The definition of an RFM (Registered Flight Module) provider can be found in DGCA guidance manual in section #1.3 at page #34. As per DGCA, Registered Flight Module Provider is used to refer an RPAS manufacturer or any agency who has partnered with the drone manufacturer to manage digital certificates and related software/security aspects of the registered flight module.
Let’s understand it in detail.
A primary and the most critical role in NPNT is of the RFM provider. It’s the RFM that ensures an RPA system to comply with the NPNT requirements set by DGCA.
The role of RFM provider is most vital to manage digital certificates for your RPA. Digital Key pair management is done at below levels.
- RFM – At RFM mounted on an RPA, it is necessary to manage certificates digital keys. The activity of signing and encrypting/decrypting data is done at RFM. If an RFM offers level 1 compliance, means the digital keys are managed within firmware (flight controller software) of an RPA. If the keys are managed outside the firmware of an RPA, it is less secure. And less security means possibility of hacking the RPA. Whereas, if an RPA is level 1 compliant, it is one of best secure RPA’s.
- Management Client (GCS) – It is important to manage few functionalities of keys like rotation of keys, checking of keys at the management client. Management client means the GCS (Ground Control Software) which is used for mission planning of RPA.
- Management Server – All functionalities of digital certificate management, key rotation policy management, key generation, key transportation to RFM are done at the management server. Under no circumstances can it be at the RPA. It is part of IT infrastructure of manufacturer or RFM provider.
Core Functionalities expected from an RFM:
- RPAS Identification (Drone ID)
- Verifying authenticity of the Permission Artefact
- Provide information of Time and Location bound restrictions to Flight Controller
- Collect Flight Logs
- Send Flight Logs to Digital Sky
All of this is achieved using Digital Certificate which sits at the core of the entire NPNT process. Therefore, the service providers for digital certificate management becomes an important entity in overall process of NPNT. If NPNT solution provider is offering any solution where digital certificate management is not done, it means it is not only non-compliant but dangerous too for RPA owner/manufacture’s business.
Same has been addressed by DGCA in the guidance manual section 1.4.7. Therefore, the service providers who manages the digital infrastructure for your RPA plays vital role in overall RPA system. So choose wisely!