After Data Breaches and Leaks, UIDAI Rolls Out New Security Measures - The Wire
UIDAI plans on categorising all AUAs into two categories – global AUAs and local AUAs. The latter will only be allowed to initiate limited KYC processes.
Essentially, local AUAs will carry out the same KYC process but do it with an “unique UID token” instead of an Aadhaar number.
“UID token allows an agency to ensure uniqueness of its beneficiaries, customers etc without having to store Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy. All agencies should use UID tokens within their system” the notification states.
When a local AUA pings UIDAI for an authentication request, UIDAI (in response to the limited KYC request) will return a unique UID token. This token will remain unique for an Aadhaar number for all authentication requests by that particular entity – however for a particular Aadhaar number, there will be different tokens when it comes to different AUAs and sub AUAs.
Crucially, however, global AUAs will not need to adhere to the token system. When they perform authentication requests will be given the Aadhaar number and a token.