|UIDAI brings ‘registered devices’ for safer Aadhaar|
|Saturday, 25 February 2017 00:00|
While UIDAI has filed a criminal complaint against Axis Bank, Suvidhaa Infoserve and eMudhra for allegedly storing biometrics and using them in an unauthorized manner, it plans to bring in even more safety features to further secure the system.
In each case of a transaction where an Aadhaar-authentication request is made to UIDAI, an SMS/email alert is sent to the subscriber – in case of a false transaction, this alert allows subscribers to escalate the issue to either the bank or UIDAI. UIDAI officials say that, while an alert was sent in the Axis/Suvidhaa/eMudhra case, as the person doing the transaction did so using his own biometrics, he did not escalate the issue.
While this fail-safe makes the system secure, apart from the very high level of encryption of data – while most data is encrypted at 128/256-bits, Aadhaar information uses 2048-bit encryption – UIDAI officials said they are bringing in additional features.
For the last few months, UIDAI has been working with vendors of biometric-capture devices to get them to ‘register’ their devices with it and to install an Aadhaar-encryption key in the hardware itself – among other things, this ensures the biometric data used is ‘captured live’ and is not stored data; it also allows more traceability, analytics and fraud management. Last month, it was notified that, after May, no data requests will be entertained if they come from ‘unregistered devices’ – existing biometric devices, such as those in ration shops already, are to be upgraded through software right now and those bought in the future must have the necessary pre-installed keys.
Since most existing biometric-capture devices, such as those in ration shops, are used for low-value transactions, a software upgrade is seen as alright for now. All AadhaarPay devices, to be used for cash transactions, are going to have the enhanced security features, officials said.