180 likes | 1.16k Views
Key Management System for RSBY Smart Card. Why with Smart Card ?. Basic purpose for induction of Smart Cards as RSBY card is to provide, Capability to store data on-board into the chip for field usage Capability to perform authentic field transactions
E N D
Key Management System for RSBY Smart Card National Informatics Center
Why with Smart Card ? Basic purpose for induction of Smart Cards as RSBY card is to provide, Capability to store data on-board into the chip for field usage Capability to perform authentic field transactions Providing correct entitlement details for service delivery Ease of handling Inbuilt mechanism to verify the authenticity of card after issuance, thereby checking the fake duplication
How above is achieved ? • Using intelligent processing capability of smart card. • Possible to run complex encryption algorithms on the chip. • Encryption technology is the basis of smart card security • Encryption technology requires complex mathematical algorithms and key for encryption. National Informatics Center
Key Management System KMS is the basic requirement for implementing Smart Card Security. It provides following • Establishing Authenticity of Card that verifies the authenticity of card at field. • Protection against un-authorized tampering of data which means provide a mechanism for card modification only by authorized agencies or persons. National Informatics Center
How KMS Works ? Authority Card Master Key Health Card Derived Key Random Data Encrypt Decrypt and Match Original Data Cryptogram Interface Device National Informatics Center
Three Tier Structure of KMS The KMS will consist of three levels of operation for generation and Management of Keys and related Cards:- • Central Key Generation Authority • District Key Manager • Field Key Officer • Issuer • Kiosk • Hospital National Informatics Center
CKGA District Level District level District Level FKO FKO FKO Hierarchy of Levels Issuer Hospital Kiosk RSBY Cards National Informatics Center
CKGA (Central Key Generation Authority)Parent Keys and Master Key Derivation C-NOC P1 P2 P3 P4 P5 MK1 MK2 MK3 MK4 National Informatics Center Master Key Cards
Central Key Generation Level • All Authority Cards are produced at Central Key Generation Level. • Any three trusted agents need to come together with Parent key cards in order to generate required type and numbers of Authority Cards. • It must be within MoL&E. • Custodian of Upper layers of Keys (Parent Keys) • Generation and Keeping • All Master Keys derived from Parent Keys shall be generated at CKGA • Physical Security of premise is required. • Ministry to appoint CKGA Nodal Officer. National Informatics Center
Master Key Cards • Generated at CKGA • Used for field operations • Issuance Card (MIC) • Kiosk Card (MKC) • Hospital Card (MHC) National Informatics Center
District Key Manager • Responsible for distribution of Master Key cards among various FKO’s within the district. • Maintains the database of all the Master Key cards issued. • Receive request for Master Key cards , personalize them and distribute it to various FKO’s • Sends request for fresh Master Key Cards to CKGA • Recharging of Master Issuance Cards, which have exhausted their issuance limit. • These processes also require a secure infrastructure for performing various KMS related operations. • Issuance of Master Key Cards • Modification of Master Key Cards • PIN Unblocking of Master Key Cards • Data Download from MIC Card for Cards issued. National Informatics Center
ISSUANCE OF RSBY CARD • Rashtriya Swasthya Bima Yojna Cards are generated with the help of Master Issuance cards (MIC). • is the ultimate point of usage of Master Issuance card for issuance . • FKO is the entity which is responsible for safe keeping and safe usage of these cards, while they are in use. • responsibility is to ensure and see to it that all the defined security guidelines are strictly being followed at the field by various trusted authorities which are using authority cards for various functionalities. National Informatics Center
Card Issuance at Field Key Derivation FKMA URN Master Key Health Card Derived Key beneficiary National Informatics Center
FKO (Field Key Officer)Issuance • Field Level KMS Authority • Must be part of Government • Performs the key Derivation at the Issuance of Card • Can performs authorized card modifications • Usage protected by PIN National Informatics Center
FKO (Field Key Officer)Hospital • Issued by DKM • Performs card Modifications authorized at Hospital • Usage protected by PIN National Informatics Center
FKO (Field Key Officer)Kiosk • Perform Kiosk Operations • Can Issue New Card • Can Modify existing Card • Usage similar to Issuance Card • Usage Protected by PIN • Can be programmed for Limited number of usage National Informatics Center
Thanks ! National Informatics Center