A secure enclave is fundamentally a memory-protection technology: it keeps a region of RAM encrypted and hidden from the operating system. But memory is volatile, and real applications need to save state — write files, keep databases, survive a reboot. The moment enclave-protected data has to be persisted to disk, it leaves the cocoon, and the question becomes how to keep it sealed once it is no longer in protected memory.
US12212683B2, “Persistent file system in a secure enclave,” granted to R3 LTD. on January 28, 2025, takes on that gap. Classified under G06F 21/6218 with G06F 21/54 and key-management codes, it claims a file system whose data, written from inside an enclave, remains protected when persisted.
The mechanism this implies is sealing: data leaving the enclave for disk is encrypted under keys the enclave controls and that are bound to the enclave's identity, so only the same attested enclave code can later unseal it. A persistent file system makes that sealing systematic — every write is protected, every read is unsealed inside the enclave, and the untrusted host storing the bytes never sees plaintext.
R3 as the assignee is a meaningful detail. R3 builds Corda, an enterprise distributed-ledger platform used heavily in finance, where confidentiality of contract and transaction state is paramount. A persistent enclave file system is exactly what such a platform needs: ledger state that is durable, but sealed so that not even the operator of the node can read it.
Per the desk's discipline: issued grant (B2), not an application; a system/method claim, not a confirmed product feature — though R3's confidential-ledger work is the clear context. The contribution is bridging two layers that enclave technology usually keeps separate: protected compute and durable storage.
For the systems reader, this is part of the broader 2025 maturation of confidential computing. The early patents protected enclave memory; the current ones extend the protection outward — to storage, to recovery, to service meshes — turning the enclave from an isolated compute island into something an entire stateful application can be built inside.