Virtual Aadhaar ID, Limited KYC, UID Token System

[Sushubh]

After Data Breaches and Leaks, UIDAI Rolls Out New Security Measures - The Wire

UIDAI plans on categorising all AUAs into two categories – global AUAs and local AUAs. The latter will only be allowed to initiate limited KYC processes.

Essentially, local AUAs will carry out the same KYC process but do it with an “unique UID token” instead of an Aadhaar number.

“UID token allows an agency to ensure uniqueness of its beneficiaries, customers etc without having to store Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy. All agencies should use UID tokens within their system” the notification states.

When a local AUA pings UIDAI for an authentication request, UIDAI (in response to the limited KYC request) will return a unique UID token. This token will remain unique for an Aadhaar number for all authentication requests by that particular entity – however for a particular Aadhaar number, there will be different tokens when it comes to different AUAs and sub AUAs.

Crucially, however, global AUAs will not need to adhere to the token system. When they perform authentication requests will be given the Aadhaar number and a token.

 

[Sushubh]

UIDAI introduces 2-tier security to shield Aadhaar data

 

[Sushubh]

Aadhaar database: UIDAI introduces new two-layer security system to improve Aadhaar privacy

 

[Sushubh]

UIDAI: UIDAI’s new ‘Virtual ID’ for Aadhaar: 10 key points | India News - Times of India

*The Virtual ID is a random 16-digit number.
*The ID can be generated as many time as possible.
*The older ID gets automatically cancelled once a fresh one is generated.
*Users can go to the UIDAI website to generate their virtual ID which will be valid for a defined period of time, or till the user decides to change it.
*The ID, along with the biometrics of the user, would give any authorised agency, like a mobile company, limited details like name, address and photograph, which are enough for any verification.
*Agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf of the user.
*UIDAI also introduced the concept of 'limited KYC', which will provide need-based or limited details of a user to an authorised agency providing a particular service.
*The Aadhaar-issuing body will start accepting the 'Virtual ID' from March 1, 2018.
*The 'Virtual ID' will be made compulsory for all agencies undertaking authentication from June 1, 2018.
*Agencies failing to meet the above deadline will be faced with financial disincentives.

 

[Sushubh]

it seems reasonable enough. but it's too late. billion+ aadhaar numbers are already leaked as per my understanding. and most retailers would continue to ask for copy of aadhaar. they should never have allowed anyone to ask for a photocopy of aadhaar. aadhaar number should always have been private.

the deadline of june makes it even more useless unless they extend the deadline to that date. even today, no one seems to be respecting the deadlines. local vodafone and idea stores both refused porting a number to their network without aadhaar number with biometric. airtel store is the only one allowing it without aadhaar.

 

[dextermorgan]

^ even bsnl refused duplicate sim without adhaar. essentially holding me hostage for adhaar because I cant get phone calls and otp without my primary number. fucking hell

 

---

[kickass]

^ i dont think the virtual aadhar wud work the way they are thinking simply coz everyone asks for copy of aadhar. no one ever asks just for the number !

 

[Sushubh]

That's the thing. They have to clearly make all forms of submission of actual number illegal. All existing copies should be asked to be destroyed. Anyone violating should be sued.

 

[geek]

well should the SC uphold Aadhaar (looks apparent), this one time virtual aadhaar generated for a particular validation is cool with me !

 

[Sushubh]

But it doesn't help billion people whose aadhaar details are already leaked right? It's not a fix for existing users. And doesn't stop future leaks.

 

[geek]

yes their life is over.

 

[Sushubh]

Source

 

[Sushubh]

Aadhaar Virtual ID Introduced By UIDAI "Unworkable", Will Oppose Tooth-And-Nail: Petitioners

 

[geek]

Aadhaar’s new virtual ID security feature is like locking stable after horses have bolted: P Chidambaram

 

[SVK]

^ i dont think the virtual aadhar wud work the way they are thinking simply coz everyone asks for copy of aadhar. no one ever asks just for the number !

I recently changed my Idea Postpaid to Prepaid. They just asked number, did not ask for Aadhar copy or any other document. I gave Aadhar number which they entered in their app, they authenticated my fingerprint with attached device to Smartphone. Authentication happened within their app, and my Prepaid sim got activated immediately.