Follow Us:
Friday, December 03, 2021

Assuaging privacy concerns, UIDAI restricts use of Aadhaar numbers

The options to generate, retrieve or replace Virtual IDs by the holder of an Aadhaar number will be available through UIDAI's portal, enrolment centers, Aadhaar's mobile app etc.

Written by Krishn Kaushik | New Delhi |
Updated: January 10, 2018 9:21:11 pm
Virtual ID: UIDAI's attempt to curb rising privacy concerns The Virtual ID will be a temporary 16-digit number which will be mapped to a person’s Aadhaar. (Express Photo)

The Unique Identification Authority of India has introduced one of the most important changes since its inception regarding the use of Aadhaar as an identification proof of a person. To restrict the usage of Aadhaar number it has introduced Virtual IDs (VID), which any Aadhaar holder will be able to generate for a temporary period and can use in place of the Aadhaar number to validate her or his identity. The parent body of the Aadhaar project has also brought in Limited KYC (Know Your Customer) and UID Tokens, in an attempt to assuage the privacy and security concerns as the Aadhaar numbers were being used and stored by many public and private entities.

In a circular issued on Wednesday, the UIDAI described how the VID will work. It will be a 16-digit number that can be used by an Aadhaar-holder in place of the Aadhaar number “to avoid the need of sharing of the Aadhaar number at the time of authentication”. This, UIDAI said, will reduce the collection of Aadhaar numbers by various agencies.

The VID will be a temporary a 16-digit random number “mapped with the Aadhaar number”. The UID said the VID will not be able to derive the person’s Aadhaar number. For any given Aadhaar number there will only be one active VID at any given time, further it can be revoked or a new one can be generated after a maximum validity period by a person who holds that Aadhaar number. Since it will be temporary, the UIDAI said, it can’t be de-duplicated, nor will agencies be able to generate a VID on behalf of the Aadhaar-number holder.

The options to generate, retrieve or replace VIDs by the holder of an Aadhaar number will be available through UIDAI’s portal, enrolment centers, Aadhaar’s mobile app etc.

Additionally, to “regulate” the number of agencies where Aadhaar number is required as a proof of identity, and stored, to avail services, the UIDAI also introduced the concept of Limited KYC. It will divide the Authentication User Agencies (AUAs) into two categories: Global AUAs and Local AUAs. Only agencies whose services require them to store the Aadhaar number as per the laws will be qualified as Global AUAs and allowed to store the Aadhaar numbers.

Rest, the Local AUAs will only be allowed Limited KYC and will not be allowed to store the Aadhaar numbers. The UIDAI will issue “agency specific UID Tokens” to Local AUAs, which will help them identify their customers. UIDAI said it will “reserve the right to determine, in addition to UID Token, what demographic fields need to be shared with the Local AUAs depending upon its need”.

The UID Token will be agency- and Aadhaar number-specific. To authenticate the identity of a beneficiary the UID will provide a unique token for a particular Aadhaar number, which will remain same for that Aadhaar number but only for that particular authenticating entity. For any other authentication body the UID Token for the same Aadhaar number will be different. The UID Token, the Aadhaar-issuing body said in the circular, “allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store the Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy substantially”.

Global AUAs, while allowed to store the Aadhaar numbers will also be provided UID Tokens for each Aadhaar number in response to any e-KYC request, which they can use as per their need to authenticate.

All the authentication agencies have been asked by UIDAI to update their systems to allow for VID, UID Tokens and Limited of Full KYC services, depending on their categorisation. The agencies must update their systems so that the new system can be implemented by March 1 and all authentication bodies must fully migrate to the new system by June 1.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest India News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by