PSU CaseStudy
National Skill Development Corporation Implements JISA’s Aadhaar Data Vault and Encryption Solution connected to HSM for Encryption Key Management
The Organisation
National Skill Development Corporation (NSDC) is a not-for-profit public limited company incorporated on July 31, 2008 under section 25 of the Companies Act, 1956 (corresponding to section 8 of the Companies Act, 2013). NSDC was set up by Ministry of Finance as Public Private Partnership (PPP) model. The Government of India through Ministry of Skill Development & Entrepreneurship (MSDE) holds 49% of the share capital of NSDC, while the private sector has the balance 51% of the share capital.
NSDC aims to promote skill development by catalyzing creation of large, quality and for-profit vocational institutions. Further, the organisation provides funding to build scalable and profitable vocational training initiatives. Its mandate is also to enable support system which focuses on quality assurance, information systems and train the trainer academies either directly or through partnerships.
The Business Challenge
Being a training institution, NSDC manages large amount of candidates who are registered with NSDC and existing student data across India. It includes their PII (Personally Identifiable Information) data, Aadhaar number etc. PII data consist of sensitive information like name, address, birthdate, pincode of candidates and students. This data would be collected and stored in their system in plain text format i.e. in unencrypted format. If there is accidental disclosure of personal data or unauthorized person access the data, it would lead a serious data breach. This not only risks harm to the individuals but also strict penalties.
To ensure the security of this sensitive data, NSDC wanted to store the data in encrypted format in a secure vault. This will eliminate the risk of data breach and store student’s data in a secure vault. Only authorized person can have access if a data is stored in a secure vault.
As per UIDAI regulations, Aadhaar Numbers and any connected Aadhaar data (e.g. eKYC XML containing Aadhaar number and data) shall be stored in a separate secure database or vault called Aadhaar Data Vault
To store the PII data and Aadhaar number in a secure vault, key management is a necessary part. Hence the secure vault should be connected to HSM to protect and manage encryption keys
The Solution
JISA’s CryptoBind SecureVault (J-Vault Aadhaar Data Vault, Vaultbased Tokenisation) is the complete software package that is needed to implement secure Data Vault within the organisation. It allows applications to tokenise and replace sensitive data with token values. In order to address business challenge and considering the security of sensitive data, JISA has developed this solution that will help agency for specific purposes under Aadhaar Act to easily implement an encrypted Aadhaar Data Vault to securely store Aadhaar number and e-KYC data and subsequently encrypt sensitive data.
It exposes SOAP/ REST API to directly and securely store the Aadhaar number and sensitive PII data in a Data Vault using the Tokenization method. The package supports database encryption for data protection connected to HSM.
Hence CryptoBind SecureVault has been deployed to encrypt the sensitive PII data, Aadhaar Number and store them in secure vault with tokens/reference key. The CryptoBind SecureVault is connected to HSM to manage necessary encryption keys required to encrypt the data in the vault.
ADV Admin Portal is hosted on client location which works in sync with tokenization engine services. It facilitate various operation like User Access Control and Management, Application Onboarding, Key Management, Token Management, Policy Management, ADV Instance Configuration for Tokenization or De-Tokenization.
The Result
Compliance with Aadhaar Regulation
With the help of this solution client product is complying with the Aadhaar guidelines issued by UIDAI
Reduce risk of data breach
Tokenization replace sensitive PII data, Aadhaar number with random string i.e. ‘Token’ which has no meaningful value. Even if a hacker tries to access this token, he cannot access sensitive data. This in turn reduces risk of data breach.
Ease of Implementation
Due to RESTful APIs, the solution can be swiftly integrated with existing products. Tokenization preserves data format and compatibility with existing applications and database schemas.
Audit Trails
Audit trails are securely stored for non-repudiation. Full auditing of all user access and client application operations
Alerts
Unauthorized Access Alerts
About JISA
JISA is a young Information Technology company providing various Authentication products and Solutions.
All our Public Key Infrastructure(PKI) & Cryptographic solutions are sold under brand name CryptoBind®. With strong core competencies in Cryptography and PKI, JISA offers solutions built around Public Key Infrastructure (PKI), the framework that brings confidentiality, authentication, privacy, and non-repudiation.
“JISA has an entire range of software applications based on cryptographic algorithms and protocols”
