Digital Identity Solutions

Foundational Identity System

A foundational identity system is a core Identity System built for national population. It manages identity information for general public and also provides identity proof for public and private services. This general-purpose identification system is to strengthen national development and can be used across multiple sectors. The providers of such identities are usually national governments looking for a means for their residents to prove who they are, for example through civil registries, identity cards, passports birth certificates, etc.

About MOSIP

Modular Open Source Identity Platform, abbreviated as MOSIP, is a robust and secure open-source platform for building foundational identity systems. It enables a country to build its own national Identity platform and provision unique digital identities for individuals and securely authenticate them.

Read more about MOSIP here: https://www.mosip.io/

Technoforte’s Expertise on MOSIP

Our expertise lies in the following areas:

MOSIP deployment in on-premises (bare metal) as well as on cloud
MOSIP end-to-end implementation
Accommodating customization needs
Full-fledged training (functional, technical, DevOps and security)
After-sales services
Developing SBI (Secure BioMetric Interface) for biometric hardware to make it MOSIP compliant
Efficiently handling SBI via management server and management clients
Integrating MOSIP for offline Authentication using cryptography
3rd party integration with MOSIP system (like ABIS, partner, helpdesk, print services, email, sms, etc.)

SBI Device Specification

MOSIP requires devices to capture biometrics information, which should adhere to a set of technical and compliance standards/protocols. We, at Technoforte, have developed Secure Biometric Interface (SBI) for biometric hardware to make it MOSIP compliant. We build APIs which interact between the bio hardware and MOSIP software.

Compliance with any biometric device
SBI for any biometric hardware for whitelisting the devices
Test and validate the compliance

Management Server and Management Client

Management client is the interface that connects the devices with the management server. The devices used in MOSIP are required to connect with the management server and get the device provider’s certificates digitally signed by the MOSIP national identity system for the country to use.

This communication between the management server and its management clients along with management server with MOSIP server is designed with scalability, robustness, performance, and security.

Key responsibility of a management server: To validate devices to ensure it is a genuine device from the respective device provider. This can be achieved using the device info and the certificates of the Foundational Trust Module .
Key responsibility of a management client is to communicate with the management server for auto-registering the bio devices in MOSIP system. Getting the device signed certificate from manager server so that registration client can capture bio metric data. Management client also checks for the expiry of the certificate and on a pre-defined time, rotates the keys for smooth and un-interrupted working .

Key Features:

Device validation: Validates the devices upon plugin
Automatic management client connection and handling: Automatically manage client and handles all the sub sequential tasks
Automatic registration of devices in plug and play model: Automatically registers devices in a hassle free way
Digitally signed communication with the management server: Digital signature in place for added security in the management server
High Availability: Ensures high availability in terms of scaling, usage, connectivity, and overall performance
HSM-based storage: Device encryption key management is supported by the management server through the Hardware Security Module (HSM).
Key rotation: Timely rotation of keys for additional security and reliability
Committed technical support: Solid technical support on need to need basis throughout the integration procedure
Easy upgrades: Guaranteed smooth and trouble-free up-gradation
Device Manufacturing Support: Designed to support both L1 and L2 devices during the manufacturing process
In-built Compliance: Regular inspection and auditing of the device management server to check for potential risks ensuring uncompromised security
Several Device Onboarding Options: Device onboarding options include one-time onboarding, device administrator’s access onboarding (device whitelisting), manufacturing administrator’s access onboarding (manufacturer whitelisting)
Economical cost: Offers flexible and affordable pricing structure
Streamlined and hassle-free Device Management: Ensures quicker device registration or de-registration, key rotation, connectivity, upgrades, etc.
Robust Firmware Security: HSM based storage in place which ensures the secure management of firmware for devices
API’s for Device Registration: API in place for registration or de-registration of devices
Device Application Change Management: Adheres to the UIDAI guidelines for device application change management
Device SDK provision: Technical assistance to make devices compatible with multiple platforms from Windows, Linux, Ubuntu, Windows, etc.
Safe API Integrations: Adheres to the UIDAI guidelines for safer API integrations
Device Key Management: A management server is in place to support device encryption key management through HSM
User-friendly Administration Portal: Easily comprehensible Admin UI making it easier to use and aids in monitoring the devices