US 9,811,279 B2
Securing physical-storage-media data transfers
Manu Kurian, Dallas, TX (US); and Sorin N. Cismas, Southlake, TX (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on May 13, 2015, as Appl. No. 14/710,813.
Prior Publication US 2016/0335016 A1, Nov. 17, 2016
Int. Cl. G06F 12/02 (2006.01); G06F 3/06 (2006.01)
CPC G06F 3/0623 (2013.01) [G06F 3/0629 (2013.01); G06F 3/0683 (2013.01)] 11 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, via a communication interface of a computing system comprising at least one processor, a memory, and the communication interface, a plurality of physical-storage-media identifiers stored on a plurality of physical storage media approved for use by an organization associated with the computing system;
generating, by the at least one processor, for each physical storage medium of the plurality of physical storage media approved for use by the organization, and in a log stored in the memory, an entry comprising a physical-storage-media identifier, of the plurality of physical-storage-media identifiers, stored on the physical storage medium;
receiving, by the computing system, via the communication interface, and from a first computing device, a request to write a first portion of secure data stored in the memory to a first physical storage medium;
receiving, by the computing system, via the communication interface, and from a second computing device, a request to write a second portion of the secure data stored in the memory to a second physical storage medium;
responsive to a determination by the at least one processor that the request to write the first portion of the secure data stored in the memory to the first physical storage medium comprises a first physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers:
instructing, by the computing system and via the communication interface, the first computing device to write the first portion of the secure data stored in the memory to the first physical storage medium; and
updating, by the at least one processor, an entry, of the log stored in the memory, comprising the first physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers to reflect that the computing system instructed the first computing device to write the first portion of the secure data stored in the memory to the first physical storage medium;
responsive to a determination by the at least one processor that the request to write the second portion of the secure data stored in the memory to the second physical storage medium comprises a second physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers:
failing, by the computing system, to instruct the second computing device to write the second portion of the secure data stored in the memory to the second physical storage medium; and
updating, by the at least one processor, an entry, of the log stored in the memory, comprising the second physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers to reflect that the computing system failed to instruct the second computing device to write the second portion of the secure data stored in the memory to the second physical storage medium; and
determining, by the at least one processor and based on the second physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers, that the second physical storage medium has been tampered with, and wherein failing to instruct the second computing device to write the second portion of the secure data stored in the memory to the second physical storage medium is performed responsive to determining that the second physical storage medium has been tampered with,
wherein generating the entry comprising the physical-storage-media identifier comprises generating an entry comprising one or more properties of the physical storage medium, wherein receiving the request to write the second portion of the secure data stored in the memory to the second physical storage medium comprises receiving one or more properties of the second physical storage medium, and wherein determining that the second physical storage medium has been tampered with comprises:
identifying, by the at least one processor and in the log stored in the memory, an entry comprising the second physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers; and
determining, by the at least one processor, that the entry comprising the second physical-storage-media identifier that is amongst the plurality of physical-storage-media identifiers comprises one or more properties that are different from the one or more properties of the second physical storage medium.