UIDAI introduces 2-tier security to Aadhaar to address privacy concerns
The Unique Identification Authority of India (UIDAI) has introduced two-tier security feature viz. Virtual ID and Limited KYC to address privacy concerns.
The move aims to strengthen security and privacy of Aadhaar data. It will also reduce the collection of Aadhaar numbers by various agencies.
The Virtual ID will be random 16-digit number that can be generated from UIDA’s website and give for various purposes, wherever Aadhaar number is necessary to provide. It will be linked with biometrics of user that will give any authorised agency limited access of details like name, address and photograph.
Using it, Aadhaar-card holders do not need to share their actual 12-digit biometric ID for any authentication. User can generate as many Virtual IDs as they want. The older ID will get automatically cancelled at time new one is generated. It will be obligatory for all agencies that undertake authentication to accept Virtual ID from their users.
It was introduced to address issue of storage of Aadhaar number within various databases. It will only provide need-based or limited details of user to authorised agency that is providing particular service. It will evaluate Authentication User Agencies (AUAs) and split them into two categories: Global AUAs and Local AUAs.
Global AUAs will have access to full demographic details of an individual along with the ability to store Aadhaar numbers within their system.
Remaining AUAs will be branded as Local AUAs and will neither get access to full KYC, nor can they can store Aadhaar number on their systems. Instead, they will get tokenised number (UID Token) issued by UIDAI to identify their customers. It will be 72 character alphanumeric.
Aadhaar is 12 digit unique-identity number issued by Unique Identification Authority of India (UIDAI) to all Indian residents based on their biometric and demographic data. It is the world’s largest biometric ID system, with over 1.19 billion enrolled members as of November 2017. The biometric and demographic data is collected by UIDAI, a statutory authority under the Ministry of Electronics and Information Technology.