US Patent 9430490 Multi-tenant secure data deduplication using data association tables

A method of providing secure storage and access by authorized users of a multi-tenant data storage system that contains deduplicated data; wherein a unique identifier is assigned to a given data object within a data volume catalog; further wherein the unique identifier includes “ownership” of the data object within the object store itself. Each time a data object is stored by a user, the method of the present invention creates an entry within a data association table of the data storage system, which entry denotes the data volume catalog that has executed the data object write. Using the method of the present invention, only a user of a data volume catalog that has actually “written” the data object will be able to access and read the data object. Thereby the method of the present invention affords data security for a multi-tenant, deduplicated data storage system.