公开(公告)号：GB2509709A

公开(公告)日：2014-07-16

申请号：GB201300316

申请日：2013-01-09

Applicant: IBM

Inventor： BRUGGER DOMINIK ,  SEUL MATTHIAS

IPC: G06F21/60 ,  H04L29/06 ,  H04L29/08

Abstract: Secure data storage 405 in a distributed (e.g. cloud) computing system 400 by a client 401 of the distributed computing system, the method comprising in a gateway device 403 of the distributed computing system intercepting a data file from a data stream during transmission of the stream in the system; evaluating the intercepted data file for determining the communication protocol used for the stream data transmission; evaluating the intercepted data file based on the communication protocol for determining the destination and the source of the data file; if the destination is the storage (405): selecting a set of analysis algorithms from a plurality of predetermined analysis algorithms, wherein each analysis algorithm of the set of the analysis algorithms is associated with a predefined weight; analyzing the intercepted data file using each of the analysis algorithms of the selected set of analysis algorithms for determining if the intercepted data file comprises sensitive data, thereby determining a respective set of results; associating to each result of the set of results a number indicating that the data file comprises or not sensitive data; calculating a weighted sum of the numbers indicating that the data file comprises sensitive data using the predefined weights; comparing the weighted sum with a predetermined sensitivity threshold value; in response to determination that the weighted sum is higher than a sensitivity threshold, creating a data container and encrypting the payload content of the data file in a manner so as to maintain the original payload size, possibly using augmentation/reduction/compression and/or padding if necessary; storing the key used to encrypt the data file; and transmitting the encrypted payload rather than the original data file to the storage. If the destination is the client and the source of the stream is the storage the gateway decrypts the data file using a stored encryption key and transmits the data file to the client once authorized.