Patent attributes
The present invention addresses encryption systems and methods in the de-duplication of data in a multi-tenant environment. The system provides isolation between tenants' stored data and the storage system. Tenant keys are assigned to tenants. The storage system stores raw data objects backed up for the tenants and fingerprints, corresponding to the data objects, in a single use key encrypted format. Fingerprints are wrapped with a storage system key held by the storage system. A request is received to retrieve data backed up for a tenant. The request includes fingerprints corresponding to the data objects to retrieve, and a tenant key, the fingerprints being in the single use key encrypted format and wrapped with the tenant key. The received fingerprints are unwrapped using the tenant key to retrieve data objects corresponding to the received fingerprints. The data objects are transmitted to the tenant and the tenant key is removed.