Zero-trust cybersecurity enforcement in operational technology systems

Assignee

• Xage Security, Inc. · US

Inventors

• Roman M. Arutyunov · San Jose, US
• Vishal Gupta · Portage, US
• Ganesh Jampani · Gilroy, US
• Bao Q. Ngo · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/102
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In one embodiment, a method may implement a multi-layer cybersecurity model for a multi-layer distributed computer system which comprises a sensitive data resource, such as a computing environment with an operational technology (OT) layer with multiple zones, an information technology (IT) layer, a DMZ, and a cloud layer. The method can assess a policy based on a zero-trust model for the sensitive data resource. The method can receive one or more requests, at any layer of a multi-layer distributed computing system, to access the sensitive data resource and acquire identity information for a user account specified in the first request. The method can perform a multi-layer multi-factor authentication of the user account using the identity information and the multi-layer cybersecurity model. In response to authenticating the identity information, the method can acquire sensitive access data corresponding to the identity information. The method can determine a sensitive resource access value using the sensitive access data and the zero trust model. In response to determining the sensitive resource access value is above a predetermined threshold, the method can authenticate the user acc…