UIDAI introduces two-tier security to shield Aadhaar data

A Virtual ID (VID) will be a temporary 16-digit random number mapped with the Aadhaar number.

January 10, 2018 04:06 pm | Updated November 28, 2021 08:16 am IST - New Delhi

In the wake of a report of an alleged breach of the Aadhaar database published in a newspaper last week, the Unique Identification Authority of India (UIDAI) has rolled out a new two-tier security process that will come into effect from June 1.

Aimed at eliminating the need to share and store Aadhaar numbers, the UIDAI has introduced the concept of a virtual ID, which an Aadhaar holder can use in lieu of his/her Aadhaar number at the time of authentication, besides sharing of ‘limited KYC’ with certain agencies.

“While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various agencies has heightened privacy concerns,” a Ministry of Electronics and IT circular said.

The move follows a report in The Tribune  that allegedly exposed a data breach in Aadhaar records.

 

A Virtual ID (VID) will be a temporary 16-digit random number mapped with the Aadhaar number. There can only be one active and valid VID for an Aadhaar number at any given time and it will not be possible to derive the Aadhaar number from VID, the circular said.

The VID authentication will be similar to using Aadhaar numbers. However, since a VID is temporary, agencies will not be able to use it for de-duplication.

Only a Aadhaar holder can generate a VID

Only the Aadhaar holder will be able to generate a VID and no other entity, including authentication user agencies (AUAs), can do it on their behalf. “While VID allows Aadhaar number holders to avoid sharing Aadhaar number, storage of Aadhaar number within various databases also needs to be further regulated,” the circular said.

To address the issue, the UIDAI has brought in the concept of limited KYC. It has categorised its AUAs into Global AUAs and Local AUAs wherein the latter will get access to only need-based or limited KYC details. AUAs, which by law are required to use Aadhaar number in their KYCs, will be categorised as Global AUAs and have access to Full e-KYC and the ability to store Aadhaar numbers within their system.

“Once storage of Aadhaar number is restricted and since VID is temporary, agencies need a mechanism to uniquely identify their customers within their system,” the circular said. For this, a 72 character alphanumeric ‘UID Token’ will be generated for “system use”.

“UID token allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store Aadhaar number in their databases,” the notification stated.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.