UIDAI introduces new two-layer security system to improve Aadhaar privacy
|Days after newspaper report claimed breach in the Aadhaar database, the Unique Identification Authority of India (UIDAI) today released a 2-layer safety net — creating a Virtual ID and limiting Know Your Customer (KYC) – for the 12-digit biometric code.
The two moves will cover Aadhaar users from any breach.
Here’s how it works
Virtual ID will end any need to share your Aadhaar number at the time of authentication. This will be a 16-digit, randomly-generated number, which will be used for authentication instead of your Aadhaar number. Virtual ID, together with biometrics of the user would give any authorised agency like a mobile company, limited details like name, address and photograph, which are enough for any verification. It will not be possible to locate your Aadhaar based on this ID.
A user can generate as many Virtual IDs as he or she wants. The older ID gets automatically cancelled once a fresh one is generated.
The Aadhaar-issuing body will start accepting Virtual ID from March 1, 2018.
Whereas, limited KYC facility will provide agency-specific UID to eliminate agencies from storing your Aadhaar number. It will only provide need-based or limited details of a user to an authorised agency that is providing a particular service, say, a telco. This will allow agencies to do their own KYC without banking on your Aadhaar. Agencies will identify users with tokens.
For creation of virtual ID, users can go to the UIDAI website and generate Virtual ID, which will be valid for a defined period of time, or till the user decides to change it.
They can give this Virtual ID to service agencies along with the fingerprint at the time of authentication. Since the system generated Virtual ID will be mapped to an individual’sAadhaar number itself at the back end, it will do away with the need for the user to share Aadhaar number for authentication.
It will also reduce the collection of Aadhaar numbers by various agencies.
As per the UIDAI, agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf ofAadhaar holder.
From June 1, 2018 it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from their users. Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline will face financial disincentives.
UIDAI is instructing all agencies using its authentication and eKYC services to ensure Aadhaar holders can provide the 16-digit Virtual ID instead of Aadhaar number within their application.
The moves comes a day after an RBI-backed research note flagged some serious concerns about Aadhaar. A study by a think tank affiliated with the central bank said Aadhaar in its current shape is sitting duck for cyber criminals.
“Aadhaar faces a number of challenges over the short and long-term. The primary challenge is to protect the data from prying and excessive profit seeking excess of the business world. It is well-known that businesses are increasingly operating in a highly competitive world in which ethical boundaries are rapidly being pulled down. The problem is compounded because they have to satisfy their shareholders in a competitive business environment that rarely looks beyond the quarterly profits and the operational dynamics of stock market listing,” it says.
However, the paper said, cyber vulnerabilities of Aadhaar are a bigger concern than the possible commercial misuse of data. “In an era when cyber threats are frequent, the major challenge for UIDAI is to protect the data under its control since the biometrics is now an important national asset which has huge ramifications for various government programmes and the banking system.”
(Inputs from PTI)
Source : https://economictimes.indiatimes.com/news/economy/policy/uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy/articleshow/62442873.cms