UIDAI's purview will be limited to the issuance of unique identification numbers (Aadhaar) linked to a person's demographic and biometric information. Aadhaar will only guarantee identity, not rights, benefits or entitlements.
The UIDAI envisions full enrolment of the residents, with a focus on India's poor and underprivileged communities. The Registrars that the Authority plans to partner with in its first phase such as – the Mahatma Gandhi National Rural Employment Guarantee Scheme (NREGA), Rashtriya Swasthya Bima Yojna (RSBY), and Public Distribution System (PDS) – will help bring large number of the poor and underprivileged into the UID system. The UID method of authentication will also improve service delivery for the poor.
Existing identity databases in India are fraught with problems of fraud and duplicate/ghost beneficiaries. To prevent this from seeping into the UIDAI database, the Authority plans to enrol residents into its database with proper verification of their demographic and biometric information. This will ensure that the data collected is clean right from the beginning of the program. However, much of the poor and underserved population lack identity documents and the UID may be the first form of identification they will have access to. The Authority will ensure that the Know Your Resident (KYR) standards do not become a barrier for enroling the poor, and will devise suitable procedures to ensure their inclusion without compromising the integrity of the data.
The UIDAI approach leverages the existing infrastructure of government and private agencies across India. The UIDAI will be the regulatory authority managing a Central ID Repository (CIDR), which will issue Aadhaar, update resident information and authenticate the identity of the residents as required.
In addition, the Authority will partner with agencies such as central and state departments and private sector agencies, who will be 'Registrars' for the UIDAI. Registrars will process Aadhaar applications, and connect to the CIDR to de-duplicate resident information and receive Aadhaar. The Authority will also partner with service providers for authentication of identity.
The Registrars will ensure significant flexibility in their processes, including issuing cards, pricing, expanding KYR verification, collecting demographic data of residents for their specific requirements, and in authentication. The UIDAI will provide standards to enable Registrars to maintain uniformity in collecting certain demographic and biometric information, and in performing basic KYR activities. These standards will be finalised by the KYR and biometric committees constituted by the Authority.
Registrars will send the applicant's data to the CIDR for de-duplication. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment, to minimise/eliminate duplicates in the database.
The incentives in the UIDAI system are aligned towards a self-cleaning mechanism. The existing patchwork of multiple databases in India provides scope to individuals to furnish different personal information to different agencies. Since de-duplication in the UIDAI system ensures that residents have only one chance to be in the database, individuals are made to provide accurate data. This incentive will become especially powerful as benefits and entitlements are linked to Aadhaar.
The Authority will offer a strong form of online authentication, where agencies can compare demographic and biometric information of the resident with the record stored in the central database. The Authority will support Registrars and Agencies in adopting the Aadhaar authentication process, and will help defining the infrastructure and processes they need.
The UIDAI will not share resident data: The Authority envisions a balance between 'privacy and purpose' when it comes to the information it collects on residents. The agencies may store the information of the residents they enrol if they are authorised to do so, but will not have access to the information in the Aadhaar database. The UIDAI will answer all requests to authenticate identity only through a 'Yes' or 'No' response. The Authority will also enter into contracts with Registrars to ensure the confidentiality of the information they collect and store.
The authority will place all the aggregated data for public to access under RTI. However Personal Identity Information (PII) will NOT be accessible by any entity.
Technology systems will have a major role across the UIDAI infrastructure. The Aadhaar database will be stored on a central server. Enrolment of the residents will be computerised, and information exchange between Registrars and the CIDR will take place over a network. Authentication of the residents will be online. The Authority will also put systems in place for the security and safety of information.
Public and private organisations that are currently engaged in providing services to the residents, and which operate on behalf of the UIDAI to provide UIDAI services (such as enrolment) to their constituents. For example, State Governments, Ministries and Departments in the Central Government, banks and other financial institutions, telephone companies, etc.
These are departments or entities that report to specific Registrar. For instance, the line departments of the state government such as the Rural Development and Panchayati Raj (RDPR) department would be Sub-Registrars to the state government Registrar.
A resident is defined as a natural person, usually residing in India.Residents of India, who wish to obtain an Aadhaar, are expected to provide appropriate documentation to meet the KYR norms or to be introduced by an appointed introducer.
Residents are expected to truthfully provide information and documentation to meet the KYR norms, or be introduced by an introducer. Further, they are expected to provide biometric information to the UIDAI. They can expect a smooth experience with the enrolment agency, and a swift response to various issues that they may have. Residents will have access to their data, and the ability to identify when they were authenticated (for a period of time).
Access to data of other residents is to be restricted by the UIDAI.
The application hosted by CIDR can be broadly categorised into two:
1-)Core applications- In the core category UIDAI will have enrolment and authentication applications services.
2-)Supporting applications: This category consists of applications required for administration, analytics, reporting, fraud detection interfaces to Logistics Provider and Contact Centre and the portal.
The Enrolment Application serves the client enrolment request for providing Aadhaar. The application orchestrates the enrolment workflow by integrating various sub-systems such as address normalisation, third party de-duplication, and Aadhaar generation. Manual exception workflow is required to resolve enrolment requests that cannot be resolved automatically. Basic letter printing and delivery functionality is available for servicing exceptions to normal workflow.
The Authentication Application provides the identity authentication services. Various authentication request types such as demographic, biometric, simple or advanced authentications are supported by this application. The Aadhaar submitted is used for 1:1 match for the resident's record. The inputs are then matched against the resident information found in the biometric database. The Fraud Detection Application is deployed to detect and reduce identity fraud. For example, identifying fraud scenarios that the application needs to handle are: misrepresentation of information, multiple registrations by same resident, registration for non-existent residents, or personification as someone else.
The Administrative Application takes care of user management, roles and access control, business process automation, and status reporting. It ensures a trust network across both internal and external entities. The external entities could be Registrars, Sub-Registrars, Enrolment Agencies, Field Agencies, Introducers and Authentication clients. For example, the application is required to manage user accounts for the Registrars or Introducers who vouch for identity of individuals who lack proper documentations. The internal entities could be system administrators, customer service agents or biometric and fraud detection agents. The application will allow administrators to track status of other applications, and provide mechanism to escalate failures or delays.
The Analytics and Reporting Application provides enrolment and authentication statistics for both public and partners. It supports visual representation of statistics and allows drill down at regional levels. All the information available for this application is only at the aggregate level thus, ensuring individual identity is completely protected.
The Information Portal provides administrative and information access for internal users, partners and public. Besides the above application, interface application for Logistics and contact centre are also present in the CIDR. The Contact Centre Interface application provides query and status update functionality. The Logistics Interface Application interfaces with the logistics provider for letter printing and delivery. It is used for sending and receiving raw data, sending Aadhaar data for letter printing, delivering and receiving periodic status updates on the inbound and outbound communication.
The Biometric Solution Provider (BSP) will design, supply, install, configure, commission, maintain and support biometric components of the UIDAI System. In CIDR, there can be up to three BSPs operating simultaneously. Two biometric components are utilised in the UIDAI System. The biometric components are:
The functional requirements of the above mentioned five areas are described, followed by the overall functions of the two biometric components.
A) Multi-modal Biometric de-duplication in the Enrolment Server: Considering the expected size of the de-duplication task, the UID Enrolment server will utilize:
B) Verification Subsystem of Authentication Server
In the first release of the UIDAI server, the biometric verification module, provides verification within the authentication server. The solution should be capable of 1:1 verification comparisons of enrolled references with incoming ISO/IEC 19794-2-compliant fingerprint, iris or face images or ISO/IEC 19794-2 compliant fingerprint minutiae sets without proprietary extended data.
For the purpose of distributed authentication by UIDAI at a later stage, the biometric verification module may be constructed using SDK. While the functionality of the verification subsystem will not change, the internal architecture may change. The templates will be maintained in memory resident database by the UIDAI authentication server application (not in scope of BSP). If the incoming requests contain a biometric image, the authentication server will use SDK to extract the feature. SDK will also be used to generate comparison score of the sample. The decision for distributed authentication will rest with UIDAI and will be binding on the BSP.
The UIDAI project is based on a partnership model consisting of Registrars and their respective enrolling agencies on the ground. There are other entities such as device suppliers, trainers, letter delivery agencies, pre-enrollers etc all of whom play an important role in enrolling 1.2 billion residents. The partner portal will cater to the needs of the partner community.
This portal will provide them with overall statistics that involve them, as well as allow them to track individual cases.
These users will be able to track:
The UIDAI being a project of national importance will need to continually share various design, development, implementation and operational aspects with the public. The grievance redressal system also needs to be integrated into the public portal to redress complaints and grievances faced by residents in the process of enrolment and authentication. The UIDAI information portal will address the above needs. This portal will also provide all users with information about the UIDAI system, and allow them to drill down on the performance by region, etc. It will not allow users to track individual cases. However, a method will be provided to get in touch with the UIDAI for specific questions as well as addressing grievances.
All users will be able to view the following:
We want to expose all publishable public information through a "Data Portal" where all data is exposed in machine readable formats. This portal allows third party developers to develop Web 2.0 applications based on this data.
Registrars will have their own IT infrastructure to interact with Aadhaar System. The functionalities include the following:
Asspecified earlier, a copy of the enrolment data flows from the Enrolment Stations to the Registrar System. The CIDR also updates the Registrar System with the assigned Aadhaar.
To keep the confidentiality of the data being sent to the registrar system, the data will be encrypted using the public key provided by the Registrar. It follows that the Registrars have to manage their pair securely and put the necessary infrastructure in place. The interacting Registrar systems have to be hardened. UIDAI may provide security guidelines to Registrars to assist in the implementation but the ownership will always reside with the Registrars. UIDAI will define interfaces for the Registrar System to interact with CIDR. There will be no libraries to be integrated with. Since the Registrars also maintain a copy of their enrolment data, they have to take enough precautions to secure the data. In order to integrate Aadhaar authentication with applications like PDS, NREGA or similar applications in private sector, UIDAI will provide a library of API using which the new applications can be developed and deployed.
Logistics service will be provided by Department of Posts. There are two parts to this:
(i) Inbound Logistics – to receive the raw enrolment images + data in magnetic media and through the network from the Regional Offices or Facilitation Centre. All the incoming data is processed by the CIDR DMZ Application.
(ii) Outbound Logistics – Delivering the UIDAI to applicants and getting the Status Update
Responsibilities of Logistic Service Provider include the following: