	US 11,868,318 B1
	End-to-end encryption in a storage system with multi-tenancy
Ronald Karr, Palo Alto, CA (US); Constantine Sapuntzakis, Mountain View, CA (US); and John Colgrove, Los Altos, CA (US)
Assigned to PURE STORAGE, INC., Santa Clara, CA (US)
Filed by PURE STORAGE, INC., Mountain View, CA (US)
Filed on Jul. 24, 2020, as Appl. No. 16/937,723.
Claims priority of provisional application 62/944,617, filed on Dec. 6, 2019.
Int. Cl. G06F 16/00 (2019.01); G06F 16/174 (2019.01); G06F 16/182 (2019.01); G06F 21/62 (2013.01); G06F 21/60 (2013.01); G06F 16/16 (2019.01); G06F 21/10 (2013.01)

CPC G06F 16/1748 (2019.01) [G06F 16/164 (2019.01); G06F 16/1824 (2019.01); G06F 21/602 (2013.01); G06F 21/6218 (2013.01); G06F 21/107 (2023.08)]

20 Claims

1. A method comprising:

storing, by a storage system, a first tenant dataset encrypted with a first storage system encryption key and a second tenant dataset encrypted with a second storage system encryption key that is different from the first storage system encryption key;

decrypting, by the storage system, the first tenant dataset and the second tenant dataset;

performing, by the storage system, deduplication operations on first data stored by the storage system

without deduplicating data between the decrypted first tenant dataset and the decrypted second tenant dataset; and

storing the deduplicated first tenant dataset and the deduplicated second tenant dataset.