated portion of the second data memory, respectively,
wherein the unencrypted data is re-encrypted using newer encryption information to generate newer encrypted data each time the unencrypted data is read from the allocated portion of the first data memory or the unencrypted data is to be written to the allocated portion of the first data memory, wherein previous encrypted data and previous encryption information are to be replaced with the newer encrypted data and the newer encryption information in the allocated portion of the first data memory and the allocated portion of the second data memory, respectively,
further wherein the encoder and the decoder are integrated, such that the decoder and the encoder, when in operation, decrypt the previous encrypted data into the unencrypted data and re-encrypt the unencrypted data into the newer encrypted data, respectively, in a single thread of execution, and wherein the encoder and the decoder are implemented by way of a low-level code in an inline configuration, such that a cycle of decryption and encryption is not interrupted.