Historically, a computer can make a request to access a remote electronic device (e.g., data storage device) over a communications connection, such as a channel, local area network (LAN) or internet protocol (IP) network, such as the Internet. The access request can be to obtain services and/or data by interacting with a software application on the remote device. Alternatively, the access request can be a request only to access data stored on the remote device (e.g., read or write data stored on a disk within a remote data storage device). The remote device can have a security mechanism to prevent access by unauthorized users (e.g., hackers) to the remote device. One conventional approach is for a user of a device to log into the device by providing a user identification (ID) and password. For example, when an individual uses an automatic teller machine (ATM), the individual must insert an ATM card with an electronically encoded version of the individual's account number and manually provide a password. Then the individual can make a transaction (e.g., withdraw money) which in turn results in a change to the individual's data records for their bank account, which typically reside in a data storage device that is remotely located from the ATM.
Alternatively, a software application can seek access to the remote device without the direct involvement of a human user, for example, by providing a password on behalf of the user to the remote device. For example, the user wishes to use a local client (e.g., client application executing on the client's personal computer) to access a remote application (remote software application executing on a remote server). The user can indicate a desire to access the remote software application to the local client, which then sends a password previously entered by the user to the remote application. Thus, the user can then gain access to the remote application without typing in a password every time the user wishes to gain access to it.
One example of such an approach is the Kerberos system, an authentication system developed by the Athena Project at the Massachusetts Institute of Technology. In this system, a user enters a password into a local computer at the beginning of the day that provides access to one or more remote software applications. The user's computer transmits the password to an authenticating computer that then returns a Kerberos ticket that is valid for a period of time (e.g., 24 hours). Later in the day, if the user wishes to access one of the remote software applications requiring the password, the user indicates a desire to do so to his/her local computer, and the local computer transmits the ticket to the remote software application, which provides access to the remote software application.
In another conventional approach, a dedicated channel connects two electronic devices (e.g., over a cable connecting the two electronic devices). For example, a host computer makes a request to access data in another a data storage device by sending a command over the channel (e.g., to read data). The host computer usually does not use a password, because the channel is typically based on a direct physical connection between the host computer and the data storage device and is secure unless the physical connection is compromised (e.g., a hacker has direct access to the cable to tap or monitor communications over the cable). One known approach for channel communications is SCSI (Small Computer System Interface) based on a high speed interface for transferring device-oriented, block access commands between electronic devices (such as computers and data storage devices).