Aadhaar project, also known as UID (unique identification), is an initiative rolled out by Government of India under which a unique number is provided to every Indian citizen for identification. The number can help citizens to avail several benefits and services. So far, more than one crore cards have been issued. This Manager’s Guide will touch upon the project objectives and explain the role of IT in Aadhaar’s implementation.
1. Aadhaar project: Scope and benefits
The need for Aadhaar project arose after the discovery of fake and duplicate records and non-existent beneficiaries in government’s welfare schemes for the underprivileged. This was mainly due to poor attempts at verification of demographic and biometric information. The Aadhaar project will address these issues. Unique Identification Authority of India’s (UIDAI) overarching goal is to ensure that a significant number of underprivileged citizens are brought under the UID system.
Aadhaar project will furnish each Indian citizen with a unique, 16-digit identification (UID) number representing 12 identity parameters corresponding to the demographic information. This also includes an individual’s fingerprints and iris scan that form a biometric record mapping to the Aadhaar number. All data would then be collected and stored in a central database known as CIDR (Central ID Repository). CIDR will be used by security agencies for proactive threat monitoring and investigations as well as by service providers for providing prompt services especially to the underprivileged class.
2. Software applications used
Aadhaar database a.k.a. CIDR (Central ID repository) is hosted on a central system powered by data centers. This data is used to serve Aadhaar project’s core objectives such as:
(1) Enrolment application is used for receiving new client enrolment requests and capturing new data. After verifying the uniqueness of the request, the Registrars enroll the data that is received in magnetic media from various logistic providers. This data is then uploaded to Aadhaar database post-validation. The Registrars include (but are not restricted to) ministries and departments of state and central governments, banks and other financial institutions, telephone companies, etc. Once this is done, the Aadhaar number is generated for the request.
(2) Authentication application will conduct online authentication of identity (demographic and biometric information) done by querying the Aadhaar database that responds to such queries in the form of Valid/Invalid type of response. Also, de-duplication of biometric data is done by assigning a scaled data fusion score to each duplicate record. This score is in the range of 0 to 100, with ‘0’ indicating the least level of similarity and ‘100’ as the highest level of similarity.
(3) Fraud detection application detects identity fraud by catching fraud scenarios. Few examples: registration for non-existent applicants, misrepresentation of information, multiple registration attempts by same applicant, user impersonation, etc.
In addition, a number of support applications have been developed to ensure effective functioning of the Aadhaar project. Some of them are:
(4) Administrative application provides user management, role-based access control, automation and status reporting.
(5) Analytics and reporting application provides enrolment and authentication statistics for both public and partners.
(6) Information portal provides administrative access for internal users, partners, and general information/reports/ grievance requests details to public.
(7) Contact center interface application provides query and status update functionality.
(8) Logistics interface application interfaces with the logistics provider for letter printing and delivery management.
3. Information security risks involved
(1) UIDAI plans to transfer operations related to Aadhaar project to an external service provider some time down the line. Given that Aadhaar database holds sensitive data of Indian citizens, it is critical that the chosen provider is trustworthy.
(2) Unauthorized access to Aadhaar project database could have disastrous effects.
(3) Ownership of PKI (Public Key Infrastructure) implementation lies with the Registrars (refer to section ‘Software applications used for Aadhaar‘). As a result, there is a risk of use of broken encryption algorithms by registrars at the time of receiving updates from CIDR thereby compromising data confidentiality.
(4) Inadequate measures for securing local copy of enrolment data held by Registrars (refer to ‘Software applications used for Aadhaar‘) at their end.
4. Criticism and challenges
The Aadhaar project has also received criticism.
(1) Possibility of burdening the existing system of photo-identification instead of creating a new Aadhaar project from scratch.
(2) Given the sensitivity of data being held, contracts should have been awarded only to Indian vendors but that doesn’t seem to be the case.
(3) Backup mechanism and recovery time objectives of Aadhaar project database in case of natural/technical failure may prove a challenge considering the scale of the project.
(4) UIDAI may also face operational challenges. For instance, updating of the current demographic information, change of residence or marital status, by existing Aadhaar holders, promptly and securely may be challenging.
5. Vendors who have been awarded contracts **
|Application development, maintenance and support
Application Software Development, Maintenance and Support Agency for UIDAI - Mindtree.
Intranet and knowledge management portal - HCL Infosystems
Re-design, maintenance and support of UIDAI portal - Tata Consultancy Services.
|HP India Sales
|Biometric solution implementation
Solution implementation - Satyam Computer Services. (Mahindra Satyam), L1 Identity Solutions Operating Company, Accenture Services.
Biometric authentication devices - Sagem Morpho Security., Totem International, Linkwell Telesystems., Sai Infosystems., Geodesic, HCL Infosystems, I D Solutions.
Biometric devices - Tata Consultancy Services, HCL Infosystems, 4G Identity Solution., Base Systems.
|Intelenet Global Services
Space - Bharti Airtel. (Bangalore), Wipro (Delhi/NCR)
Hardware/Blade servers/Storage - National Informatics Centre Services
Disk Array Enclosures, SATA Disk Drives and Upgrade Pair 4G FC Ports - HCL Infosystems.
Piped Data Connectivity - Aircel, Bharti Airtel, BSNL, RailTel Corporation of India, Reliance Communications, Tata Communications
Supply, Installation, Commissioning for Hardware & Software - Wipro
Audit – STQC
** List may not be comprehensive