Virtual Aadhaar ID, Limited KYC, UID Token System

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
After Data Breaches and Leaks, UIDAI Rolls Out New Security Measures - The Wire
UIDAI plans on categorising all AUAs into two categories – global AUAs and local AUAs. The latter will only be allowed to initiate limited KYC processes.

Essentially, local AUAs will carry out the same KYC process but do it with an “unique UID token” instead of an Aadhaar number.

“UID token allows an agency to ensure uniqueness of its beneficiaries, customers etc without having to store Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy. All agencies should use UID tokens within their system” the notification states.

When a local AUA pings UIDAI for an authentication request, UIDAI (in response to the limited KYC request) will return a unique UID token. This token will remain unique for an Aadhaar number for all authentication requests by that particular entity – however for a particular Aadhaar number, there will be different tokens when it comes to different AUAs and sub AUAs.

Crucially, however, global AUAs will not need to adhere to the token system. When they perform authentication requests will be given the Aadhaar number and a token.
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
UIDAI: UIDAI’s new ‘Virtual ID’ for Aadhaar: 10 key points | India News - Times of India

*The Virtual ID is a random 16-digit number.
*The ID can be generated as many time as possible.
*The older ID gets automatically cancelled once a fresh one is generated.
*Users can go to the UIDAI website to generate their virtual ID which will be valid for a defined period of time, or till the user decides to change it.
*The ID, along with the biometrics of the user, would give any authorised agency, like a mobile company, limited details like name, address and photograph, which are enough for any verification.
*Agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf of the user.
*UIDAI also introduced the concept of 'limited KYC', which will provide need-based or limited details of a user to an authorised agency providing a particular service.
*The Aadhaar-issuing body will start accepting the 'Virtual ID' from March 1, 2018.
*The 'Virtual ID' will be made compulsory for all agencies undertaking authentication from June 1, 2018.
*Agencies failing to meet the above deadline will be faced with financial disincentives.
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
it seems reasonable enough. but it's too late. billion+ aadhaar numbers are already leaked as per my understanding. and most retailers would continue to ask for copy of aadhaar. they should never have allowed anyone to ask for a photocopy of aadhaar. aadhaar number should always have been private.

the deadline of june makes it even more useless unless they extend the deadline to that date. even today, no one seems to be respecting the deadlines. local vodafone and idea stores both refused porting a number to their network without aadhaar number with biometric. airtel store is the only one allowing it without aadhaar.
 
  • Like
Reactions: kickass

dextermorgan

Regulars
May 12, 2014
7,316
1,315
Hyderabad
^ even bsnl refused duplicate sim without adhaar. essentially holding me hostage for adhaar because I cant get phone calls and otp without my primary number. fucking hell
 


  • Like
Reactions: kickass

kickass

Super Adm1n
Regulars
Oct 3, 2011
1,470
231
Mumbai
^ i dont think the virtual aadhar wud work the way they are thinking simply coz everyone asks for copy of aadhar. no one ever asks just for the number !
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
That's the thing. They have to clearly make all forms of submission of actual number illegal. All existing copies should be asked to be destroyed. Anyone violating should be sued.
 

aatuif

the geek in chief
Regulars
Feb 22, 2011
534
148
well should the SC uphold Aadhaar (looks apparent), this one time virtual aadhaar generated for a particular validation is cool with me !
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
But it doesn't help billion people whose aadhaar details are already leaked right? It's not a fix for existing users. And doesn't stop future leaks.
 
  • Like
Reactions: aatuif

Similar threads