	US 12,481,770 B2
	System and method for providing protected data storage in data memory
Tuomas Kärkkäinen, Turku (FI); and Jouni Laine, Turku (FI)
Assigned to Gurulogic Microsystems Oy, Turku (FI)
Filed by Gurulogic Microsystems Oy, Turku (FI)
Filed on Sep. 1, 2023, as Appl. No. 18/460,228.
Application 18/460,228 is a continuation in part of application No. 17/270,967, granted, now 11,783,094, previously published as PCT/EP2019/073247, filed on Aug. 30, 2019.
Claims priority of application No. 1814149 (GB), filed on Aug. 31, 2018.
Prior Publication US 2024/0184900 A1, Jun. 6, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/60 (2013.01); G06F 21/62 (2013.01)

CPC G06F 21/602 (2013.01) [G06F 21/6218 (2013.01)]

16 Claims

1. A system that, when in operation, provides protected data storage in a first data memory of a computing device, wherein the system comprises:—an encoder executing on a processing hardware of the computing device, wherein the encoder, when in operation: —generates encryption information according to an encryption algorithm, —encrypts unencrypted data using the encryption information to generate encrypted data, and—stores the encrypted data and the encryption information in an allocated portion of the first data memory and an allocated portion of a second data memory of the computing device, respectively; and—a decoder executing on the processing hardware of the computing device, wherein the decoder, when in operation: —accesses the encrypted data and the encryption information from the allocated portion of the first data memory and the allocated portion of the second data memory, respectively, and—decrypts the encrypted data using the encryption information to re-generate the unencrypted data; wherein the encoder, when in operation: —generates new encryption information according to the encryption algorithm, —re-encrypts the unencrypted data using the new encryption information to generate new encrypted data, and—replaces the encrypted data and the encryption information with the new encrypted data and the new encryption information in the allocated portion of the first data memory and the allocated portion of the second data memory, respectively, wherein the unencrypted data is re-encrypted using newer encryption information to generate newer encrypted data each time the unencrypted data is read from the allocated portion of the first data memory or the unencrypted data is to be written to the allocated portion of the first data memory, wherein previous encrypted data and previous encryption information are to be replaced with the newer encrypted data and the newer encryption information in the allocated portion of the first data memory and the allocated portion of the second data memory, respectively, and when a size of the allocated portion of the first data memory is greater than a size of a protected variable, newly encrypted data corresponding to the protected variable is stored in the allocated portion of the first data memory based on a variable offset associated with the protected variable, the variable offset identifying a memory location within the allocated portion of the first data memory from which the newly encrypted data is to be retrieved or to be written; further wherein the encoder and the decoder are integrated, such that the decoder and the encoder, when in operation, decrypt the previous encrypted data into the unencrypted data and re-encrypt the unencrypted data into the newer encrypted data, respectively, in a single thread of execution, and wherein the encoder and the decoder are implemented by way of a low-level code in an inline configuration, such that a cycle of decryption and encryption is not interrupted.