KOREAN / ENGLISH
SSenStone
  • About Us
  • Technology
    • OTAC
    • FIDO
  • Solutions
    • OTAC Solutions
      • OT Auth
        • - OTAC Trusted Access Gateway (TAG)
        • - Endpoint OTAC
        • - OTAC auth - MFA for PLCnext
      • Fin Auth
        • - TAP OTAC
        • - OTAC Holderless Card
        • - OTAC Dynamic Token
      • IoT Auth
        • - IoT Auth Platform OTAC
        • - Smart Building OTAC
        • - HomeNet OTAC
        • - Connected Car OTAC
        • - Drone OTAC
      • Access Auth
        • - Identity&Access Management OTAC
    • FIDO & mOTP Solutions
      • swIDch Auth
        • - swIDch Auth Package
        • - swIDch Auth SDK
  • Case Studies
    • Case Studies
      • Toss Bank
      • Kakao
      • A-Card Bank
      • E-Stamp : Indonesia
      • Milipass
  • News
    • News & Information
    • Blog
    • Video
  • Contact
  • 회사소개
  • 기술소개
    • - OTAC
    • - FIDO
  • 솔루션
    • OTAC solutions
      • swIDch: Fin Auth
        • - TAP OTAC
        • - OTAC Holderless Card
        • - OTAC Dynamic Token
      • swIDch: IoT Auth
        • - IoT Auth Platform OTAC
        • - Smart Building OTAC
        • - HomeNet OTAC
        • - Connected Car
        • - Drone
      • swIDch: Access Auth
        • - Identity & Access Management
    • FIDO & mOTP Solutions
      • - swIDch Auth Package
      • - swIDch Auth SDK
  • 적용사례
    • Case Studies
      • - Toss Bank
      • - Kakao Bank
      • - A-Card Bank
      • - E-Stamp : Indonesia
      • - Milipass
  • 회사소식
    • - News & Information
    • - Blog
    • - Video
  • 문의하기

OTAC Solutions

OTAC Trusted Access Gateway (TAG)

A powerful, unidirectional dynamic authentication solution that allows operating enterprises to directly control endpoint access in real time, without requiring PLC manufacturer support or firmware modifications.

In Operational Technology (OT), a breach does not simply result in data leakage; it leads directly to equipment malfunction, production downtime, and critical safety risks. Therefore, OT security must begin not at the network 'perimeter', but at the 'endpoint' where human interaction takes place.

Without modifying legacy infrastructure or control devices, the OTAC Trusted Access Gateway (TAG) delivers robust authentication and access control at the final touchpoint before control commands reach the PLC.

SSenStone OTAC Trusted Access Gateway (TAG) Overview Download

Robust Authentication with Zero Impact on Operating Environments

 

Leveraging a one-time  authentication code (OTAC) generated from a registered user device, this solution provides authentication fully optimised for OT environments.

 

                      • Eradicating Fixed Credential Vulnerabilities: By removing reliance on static passwords—which can be reused if intercepted—the risks of hacking and credential stuffing are entirely eliminated.

    • Eliminating Bi-directional Network Dependency: User terminals can generate dynamic authentication codes independently, even when offline or disconnected from the network. Without requiring a continuous bi-directional connection between the terminal and the server, authentication is performed by transmitting the generated code to the system in a unidirectional manner.

    • Air-Gapped Network Optimisation: Operates securely even within national critical infrastructure where external internet connectivity is severed, as well as in completely isolated OT air-gapped environments.

(EN) OTAC Trusted Access Gateway (TAG) Flow

How It Works

 

The OTAC Trusted Access Gateway (TAG) is flexibly deployed in front of endpoints without changing the configuration of legacy equipment, ensuring secure access control.

 

                        • Gateway Deployment: Positioned in an inline structure between the Client Agent and the OT endpoint requiring authentication.
      • Authentication Request: Upon executing an engineering application, the Client Agent requests Multi-Factor Authentication (MFA) via the user's registered device.
      • OTAC Generation: The user generates and enters a one-time, unidirectional dynamic authentication code (OTAC) from a registered personal medium, such as a smartphone app or smartcard.

      • Verification & Access Granted: The Gateway instantly verifies the entered OTAC and grants access only when the user is confirmed as authorised.

(EN) OTAC Trusted Access Gateway (TAG) Architecture

To implement a secure, endpoint-based authentication flow, the OTAC Trusted Access Gateway (TAG) organically integrates and operates with the following five components:

 

                        • OTAC Authenticator: A dedicated medium, such as a mobile app or smartcard, that identifies the user and generates the dynamic authentication code (OTAC).
                        • Client Agent: A client program installed on the user’s PC or workstation that displays a login pop-up and initiates the authentication process when engineering software is launched.
      • OTAC Gateway: Situated at the access point of the OT system to control (allow/block) user access in real time based on security policies.

      • OTAC Server: Authenticates the user by verifying the received OTAC, whilst managing overall security policies and collecting audit logs.

      • Admin Portal: An integrated management web interface providing functionalities such as user and authentication media management, security policy configuration, and access log monitoring.

Expected Benenfits

 

The OTAC Trusted Access Gateway (TAG) seamlessly applies to existing OT environments without complex system modifications, delivering true Zero Trust.

 

                        • No Modifications to Legacy PLCs and Infrastructure Required: A security layer can be added independently without replacing PLC equipment or requiring firmware modification support from manufacturers, drastically reducing deployment costs.
      • Endpoint-Based Access Protection: Identifies and controls users when accessing critical OT equipment—including PLCs, HMIs, RTUs, and DCSs—protecting vital assets from unauthorised operation.
      • Centralised Integrated Management: Enhances operational efficiency by centrally managing distributed user authentication, access rights authorisation, and authentication exception policies (whitelists/blacklists).

      • Unidirectional-Based Dynamic Authentication: Supports robust access control by utilising OTACs that are newly generated each time, making them impossible to intercept or share, unlike static passwords.

      • User-Based Audit Logs: Unlike conventional methods where user distinction was impossible, this provides audit logs containing clear user identification details and authentication histories, showing exactly who accessed which equipment.

Case Studies

Global Leading Energy Solutions Enterprise

By introducing the OTAC Gateway in a 1:1 inline structure at every local and remote access point of major control equipment, the enterprise established a secure PLC asset protection system that fundamentally blocks unauthorised access.

(EN) Global energy solutions manufacturer

① 1:1 Inline Deployment: Perfectly controls the access path physically by mapping a gateway directly to each individual endpoint device (1:1 ratio).

② Blacklist Policy Application: Demands robust user authentication selectively only for core equipment registered in the integrated Admin Portal.

③ User Privilege Management: Finely separates and controls access privileges to endpoint equipment based on external maintenance personnel or internal operators.

National Water Treatment Facility

Tailored to an infrastructure environment consisting of a headquarters and multiple remote operating sites, 1:1 and 1:N control structures were flexibly applied. A highly stable integrated access control environment was successfully realised through a redundant configuration for non-disruptive system operations.

(EN) National water treatment infrastructure 1_N
(EN) National water treatment infrastructure 1_1

① Local & Remote Access Path Configuration: Configured routing so that access is granted through the OTAC Gateway at each local and remote access authentication point.

② Gateway Redundancy: Applied an OTAC Gateway redundant configuration to guarantee non-disruptive system operations and a highly stable operating environment.

③ Blacklist Policy Application: Applied a policy to mandate user authentication only for endpoint devices registered in the integrated Admin Portal.

④ Tailored Access Control: Controlled user access based on 1:N or 1:1 models aligned with the site's legacy infrastructure configurations.

Global Regulatory Compliance-Ready

Compliance

■ IEC 62443: Directly supports compliance with FR1 (Identification and Authentication Control) and FR2 (Use Control) requirements, which form the core of the global Industrial Automation and Control Systems (IACS) standard.

■ NERC CIP: Restricts unnecessary remote access and completely controls unauthorised access to ensure compliance with North American critical infrastructure protection standards for power grids.

■ NIS2: Enables compliance with the European Union's strengthened cybersecurity directive regarding the introduction of Multi-Factor Authentication (MFA) and secure remote access control obligations.
■ Cyber Resilience Act (CRA): Applies control mechanisms to block unauthorised access in line with the EU digital product security act, providing access history and monitoring data for internal activities.

 

 By delivering the most definitive endpoint authentication without requiring network connectivity or firmware modifications, we support the implementation of a genuine Zero Trust-based security architecture demanded by industrial control environments. 



Contact Us

OTAC Algorithm Analysis and Academic Verification

report_otac_surrey univ

The University of Surrey, one of the leading global cyber security companies in the UK, conducted OTAC algorithm analysis and academic verification of SSenStone. For the full text of the thesis, please visit the University of Surrey website and download the report.

 

Univ. of Surrey Website
Download the Report

New Excellent Technology (NET) Certification Acquired

NET신기술인증-removebg-preview

SSenStone has received the NET Certification from the Ministry of Trade, Industry, and Energy for its "Individual IoT Device Authentication and Transmission Data Security Technology through Unidirectional Dynamic Authentication (OTAC)."

 

NET Website
Press Release

International Common Criteria (CC) Certification Achieved

국제CC인증_엠블럼 (png)

OTACTokenV1.0, the authentication solution based on the world’s first unidirectional dynamic authentication technology, OTAC, has earned the international Common Criteria (CC) certification. For more information, please refer to the press release.

 

ITSCC Website
Press Release

OTAC for Phygital Wins IR52 Jang Yeong-sil Award

IR52 logo

SSenStone's OTAC for Phygital has been awarded the 40th-week IR52 Jang Yeong-sil Award for 2024, hosted by the Ministry of Science and ICT. For more details, please visit the official IR52 Jang Yeong-sil Award homepage or the press release.

 

IR52 Website
Press Release

Insights

  • The Future of Financial Security in the Face of Phishing Attacks

    In recent years, financial security incidents, especially phishing attacks, have become a serious...

    Read more

  • How is ChatGPT addressing financial fraud?

    Last year, after giving birth, I hired a postpartum doula to help me. After trying out a few...

    Read more

  • Solving Voice Phishing and Smishing Security Issues: SSenStone's Personal Information Authentication Technology

    Today, I'd like to discuss a crucial financial security issue that affects us all, and explore the...

    Read more

  • Securing the Seas through Advanced Authentication Revolutionising Safer and Cleaner Shipping

    The maritime industry is undergoing a significant transformation, driven by the dual imperatives of...

    Read more

Contact Us

Improve your authentication environment and
make your service reliable with SSenStone!

Inquire now.

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)

Contact below if you have an urgent inquiry.

Korea Office (SSenStone)

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)

Tel : 02-569-9668  |  Fax : 02-6455-9668

im@ssenstone.com

UK Office (swIDch)

Floor 1, 3 More London SE1 2RE, United Kingdom

Tel : 020-3283-4563

info@swidch.com

SSenStone Inc.

서울특별시 동대문구 천호대로 329 (도이치모터스빌딩) 5층

T. 02-569-9668

F. 02-6455-9668

E. im@ssenstone.com

Sitemap  Privacy

Copyright© SSenStone Inc. All rights reserved.