公开(公告)号：US20190073152A1

公开(公告)日：2019-03-07

申请号：US16171907

申请日：2018-10-26

申请人： PURE STORAGE, INC.

发明人： Swapnil Chandrashekhar Nagle ,  Virendra Prakashaiah ,  Ronald Karr

IPC分类号： G06F3/06 ,  G06F17/30 ,  H04L9/08 ,  G06F21/62

摘要： A method includes receiving a request to write a data block to a volume resident on a multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array, and determining whether the data block matches an existing data block on the multi-tenant storage array, wherein the existing block corresponds to a second tenant. In response to determining that the decrypted data block matches the existing data block: encrypting the existing data block with a shared volume encryption key; encrypting the shared volume encryption key with a first tenant encryption key and providing the shared volume encryption key encrypted with the first tenant encryption key to the first tenant; and encrypting the shared volume encryption key with a second tenant encryption key and providing the shared volume encryption key encrypted with the second tenant encryption key to the second tenant.

公开(公告)号：US12045487B2

公开(公告)日：2024-07-23

申请号：US17878869

申请日：2022-08-01

申请人： PURE STORAGE, INC.

发明人： Swapnil Chandrashekhar Nagle ,  Virendra Prakashaiah ,  Ronald Karr

IPC分类号： G06F3/06 ,  G06F16/13 ,  G06F21/62 ,  H04L9/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC分类号： G06F3/0641 ,  G06F3/0608 ,  G06F3/0623 ,  G06F3/067 ,  G06F3/0683 ,  G06F16/137 ,  G06F21/6218 ,  H04L9/08 ,  H04L9/0894 ,  H04L9/3239 ,  H04L9/3297 ,  H04L9/50

摘要： A method includes receiving a request to write a data block to a volume resident on a multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array, and determining whether the data block matches an existing data block on the multi-tenant storage array, wherein the existing block corresponds to a second tenant. In response to determining that the decrypted data block matches the existing data block: encrypting the existing data block with a shared volume encryption key; encrypting the shared volume encryption key with a first tenant encryption key and providing the shared volume encryption key encrypted with the first tenant encryption key to the first tenant; and encrypting the shared volume encryption key with a second tenant encryption key and providing the shared volume encryption key encrypted with the second tenant encryption key to the second tenant.