The Reserve Bank of India (RBI) has taken several steps to enhance payment systems in India, with its cheque truncation system being one of the most notable projects. This cheque truncation system avoids physical cheque transfer— instead, it carries digital images of cheques among banks. The first cheque truncation system was implemented in the national capital region (NCR) in February 2008. However, this journey of cheque truncation system implementation has not been easy for RBI.
While RBI saw clear advantages in replacing the paper-based cheque systems, it was concerned about the security of digital images during the electronic transfer process used in cheque truncation systems. In order to address security issues, RBI decided to implement public key infrastructure (PKI)—a form of cryptography involving the use of asymmetric key algorithms—to secure the digital image flow in its cheque truncation system with digital signature and encryption.
PKI systems mainly help organizations to deploy and manage digital identities. They involve the generation of a mathematically-related key pair: a public key meant for public distribution, and a private key meant for the individual user. Any cheque image exchanged between banks using the cheque truncation system requires a digital signature (the public and private keys help banks to encrypt and decrypt these digital signatures).
Although RBI was sure about using digital signatures for protecting cheque images, it was apprehensive about the scale of the cryptographic and encryption requirements of its cheque truncation system. During peak hours, RBI needs to process about 6,00,000 cheques per hour using the cheque truncation system. This means that around 90 GB of data has to be continuously encrypted for digital signing.
Keeping these requirements of the cheque truncation system in mind, and after thorough evaluation of a few security vendors, the Institute for Development & Research in Banking Technology (IDRBT, established by RBI) chose Safenet's Luna series of hardware security modules (HSM). These are basically PCI cards which reside in the cheque truncation system's application server, and process all cryptography functions on the card.
"Software-based cryptography would not have worked in case of RBI's cheque truncation system, because you have to provide large amounts of digital signatures and encryption at any given time-frame. Besides, if you perform cryptography on a normal server, 90% to 100% of processing power will get diverted toward cryptography. HSM offloads all the cryptographic functions on the card, thus freeing the cheque truncation system's servers to perform other application processing." explains Ruchin Kumar, the principal solution architect of India & Saarc for Safenet. HSM also provides strong tamper-resistant storage for private keys and key management.
Let us now look at how the entire cheque truncation flow is protected through digital signatures. Every bank has to generate two pairs of keys, private and public. The bank needs to send its public key to certified authorities (in this case, the IDRBT), which acts as the verification agent to guarantee each user's identity by issuing digital certificates. This certificate contains information about the user's identity such as name and email address; it also specifies the certificate's date of issue, and the name of its certifying authority. The bank has to then distribute this digital certificate containing the public key to other banks, because it will be later required to verify the bank's digital signature.
Whenever a bank wants to send a cheque image for processing through the cheque truncation system, it needs to be digitally-signed using a private key to ensure non-repudiation. RBI has provided a clearing house interface (CHI) to all banks in the NCR region, which are equipped with Luna's HSM. The CHI of the presenting bank digitally signs (using the private key) as well as encrypts the cheque image and sends it to RBI's clearing house (CH). At the CH, this digital signature is verified using the public key (digital certificate) and the usual processing is done after decryption. After this, the CH again digitally signs and encrypts the cheque and sends it to the paying bank. Thus, before any cheque image leaves the premises of any bank or RBI, it has to be digitally signed for non-repudiation and integrity, and encrypted for confidentiality.
According to Kumar, implementing the PKI used in RBI's cheque truncation system called for creation of a huge number of digital signings per hour, encryption of data in fixed tenure, and complex key management for all participating banks (CHIs) and the central bank (CH). HSM addresses these requirements with 7,000 digital signings a second, faster encryption speed, and easy key management. Today, almost 65 banks in the NCR use this cheque truncation system, with a reduction in the time required for cheque clearance from three days to just a day. Cheque truncation system has brought several other advantages—faster collection of cheques resulting in enhanced customer service and cost savings, reduction in clearing-related frauds, and lesser reconciliation as well as logistics issues. Without a strong security backbone in the cheque truncation system, it may not have been possible to achieve such a large-scale and flexible operation. RBI is now busy rolling out the cheque truncation system in Chennai, which will also use the above security architecture.