Virtual Id, Limited KYC, face recognition: New security features to help strengthen Aadhaar

In the past week UIDAI has introduced three new features to improve the  security of Aadhaar database amid concerns over the safety of the world's biggest online database. Both the government and the UIDAI, which administers Aadhaar database, are confident about the safety of data. Some government officials have dismissed the criticisms over Aadhaar saying it's a foolproof system.

Trai (Telecom Regulatory Authority of India) chairman RS Sharma, in a recent interview with ET, said there's never been a breach of data, saying it's just "breach of trust". He went to justify his claim giving an example about how out of total 15 billion biometrics, not even a single biometric information had been stolen since the Aadhaar service was launched seven years back.     

UIDAI architect Nandan Nilekani also hailed the Aadhaar security structure recently saying the newly introduced security features like Virtual Ids and Limited KYC were significant to protect the Aadhaar system. About the recent incident of data breach, Nilekani said the incident was not a data leak but a "privileged leak", which the UIDAI was able to stop.

After a media report last month alleged a major data leak of Aadhaar Card holders' information on paying just Rs 500, UIDAI Chief Executive Ajay Bhushan Pandey strongly defended the system, rubbishing the claim before launching an inquiry into the incident.

A few days later, Virtual Id (VID) system and Limited KYC services were introduced as part of the added security measures. The VID is a 16-digit temporary random number that an Aadhaar holder can use for authentication or KYC services with fingerprint instead of the original Aadhaar number. Under limited KYC, authentication user agencies will neither get access to full KYC nor will they be able to store the Aadhaar number on their systems. Instead, they will get a tokenised number issued by UIDAI to identify their customers.

The UIDAI also came up with face recognition feature for Aadhaar authentication on Monday. This is the second layer of verification to ensure that those having difficulty with their fingerprints/iris authentication are no longer excluded. Pandey tweeted Tuesday said, "UIDAI introduces yet another landmark technology for authentication - Face Authentication. #AadhaarFaceAuth will help all elderly or others facing issues with fingerprint authentication. Service to be launched by 1 July 2018."  

The move will improve inclusion and benefit the people whose fingerprints no longer match to their original biometrics due to age. Since residents are already photographed at the time of Aadhaar enrolment, this new measure does not require any additional effort from the existing Aadhaar holders. However, the circular specifies that this new measure will only be allowed in "fusion mode along with one more authentication factor", be it fingerprints, iris scan or OTP (one-time-password).