PatentBrief
← Back to patent
PatentBrief · Patent BriefUS 10102356

Securing Data Storage Commands with Passcodes

This patent describes a system for securely executing commands on data storage systems by requiring a generated passcode, which is based on user authentication and specific storage entity attributes.

Patent Number

US 10102356

Status

Active

Filing Date

March 9, 2016

Grant Date

October 16, 2018

Expiration

~March 2036 (estimated)

Claims

22

Assignee

EMC IP Holding Co LLC

Inventors

Adnan Sahin, Michael Specht

Citations

89 forward · 3 backward

What it covers

This patent details a method for protecting data storage systems from unauthorized actions. When a user wants to issue a command, like modifying or deleting data, they first provide their user ID and authentication info. If that checks out (like a password and a code from an app), the system generates a special passcode. This passcode isn't random; it's created using specific details about the storage system or the data being targeted, like its serial number or a snapshot ID. The user then sends their command along with this passcode. The storage system checks if the passcode is valid for that specific command and data, and only if it matches does it execute the command. This ensures that even if someone intercepts a command, they can't run it without the correct, context-aware passcode.

What it doesn't cover

  • Commands that do not require a passcode because they are not part of a predefined subset of sensitive operations.
  • Executing control commands without first successfully authenticating the user identifier.
  • Generating a passcode that is not based on at least one attribute of the specific data storage entity being targeted.
  • Using a passcode that has not been validated by the data storage system against the specific command and entity.
  • Control commands that are not part of an 'allowable' set of operations defined by policies.

The clever bit

The innovation lies in generating a dynamic passcode that is intrinsically linked to the specific data storage entity and the type of command being issued. Instead of a static password, it uses attributes of the target data, making the passcode context-aware and much harder to spoof or reuse incorrectly.

Why it matters

In enterprise data centers, managing vast amounts of storage is critical. Unauthorized changes to storage configurations, like deleting critical data or logical devices, can have catastrophic consequences. This patent provides a robust mechanism to prevent such accidental or malicious actions by adding an extra layer of security specifically for sensitive storage operations.

Real-world examples

  • 1.Enterprise storage management software
  • 2.Cloud storage control planes
  • 3.Data backup and recovery systems

Generated by PatentBrief · Not legal advice · patentbrief.org

US 10102356 · 2026