UIDAI introduces 2-tier security to shield Aadhaar data
Why it is in news?
In the wake of reports of an alleged breach of the Aadhaar database published in a newspaper last week, the Unique Identification Authority of India (UIDAI) has rolled out a new two-tier security process that will come into effect from June 1.
Aimed at eliminating the need to share and store Aadhaar numbers, the UIDAI has introduced the concept of a virtual ID which an Aadhaar holder can use in lieu of his/her Aadhaar number at the time of authentication, besides sharing of ‘limited KYC’ with certain agencies.
While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various agencies has heightened privacy concerns
The move follows a report in The Tribune newspaper that allegedly exposed a data breach in Aadhaar records.
Virtual ID (VID)
A Virtual ID (VID) will be a temporary 16-digit random number mapped with the Aadhaar number.
There can only be one active and valid VID for an Aadhaar number at any given time and it will not be possible to derive the Aadhaar number from VID.
The VID authentication will be similar to using Aadhaar numbers.
However, since a VID is temporary, agencies will not be able to use it for de-duplication.
Only the Aadhaar holder will be able to generate a VID and no other entity, including authentication user agencies (AUAs), can do it on their behalf.
To address the issue, the UIDAI has brought in the concept of limited KYC.
It has categorised its AUAs into Global AUAs and Local AUAs wherein the latter will get access to only need based or limited KYC details.
AUAs, which by law are required to use Aadhaar number in their KYCs, will be categorised as Global AUAs and have access to Full e-KYC and the ability to store Aadhaar numbers within their system.