The Unique Identification Authority of India (UIDAI) has stepped up its Aadhaar security protocols after sustained lapses and criticism regarding the infrastructure.
An official statement said that the new processes are being introduced to strengthen privacy and security of Aadhaar numbers holders.
UIDAI has introduced a temporary Virtual ID (VID) for every Aadhaar number, which can be shared instead of the Aadhaar card number.
The Authority said that it will not be possible to trace an Aadhaar number from the temporary number (virtual id) that is issued. This VID can only be generated by the Aadhaar card holder and will be valid to avail of all services that require an Aadhaar number, for a limited amount of time.
Unlike the Aadhaar number, the VID will lapse after a fixed duration and will negate the fear of traceability.
Limited KYC The second provision that the UIDAI has introduced is a limited KYC (Know your customer) service. The official statement said that this does not return the Aadhaar number and only provides an “agency specific” unique UID token. This will eliminate many agencies storing Aadhaar numbers while enabling paperless KYC.
In order to do away with the possibility of an Authentication User Agency (AUA) misusing access to the Aadhaar database, UIDAI has decide to divide them into two categories, ‘Global AUAs’ and ‘Local AUAs.’
The AUA is an entity that provides Aadhaar Enabled Services to Aadhaar number holders, using the authentication as facilitated by the Authentication Service Agency. An AUA may be a government, public, or private legal agency registered in India that uses UIDAI’s Aadhaar authentication services and sends authentication requests to enable its services or business functions.
“Once this scheme is fully implemented, only Global AUAs will have access to e-KYC with Aadhaar number, while all other agencies will only have access to ‘Limited KYC,’” said the UIDAI statement.