MOSIP Secure Provisioning Server

NPrime provides hosted service to perform secure provisioning of biometric devices and FTMs (Foundational Trust Module) as required by MOSIP framework. The server is equipped with a FIPS 140-2 Level 3 compliant HSM, the server has APIs to remotely provision secure chips (FTM) with keys signed by FTM provider keys. End to end encryption over SSL. Can be configured to allow requests only from known hosts.

 

Secure Provisioning

Secure provisioning is applicable to both the FTM and the Device providers.

  • The devices and FTM should have a mechanism to protect against fraudulent attempts to create or replicate.
  • The device and FTM trust should be programmed in a secure facility which is certified by the respective MOSIP adopters.
  • Organization should have mechanism to segregate the FTM’s and Devices built for MOSIP using cryptographically valid and repeatable process.
  • All key creations need for provisioning should happen automatically using FIPS 140-2 Level 3 or higher devices. No individual or a group or organization should have mechanism to influence this behavior.
  • Before the devices/FTM leaving the secure provisioning facility all the necessary trust should be established and should not be re-programmable.

 

Specifications on MOSIP website: https://www.mosip.io/