Govt moves to firewall Aadhaar with 16-digit virtual ID, token, limited KYC

In its latest circular, the UIDAI said that the VID will be a 16-digit number that can be used in place of the Aadhaar number “to avoid the need of sharing of the Aadhaar number at the time of authentication”.

By: Express News Service | New Delhi | Updated: January 11, 2018 5:39 am
Govt moves to firewall Aadhaar with virtual ID, token, limited KYC The parent body of the Aadhaar project has also brought in Limited KYC (Know Your Customer) and UID Tokens, in an attempt to assuage privacy and security concerns about Aadhaar numbers being used and stored by many public and private entities. (Picture for representational purpose)

INTRODUCING ONE of the most significant changes since its inception, the Unique Identification Authority of India (UIDAI) has added another layer of protection on the use of Aadhaar as proof of identity. The UIDAI said Wednesday that it has introduced Virtual IDs (VID) that Aadhaar holders will be able to generate for a temporary period and can use in place of Aadhaar numbers to validate their identity. This temporary number, like an OTP, will be valid for a particular time period decided by UIDAI, unless revoked and replaced by the Aadhaar holder.

The parent body of the Aadhaar project has also brought in Limited KYC (Know Your Customer) and UID Tokens, in an attempt to assuage privacy and security concerns about Aadhaar numbers being used and stored by many public and private entities. The new measures, which will be introduced by March 1, will provide up to two layers of firewalls between the Aadhaar-holder and authentication agencies from getting access to an Aadhaar number. All authentication bodies must fully migrate to the new system by June 1.

The latest move comes at a time when the UIDAI is facing criticism for registering an FIR against a reporter of The Tribune for a report claiming that unknown agents had provided access to Aadhaar’s demographic database for Rs 500. The UIDAI had denied that its “Aadhaar biometric database” had been breached. In its latest circular, the UIDAI said that the VID will be a 16-digit number that can be used in place of the Aadhaar number “to avoid the need of sharing of the Aadhaar number at the time of authentication”. This, UIDAI said, will reduce the collection of Aadhaar numbers by various agencies.

The VID will be a temporary number “mapped with the Aadhaar number”. The UIDAI said it will not be possible to derive the Aadhaar number using a VID. For any given Aadhaar number, there will only be one active VID at any given time; the Aadhaar-holder will be able to revoke or generate a new one after a maximum validity period. Since the VID will be temporary, the UIDAI said, it can’t be de-duplicated, nor will authentication agencies be able to generate one on behalf of the Aadhaar-number holder.

The options to generate, retrieve or replace VIDs by the holder of an Aadhaar number will be available through UIDAI’s portal, enrollment centers, Aadhaar’s mobile app, etc. Additionally, to “regulate” the number of agencies where Aadhaar is required and stored as a proof of identity to avail services, the UIDAI has introduced the concept of Limited KYC. It will divide the Authentication User Agencies (AUAs) into two categories: Global AUAs and Local AUAs. Only agencies whose services require them to store the Aadhaar number as per law will be qualified as Global AUAs and allowed to do so. Local AUAs will only be allowed Limited KYC and will not be allowed to store the Aadhaar numbers.

The UIDAI will issue “agency specific UID Tokens” to Local AUAs, which will help them identify customers. UIDAI said it will “reserve the right to determine, in addition to UID Token, what demographic fields need to be shared with the Local AUAs depending upon its need”. A UID Token will be specific to the authentication agency and the Aadhaar number. To authenticate the identity of a beneficiary, the UID will provide a unique token for a particular Aadhaar number, which will remain same for that number for one particular authenticating entity. For any other authentication body, the UID Token for the same Aadhaar number will be different.

The UID Token, the Aadhaar-issuing body said in the circular, “allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store the Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy substantially”. Global AUAs can store Aadhaar numbers and will also be provided UID Tokens for each Aadhaar number in response to any e-KYC request, which they can use as per their need to authenticate.

All the authentication agencies have been asked by UIDAI to update their systems to allow for VID, UID Tokens and Limited or Full KYC services, depending on their categorisation.

How govt plans to secure aadhaar

Virtual ID (VID): A 16-digit temporary number, similar to an OTP, can be used instead of Aadhaar number. This can be generated, retrieved, revoked or replaced through UIDAI’s portal, mobile app, enrolment centres, etc.

UID Token: For an authentication request by agencies, UIDAI will send a UID Token. The token for a specific Aadhaar number will remain the same for a specific agency but will be different for different entities.

Limited KYC: UIDAI will decide if an organisation needs to store Aadhaar numbers. Those allowed to do so will be called Global AUAs (authentication agencies). Others, known as Local AUAs, will use UID Tokens.

For all the latest India News, download Indian Express App

  1. Phool Babu Sharma
    Jan 11, 2018 at 8:01 am
    Village Post-M.Sinuara Ps- Bahadurpur
    (0)(0)
    Reply
    1. .
      Jan 11, 2018 at 5:42 am
      Virtual ID will not change anything: goo.gl/tkJSct What is needed is a simple, effective iden y system using chip-enabled smart-cards. But since vested interests will not gain much by way of returns from a such a system, one can be sure that the Modi government will never consider it. One wonders if even a massive data breach of sensitive Aadhaar data which is dumped on the internet will wake up the government from its deep slumber and make it see reason.
      (10)(0)
      Reply
      1. Karan Mehra
        Jan 11, 2018 at 3:39 am
        Adhar and state sponsored genocide.. people can be sitting ducks.. and yes govt may change. It can be Kannada Tamil, bemgalee Assamese, Marathi Gujarati or Hindu Muslim, n for bhakts govt change it will sooner or later. Don't put next generation under strees
        (14)(0)
        Reply
        1. M.R. Krishnan
          Jan 10, 2018 at 10:51 pm
          Many people don't' just understand what is all about the hue and cry over this privacy business as if they are living in an isolated island far from the universe. Everybody has to remember that majority of the people in India, privacy like Hinduism-Hindutva or secularism communalism, are not issues at all and privacy may be a major issue only for the people who have committed something unlawful or crime or something to hide or for mere pleasure of opposing the Government in place. The Opposition parties have to remember that they will also face the same fate when they come to power and nobody can run a democratic Government if every move even if good for the nation is opposed just for the sake of opposition. There are sure inadequacies in implementation but you do not throw out the baby with the bath water. Every country in the world has some sort of national ID which has to be kept in mind by those who wish the welfare of the nation. Krish
          (0)(37)
          Reply
          1. Karan Mehra
            Jan 11, 2018 at 3:40 am
            Looks like u have blind trust in our politicos
            (29)(0)
            Reply
          2. Mehrotra Rajendranath
            Jan 10, 2018 at 10:27 pm
            1st of all,as the saying goes "If anything can go wrong,it will" and no one can stop them from going wrong.It's different matter that no one would know,WHEN. 2ndly there is nothing like "ZERO" defect in this world but according 2 the law of probability it can be 1 in million/billion or trillion but it is bound 2 fail. 4 example passenger and other aircraft's R though designed for "Zero defect" aim but they still fail. So, Govt should find out a back up and Safety mechanism considering Safety of Individuals, so that in case things go wrong,individuals DO NOT STAND 2 LOSE ON ANY ACCOUNT and in such a situation,it should B the sole responsibility of UIDAI and central govt. as they only R forcing individuals 4 AADHAR and other such measure. Already likning of AADHAAR with different agencies is cause of a trouble 4 individuals and specially 4 Sr. Citizen who R being forced 2 run from pillar 2 post. Another step of Security number plates in Vehicles is also is as good as harassment.
            (37)(0)
            Reply
            1. Load More Comments