	US 11,741,248 B2
	Data access control using data block level encryption
Manu J. Kurian, Dallas, TX (US); Michael R. Young, Davidson, NC (US); and Jo-Ann Taylor, Godalming (GB)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Aug. 20, 2019, as Appl. No. 16/545,169.
Prior Publication US 2021/0056216 A1, Feb. 25, 2021
Int. Cl. G06F 21/60 (2013.01); G06F 21/62 (2013.01)

CPC G06F 21/6209 (2013.01) [G06F 21/602 (2013.01); G06F 21/6227 (2013.01); G06F 2221/2107 (2013.01)]

20 Claims

1. An information security device, comprising:

a data control engine implemented by a processor operably coupled to a memory, configured to:

receive a data file;

segment the data file into a set of data blocks, wherein each data block from the set of data block comprises a portion of data from the data file;

associate the set of data blocks with a reference tag, wherein:

the reference tag comprises an alphanumeric value that uniquely identifies each of the set of data blocks that are associated with the data file; and

each data block within the set of data blocks is associated with the reference tag with the same alphanumeric value as each other that uniquely identifies each of the set of data blocks that are associated with the data file;

identify an access key for encrypting each data block from the set of data blocks;

encrypt each of the set of data blocks with a different corresponding access key;

associate each encrypted data block from the set of encrypted data blocks associated with the data file with the reference tag having the same alphanumeric value as each other, wherein each encrypted data block of the data file is associated with a data block identifier and a different access key in a data information table;

store each of the set of encrypted data blocks with non-sequential location information in a memory, wherein the non-sequential location information is stored in a sequential order of data block identifiers of the encrypted data blocks of the data file in the data information table;

iteratively identify the non-sequential location information of each of the encrypted data blocks of the data file based on the reference tag having the same alphanumeric value as each other;

extract each of the set of encrypted data blocks of the data file based on the non-sequential location information and each different corresponding access key; and

reconstruct the data file in the sequential order of the data block identifiers of the data file with the reference tag having the same alphanumeric value as each other; and

the memory operably coupled to the processor, operable to store:

the set of encrypted data blocks;

an association between each data block identifier of the set of encrypted data blocks of the data file and the reference tag having the same alphanumeric value in the data information table;

an association between each of the set of encrypted data blocks and each different access key in the data information table; and

an association between each encrypted data block and the different corresponding location information for each of the set of encrypted data blocks in the sequential order of the data block identifier of the encrypted data blocks associated with the data file in the data information table, wherein the location information comprises a unique non-sequential memory address that identifies a location in the memory where each encrypted data block is stored.