{
  "patent_number": "US 10102356",
  "country": "US",
  "title": "Securing Data Storage Commands with Passcodes",
  "original_title": "Securing storage control path against unauthorized access",
  "summary": "This patent describes a system for securely executing commands on data storage systems by requiring a generated passcode, which is based on user authentication and specific storage entity attributes.",
  "what_it_does": "This patent details a method for protecting data storage systems from unauthorized actions. When a user wants to issue a command, like modifying or deleting data, they first provide their user ID and authentication info. If that checks out (like a password and a code from an app), the system generates a special passcode. This passcode isn't random; it's created using specific details about the storage system or the data being targeted, like its serial number or a snapshot ID. The user then sends their command along with this passcode. The storage system checks if the passcode is valid for that specific command and data, and only if it matches does it execute the command. This ensures that even if someone intercepts a command, they can't run it without the correct, context-aware passcode.",
  "what_it_does_not_cover": [
    "Commands that do not require a passcode because they are not part of a predefined subset of sensitive operations.",
    "Executing control commands without first successfully authenticating the user identifier.",
    "Generating a passcode that is not based on at least one attribute of the specific data storage entity being targeted.",
    "Using a passcode that has not been validated by the data storage system against the specific command and entity.",
    "Control commands that are not part of an 'allowable' set of operations defined by policies."
  ],
  "filed": "2016-03-09",
  "granted": "2018-10-16",
  "expires": null,
  "status": "active",
  "holder": "EMC IP Holding Co LLC",
  "holder_url": "https://patentbrief.org/company/emc-ip-holding-co-llc",
  "inventors": [
    {
      "name": "Adnan Sahin",
      "url": "https://patentbrief.org/inventor/adnan-sahin"
    },
    {
      "name": "Michael Specht",
      "url": "https://patentbrief.org/inventor/michael-specht"
    }
  ],
  "times_cited": 89,
  "tags": [
    "consumer_electronics",
    "software",
    "telecommunications",
    "semiconductors"
  ],
  "abstract": "Techniques are described providing secure authentication of control commands executed on a data storage system. A pass code may be generated in accordance with criteria in response to successful two-factor authentication of a user identifier. Providing a valid generated passcode may be required with a control command in order for a data storage system to execute the control command. The control command may be one of a subset of possible control command that may be performed with respect to storage entities, such as logical devices and snapshots thereof. In another embodiment, rather than providing a pass code, the two factor authentication information and user identifier may be provided with the control command whereby successful completion of two-factor authentication of the user identifier and two factor authentication information may be required in order to execute the control command.",
  "url": "https://patentbrief.org/patent/us/10102356/macos-dark-mode",
  "markdown_url": "https://patentbrief.org/patent/us/10102356/macos-dark-mode/md",
  "google_patents_url": "https://patents.google.com/patent/US10102356",
  "relatedPatents": []
}