US Patent 10102356 Securing storage control path against unauthorized access

Techniques are described providing secure authentication of control commands executed on a data storage system. A pass code may be generated in accordance with criteria in response to successful two-factor authentication of a user identifier. Providing a valid generated passcode may be required with a control command in order for a data storage system to execute the control command. The control command may be one of a subset of possible control command that may be performed with respect to storage entities, such as logical devices and snapshots thereof. In another embodiment, rather than providing a pass code, the two factor authentication information and user identifier may be provided with the control command whereby successful completion of two-factor authentication of the user identifier and two factor authentication information may be required in order to execute the control command.