In an embodiment of the invention, a memory is provided to store data in an encrypted form. A modifiable register is arranged to store a memory address, a0, defining a boundary separating the memory into two regions. The lower region stores data encrypted using a key B, and the upper region stores data encrypted using a different key A. Data stored on the boundary address is encrypted using key A. Accordingly, when data is read from a memory address a, key A is used to decrypt the data if a≥a0, and key B is used if aa0. However, when data is written to a memory address a, then key A is used to encrypt the data if a≥a0+1, key B is used if aa0+1. The value of a0 is then incremented by one. When data is written to the boundary address, a0, the position of the boundary is thus caused to increase by one unit. Initially, the value of a0 is set to zero so that all data within the memory is encrypted using key A. As data is written to the memory, particularly on the boundary address, the value of a0 gradually increases. Eventually the value of a0 will exceed the highest address of the memory. At this point, all data within the memory is encrypted using key B, and a new key is generated. The new key becomes key B, and key A takes the value of the old key B. The value of a0 is then set back to zero and the process is repeated. If a particular region of the memory is never written to, the value of a0 will not increase beyond the lowest memory address of this region. To prevent this occurrence, if the value of a0 does not change within a predetermined period of time then a 'kicker' process is activated. During the kicker process, data is caused to be read from the memory address a0, and then to be written back to the same location, thereby artificially stimulating an increase of the value of a0.
展开▼
