NPNT or No Permission No Take-off is a mandatory compliance for all RPA’s in India defined by DGCA. This initiative to safeguard the skies is considered bold but an essential step, which has also been appreciated authorities from across the globe. It’s essential from a national security standpoint! Therefore different players from the Indian drone eco-system are trying to meet the compliance needs with the help of RFM providers in India.
Use of digital certificate in NPNT process makes the overall process IT Act compliant as per DGCA’s guidance manual. It is defined in section #1.4.7 in DGCA guidance manual. Section #5 of DGCA guidance manual expects rotation of key at RFM (Registered Flight Module) level at defined frequency. Therefore, the manual has defined two requirements.
- Digital Certificate Key Rotation Policy Management at Management Server.
- The frequency to generate new key is ideally once a day.
The process of key pair generation at RFM level i.e. at flight controller level requires exchange of keys between RFM and the management server. While management server is expected to be a part of IT infrastructure of the manufacturer or the RFM service provider.
If anyone intends to strictly adhere to the DGCA norms, then rotation of key should be done at-least once a day. In that case, the communication between RFM and management server must be a continuous process. When anything is required to be a continuous process, it means it can be offered by solution provider in the form or continuous service instead of one-time solution.
Even the Exhibit C i.e. High-Level Sequence Diagram on page #37 at section number #3.2 defines various roles of each entity to manage digital certificate infrastructure. See the below sequence diagram from DGCA user manual.
The sequence diagram given by DGCA clearly expects management server at manufacturer’s / RFM Provider’s IT infrastructure. The function of digital certificate management and key rotation policy has to be executed by management server. The communication flow is also clearly defined as below.
RPA (Drone) > Management Client (GCS) > Management Server > Digital Sky platform.
Although RPA can directly communicate with Digital Sky platform with the help of its private plus public key; but for the function of key rotation, management server is continuous requirement. Therefore, NPNT solution provider must provide NPNT Digital Infrastructure as Service to RPA manufacturer/owner. Always check if your NPNT solution provider is offering it as a seamless Service. If not, then it’s a concern for your business continuity. Get it corrected today.