Overview

This case study highlights NuSummit’s Registered Device Management solution for biometric devices. The platform supports multiple customers, a wide range of device models, and PCH-certified chips, ensuring secure, compliant, and scalable device operations.

Introduction

A national digital identity system was created to issue unique identification numbers to residents. The identity system had to be:

(a) robust enough to eliminate duplicate and fake identities, and
(b) verifiable and authenticable in an easy, cost-effective way.

Authentication is the process wherein an identity number, along with demographic and/or biometric data, is submitted to the central identity platform to verify whether the information matches the data stored in the system.

The Business Need

Our customers are global leaders in digital security, identification technologies, biometrics, and identity solutions. Their product portfolios span digital payments, biometric authentication, and financial access solutions designed to make secure identity verification seamless and affordable.

To support biometric authentication, end users must rely on a certified biometric device paired with a Registered Device (RD) service application. The RD service running on the host machine manages the biometric device and must fully comply with strict security and operational policies defined by the client.

Ensuring device security and maintaining the full device lifecycle became a critical priority. Devices interacting with the identity authentication servers must be authenticated, authorized, and properly registered to safeguard sensitive end-user data and maintain integrity.

Device manufacturers and chip providers needed a highly scalable, highly available platform capable of securely managing millions of devices while enforcing all mandated compliance requirements. This infrastructure had to ensure robust security, consistent performance, and seamless lifecycle management across a diverse, and distributed device ecosystem.

The NuSummit Solution

NuSummit Cybersecurity delivered a fully managed SaaS-based IoT management platform, RDM (Registered Device Management), to support the secure registration and lifecycle management of Aadhaar-registered devices. The platform is designed to meet all stated requirements and supports both L0 and L1 Aadhaar device specifications. Key capabilities include:

• Management of 2 million devices across 10 leading device manufacturers.
• Secure API integrations enabling protected communication between devices and backend systems.
• Firmware personalization and secure downloads for both devices and chips.
• Highly available, scalable infrastructure to support large, distributed device deployments.

Management Server for Device Management – A secure server equipped with protected APIs that interface with the device RD service to authenticate devices before they communicate with authentication servers. The system automatically blocks any unauthorized or suspicious devices, ensuring only trusted endpoints can transact with the ecosystem infrastructure.

Secure Signing and Firmware Management – A secure firmware encryption and signing service for both biometric devices and chips with signing, encryption, and maintenance using HSM-protected keys.

Chip Provisioning – A system that provisions a unique identity for each chip (Chip Identity Service) embedded in registered biometric devices, ensuring compliance with PCH certification standards.

Secure Communication Between Device and Authentication Server – Secure API integrations enable device registration, deregistration, and whitelisting, ensuring that only authenticated and approved devices can interact with the system. This prevents unauthorized or unregistered devices from accessing or exchanging data with the authentication infrastructure, thereby protecting the ecosystem from exposure and misuse.

L0/L1 Compliance Adherence – The client mandates stringent security and key-management policies, including the use of a certified HSM to securely store cryptographic keys on the server. These requirements are categorized under L0 and L1 compliance for device and chip management. A secure management server must ensure complete adherence to these compliance standards and enforce them consistently.

RDM is a feature-rich, scalable, secure, and high-availability service.

Solution Highlights

• Administration Portal – A customizable role-based portal to manage devices, monitor costs, and administer registered device activities.
• Secure API Integrations – Enables safer API integrations with devices as per specifications.
• Device Key Management – A management server to support device encryption key management through the Hardware Security Module (HSM).
• Monitor Telemetry Data – The management server can also monitor devices and telemetry data for the devices.
• Device Application Change Management – Supports device application change management as per guidelines.
• Device SDK Support – Supports multiple platforms, including Linux, Windows, and Android. Technical support to integrate with a fully developed RD service source code to ensure faster turnaround time. Two environments (Stage, Prod) for developers to test various possibilities before going live.
• APIs for Device Registration/ Deregistration – The management server can facilitate the API process to register and deregister devices.
• Robust Firmware Security – SaaS-based model ensures secure signing, encryption, and maintenance of firmware for L1 devices. The signing keys are securely managed and stored in a physical HSM.
• Chip Provisioning – SaaS-based chip provisioning services for L1 devices, such as chip identity, firmware personalization, and download for chip manufacturers.

Benefits and Outcomes

• NuSummit Cybersecurity’s RDM platform currently supports more than 2 million devices and is growing, for leading registered L0 and L1 device manufacturers
• An easily implementable solution with minimal turnaround time and an option for private cloud setup for enterprise customers.
• High-availability telemetry API to post device events to the management server.
• Fully functional custom dashboards with drill-down capabilities to give deeper insights into biometric device details that helped customers to manage the various devices connected to various host machines (Windows, Linux, Android) deployed across large geographical regions.
• SDKs are continuously updated with bug fixes, enhancements, and new policy changes from the ecosystem authority.