Aadhaar Authentication – Offerings, Value chain and some successful Uses

Aadhaar is the idea whose usage Time Has Come*

The grand project of providing a unique identity  to residents by Government of India is coming to its fruitful completion. It is expected that by March 2017, UIDAI will complete enrollment of entire Indian population.,  With more than a billion people already  enrolled in  Central Identities Data Repository (CIDR)- aadhaar is increasingly becoming a standard resident authentication and e-KYC.  Government is already making Aadhaar  a de facto resident identification means and has already made it essential for availing many of its services. The list is expected to grow in coming days and many state government and public institutions have started integrating Aadhaar into their services or have plans to do so in coming days. Hence it is time to look at the Aadhaar authentication offerings and possible use case scenarios. The lead taken by Government in using Aadhaar is inspiring many enterprises to develop new products and services around Aadhaar profile.

Introduction

The Aadhaar enrollment and database setup of UIDAI is nearing  its completion. More than billion people have already enrolled and remaining 280 million enrollment are expected to be completed by 2017.  One of the main objectives of the UID program is to be able to accurately identify people at various points of service and enable them to receive the services they are entitled to  This process of identifying residents when they submit their Aadhaar Number and demographic and / or biometric attributes is called Authentication

Aadhaar authentication is the process wherein Aadhaar number, along with other attributes (demographic/biometrics/OTP) is submitted to UIDAI’s Central Identities Data Repository (CIDR) for verification; the CIDR verifies whether the data submitted matches the data available in CIDR and responds with a “Yes/No”. No personal identity information is returned as part of the response. The purpose of Authentication is to enable residents to prove their identity and for service providers to confirm that the residents are ‘who they say they are’ in order to supply services and give access to benefits

p1Figure 1: Aadhaar Authentication Process

The Aadhaar Authentication Operating Model:

In order to allow agencies to use UID as a verification of identity, the UIDAI also created an online-based authentication system that utilizes demographic and biometric data. The authentication system allows an agency to establish that the person is who they claim to be by submitting the person’s biometric to the Central ID Repository and receiving a yes/no answer; eligibility for a given program is done at the agency level.

p2Figure ; Different roles and agencies during Aadhaar Authentication process (Picture credit: http://www.biometricsintegrated.com/wp-content/uploads/2013/09/Architecture.jpg)

Authentication User Agency (AUA)

In order to authenticate against the UID database, an agency or company must become a recognized Authentication User Agency (AUA).  AUAs are entities using Aadhaar authentication as part of their service delivery cycle for customers, beneficiaries, employees, or associates. It is the principal entity that sends the authentication request to enable day-today business functions.  The Department of Civil Supplies is an example of an AUA – it seeks to authenticate people before dispensing monthly rations.

The process of becoming an AUA is extensive. First, an entity must identify the service delivery areas for which they would like to authenticate people. The AUA can authenticate for numerous purposes such as verifying a person’s information and to ensure proof of presence at the time of service delivery.  AUAs carrying out direct cash disbursement can utilize the Aadhaar Payments Bridge (APB), a platform that was developed with the National Payments Corporation of India (NPCI) as a mechanism of posting payments directly to beneficiaries, in order to avoid state level disbursement of government to person payments (G2P).  The APB acts as an aggregator for various government entitlements. Once an account is credited, beneficiaries can withdraw money using the Aadhaar Enabled Payment System (AEPS).

AUAs must use certified Point of Sale (POS) devices and certified applications. The applications must be developed using the UIDAI’s published APIs (Application Programming Interfaces) and they must be tested by the UIDAI’s technology center prior to implementation.  The AUA is responsible for establishing and maintaining the systems, processes, infrastructure, connectivity and security protocols to ensure continuous compliance with UIDAI standards and specifications.

Authentication Service Agencies

Once the AUA is in place, the information and authentication requests are transmitted to and from the CIDR by registered Authentication Service Agencies (ASAs).  The ASAs play the role of “enabling intermediaries” and have an established secure connection with the CIDR.  The ASA can also make authentication requests to further its own business and service functions. The National Payments Corporation of India (NPCI) mentioned earlier, is an example of an ASA.

The responsibilities and obligations of the ASAs are also important and extensive.  They must ensure that they are compliant with UIDAI specifications and standards and they are responsible for ensuring that any AUAs they support also comply.  The ASA verifies the compliance of each authentication request before sending to the CIDR.  Lastly, the ASAs are subject to sporadic audits from the UIDAI or agencies appointed and approved by the UIDAI.

While this setup may seem complex, the relationship between the UIDAI, ASAs and AUAs, is designed to provide scalability, accountability and technical compliance at every link in the chain.  The arrangement creates an endless array of possibilities for the use of the UID number, whether for the public or private sector.

Aadhaar Authentication Offerings:

Type 1 Authentication:  Type 1 Authentication is based on demographic attributes.  Through this offering, service delivery agencies can use Aadhaar Authentication system for matching Aadhaar number and the demographic attributes (name, address, date of birth, etc) of a resident.

Examples of demographic based Aadhaar authentication:

  • Banks for automated KYC checking
  • Government welfare scheme for eliminating fake and duplicate identities in their databases
  • Telecom service providers for address verification
  • Private institutions/ banks for date of birth verification

The AUAs can use Aadhaar Authentication system for matching Aadhaar number and the demographic attributes (name, address, date of birth, etc. as per the API specifications) of a resident in the CIDR with the data in the AUA’s database, on a periodic basis to check validity of the credentials or for cleaning up the AUAs database by removing duplicates. AUAs can also use demographic authentication for authenticating beneficiaries/ customers/ subscribers prior to any transactions.  See here for complete demo

 

p3Figure: Verifying name of a resident using Type 1 Authentication

 

  • p4Figure: A successful verification report from Aadhaar – Type 1 Authentication

Type 2 Authentication:  This offering allows service delivery agencies to authenticate residents through One-Time-Password (OTP) delivered to resident’s mobile number and/or email address present in CIDR.
Example: This is adopted in situations where there is no scope to use biometric authentication

OTP based authentication could be used by

  • Banks for authenticating customers during internet banking transaction
  • E-commerce companies before completing a cash-on-delivery transaction

Type 3 Authentication: Through this offering, service delivery agencies can authenticate residents using one of the biometric modalities, either iris or fingerprint.

Examples of biometric based Aadhaar authentication:

  •  Govt. departments delivering services to residents
  • Banks for establishing identity of customers before starting a new bank account
  • Telecom service providers before issuing a new mobile connection
  •  Attendance tracking or proof of presence in several scenarios

p5Figure 2: DCM bank started ATM facility that allows customer to use fingerprints instead of a PIN to make transactions

Type 4 Authentication: This is a 2-factor authentication offering with OTP as one factor and biometrics (either iris or fingerprint) as the second factor for authenticating residents.

 

p6
Figure 3:DigiLocker uses a 2-factor authentication

Example: DigiLocker is a “digital locker” service launched by the Government of India in February 2015 to provide a secure dedicated personal electronic space for storing the documents of resident Indian citizens. The storage space 1GB is linked to the Unique Identification Authority of India(Aadhaar number) of the user.

Type 5 Authentication:

This offering allows service delivery agencies to use OTP, fingerprint & iris together for authenticating residents.

Aadhaar Authentication Uses

Government:

In fact, one of the first authentication applications was for the delivery of LPG canisters. A pilot project started in conjunction with the NREGA is working to allow people to open bank accounts and transfer funds to beneficiaries under the employment guarantee scheme. Many  states so far have recognized the UID as proof of identity for various government services
Jan Dhan Yojana: The scheme Pradhan Mantri Jan Dhan Yojana (PMJDY) accepts Aadhaar card/number as the only document sufficient to open the bank account. Although you open PMJDY account after producing other documents as well. The benefits offered are RuPay card, free zero balance savings account, life and accident insurance and many others.

Passport in 10 days: This benefit of Aadhaar card will relieve you the most! If you have an Aadhaar card, you can get passport in just 10 days. Under this format, police verification will be done at a later date as opposed to the previous rule requiring police verification which used to be time-consuming. Also under the new government’s rule, if you need a passport, Aadhaar number is compulsory.

Digital Locker: Government of India has launched digital locker (DigiLocker) system for everyone for storing all personal document on the government’s server. And Sign-up process for DigiLocker requires a person to link his/her 12 digit Aadhaar card number.

Monthly Pension: All the pensioners from select states will now have to register their Aadhaar card number to their respective department in order to receive monthly pension. This move was initiated as there have been fraudulent incidents as beneficiaries requesting pension were found to be fake.

Provident Fund: Similar to pension, provident fund money will be given to the account holder who’ve registered their Aadhaar number with employee provident fund organization (EPFO).

Opening new bank account: Aadhaar letter provided by UIDAI is now acceptable by banks as a valid proof to open bank account. In fact, it can serve as an address proof as well provided address on Aadhaar card and address proof perfectly matches. i.e. no need to produce bunch of documents to the banks for opening the account.

Digital Life Certificate: Aadhaar linked digital life certificate is another initiative which was launched by Department of Electronics and IT. Named as

“Jeevan Praman for Pensioners”, this system will end the process where pensioner had to be physically present at Pension Disbursing Agency to avail pension. Instead all the details of pensioner will be accessed digitally by the agency.

SEBI: It is now accepted as a proof of address by Securities and Exchange board of India for investing in stock market. Till now, it was used by SEBI as identity proof.

Government to use Aadhaar to deliver benefits to unorganised workers: The government is working on a plan to offer benefits like insurance and pension to over 40 crore unorganised workers in India using Aadhaar, Jan Dhan accounts and the existing platform without going for smart cards.

Voter Card Linking: Starting 9th March 2015, Aadhaar card UIDAI number would be linked to the voter ID’s. This action is taken to eliminate bogus voters. Once an Aadhaar number is linked, it would become impossible for a multiple voter ID card holder to make it’s illegal use, as registration requires voter card holder to be physically present and produce Aadhaar card to the polling booth officer for verification.

Entrepreneurial Uses : Novopay enables a resident to open an account in a store, and deposit and withdraw money. Every transaction is authenticated by Aadhaar.  The system involves three pillars: a mobile phone, a store and an Aadhar card, and the transactions are all paperless. A customer gets a message on the mobile, and a receipt for money transactions. With a mobile, anyone can open an account in a kirana store to become part of Novopay.

The time of  using Aadhaar has come. Government has created the infrastructure and leading the way in showing how Aadhaar can be used in service delivery. Even some enterprises have begun developing products and services that use Aadhaar authentication. It is time for others to follow the suit.

[Given the nature of the topic of this blog post- much of the content is sourced from the published documents of UIDAI and other web source. All sources are duly acknowledged.]

Leave a Reply