AADHAR: India’s new unique identification system
The Indian government’s plan to implement a unique identity code for each Indian citizen is finally showing some results as the Unique Identification Authority of India (UIDAI) has released a API specification for how identities would be authenticated with different agencies using a central database.
For those who are unaware of the UIDAI’s purpose, it is a to “develop and implement the necessary institutional, technical and legal infrastructure to issue unique identity numbers to Indian residents.“
With a unique identity number assigned to each citizen, establishing and authenticating the identity of any individual will become much easier. Currently multiple identity documents are required for different government services. Most people have a ration card, a drivers licence, a passport, a PAN card etc. and each one has the basic requirement, that we need to authenticate our identity before we can avail of the documents and the services attached to it. With a unique ID, and a means to authenticate that ID, this workflow would become much simpler.
The new unique identity system, named AADHAR, has been unveiled and we now have an idea of how it will work. The AADHAR system will work by establishing one’s identity using the AADHAR code, and any combination of biometric identification, such as fingerprint or retina scans. In fact they don’t even intend to issue cards for the UID just a letter with the number on it, although cards could be created, but the verification of identity will be done online, and the card will just be a convenient place to keep the number.
When talking of a central database containing each and every one’s personal details, privacy concerns are sure to arise. The system developed with AADHAR is such that it prevents such abuse. The AADHAR API does not expose any way to access some one’s personal details from the UID code; instead it merely allows authenticates the details you do provide against the central database to establish an ID. It will merely give a “Yes” or “No” response.
How this would work is that one would need to provide their AADHAR ID to the agency with which you need to establish your ID, this could be a bank where you are opening an account, or a government service you are registering for, such as a driving card. Using your UID and biometric data (fingerprint / retina scan etc.) captured on the device installed at such locations, the agency (bank, ration card office etc.) will be able to verify the details you provide.
Scenario:
You go the bank to open an account. You provide them your AADHAR number, your address and other details as required by the bank. The bank enters all these details into the AADHAR terminal, captures your biometric details, and submits it to the AADHAR server. The AADHAR server then responds with a simple “Yes” or “No” as to whether the details you have entered are correct or not.
You need not provide any address “proof” in the form of a document, merely mention the same address as the one registered at the UIDAI. Unfortunately currently UIDAI claims that the authentication mechanism uses strict matching, not fuzzy matching. This could create problems for matching details such as addresses, as those usually have greater leeway for differences. The system will also support additional extended means of authentication such as “static” PINs and “dynamic” PINs. A static PIN would be a PIN code not unlike an ATM PIN code which could be used to provide additional authentication. A dynamic PIN on the other hand would be code generated at server-end and the sent to the user as an SMS on their cellphone.
The ID number itself has been carefully designed by keeping in mind the different schemes used across the world. The UID assigned to each individual is random and based on their biometrics such that no personal information such as date of birth, date of issuance of ID, locality, ethnicity, race etc can be derived from deconstructing the ID.
The ID will be a 12 digit number instead of being an alphanumeric sequence, due to the low rate of literacy in India and the differing languages with differing alphabets. Of the 12 digits there is 1 checksum and the rest of the 11 digits give us 100 billion combination which aught to do for a while. The system is designed with he future is mind, and should scale to more digits if the need arises in the future. While the population of India is only around a billion, there are almost a hundred times as many IDs, this is to ensure that it is difficult to guess a number. The additional checksum digit at the end ensures that the ID is correctly transmitted and ensures the integrity of the number itself.