Two tier shield for Aadhaar data

Posted on Last modified on Comments
"0"
Views 0

ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.

Two tier shield for Aadhaar data

Context

In the wake of reports of an alleged breach of the Aadhaar database published in a newspaper last week, the Unique Identification Authority of India (UIDAI) has rolled out a new two-tier security process that will come into effect from June 1

What has been done?

Aimed at eliminating the need to share and store Aadhaar numbers, the UIDAI has introduced the concept of a virtual ID which an Aadhaar holder can use in lieu of his/her Aadhaar number at the time of authentication, besides sharing of ‘limited KYC’ with certain agencies

What is a virtual ID?

  • Temporary number: A Virtual ID (VID) will be a temporary 16-digit random number mapped with the Aadhaar number
  • Only one active VID: There can only be one active and valid VID for an Aadhaar number at any given time and it will not be possible to derive the Aadhaar number from VID
  • De-depulication not possible: The VID authentication will be similar to using Aadhaar numbers. However, since a VID is temporary, agencies will not be able to use it for de-duplication
  • Only the Aadhaar holder will be able to generate a VID and no other entity, including authentication user agencies (AUAs), can do it on their behalf

Backdrop

The move follows a report in The Tribune newspaper that allegedly exposed a data breach in Aadhaar records

Other issues

While VID allows Aadhaar number holders to avoid sharing Aadhaar number, storage of Aadhaar number within various databases also needs to be further regulated

  • Limited KYC concept: To address the issue, the UIDAI has brought in the concept of limited KYC. It has categorised its AUAs into Global AUAs and Local AUAs wherein the latter will get access to only need based or limited KYC details
    • AUAs, which by law are required to use Aadhaar number in their KYCs, will be categorised as Global AUAs and have access to Full e-KYC and the ability to store Aadhaar numbers within their system

UID token

Once storage of Aadhaar number is restricted and since VID is temporary, agencies need a mechanism to uniquely identify their customers within their system

  • For this, a 72 character alphanumeric ‘UID Token’ will be generated for “system use”
  • UID token allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store Aadhaar number in their databases
Print Friendly and PDF
Blog
Academy
Community