You are on page 1of 32

What is Aadhaar?

Aadhaar is a 12 digit individual identification number issued by the Unique Identification Authority of India on behalf of the Government of India. This number will serve as a proof of identity and address, anywhere in India. Any individual, irrespective of age and gender, who is a resident in India and satisfies the verification process laid down by the UIDAI, can enrol for Aadhaar. Each individual needs to enroll only once which is free of cost. Each Aadhaar number will be unique to an individual and will remain valid for life. Aadhaar number will help you provide access to services like banking, mobile phone connections and other Govt and Non-Govt services in due course.

y Easily verifiable in an online, cost-effective way. y Unique and robust enough to eliminate the large number of duplicate and fake identities in government and private databases. y A random number generated, devoid of any classification based on caste, creed, religion and geography.

WHAT AADHAAR IS y y A number (12 digits). For every individual, including infants. Enables Identification, and is for every resident. Will collect demographic and biometric information to establish uniqueness of

WHAT AADHAAR ISN T y y Another Card. One per family.

y

y

Establishes citizenship and is only for Indians. Will collect profiling information such as caste, religions, language.

Some other information about Aadhaar: Aadhaar will be:

y

y

individuals. y y Voluntary. For every resident, irrespective of existing documentatio n. Each individual will be given a single unique ID number. UIDIA will be enable a universal identity infrastructure that any ID based application like ration card, passport etc. Can be used. UIDIA will give a Yes or No response for any identification authenticatio n queries. y y Mandatory Only for individuals who possess identification documents. Individual can obtain multiple AADHAARs. AADHAR will replace all other IDs

Universality, which is ensured because Aadhaar will over time be recognised and accepted across the country and across all service providers. Every resident's entitlement to the number. The number will consequently form the basic, universal identity infrastructure over which Registrars and Agencies across the country can build their identitybased applications. Unique Identification of India (UIDAI) will build partnerships with various Registrars across the country to enrol residents for the number. Such Registrars may include state governments, state Public Sector Units (PSUs), banks, telecom companies, etc. These Registrars may in turn partner with enrolling agencies to enrol residents into Aadhaar. Aadhaar will ensure increased trust between public and private agencies and residents. Once residents enrol for Aadhaar, service providers will no longer face the problem of performing repeated Know Your Customer (KYC) checks before providing

y

y

y

y

y

y

UIDIA information will be accessible to public and private agencies.

Why Aadhaar? Aadhaar-based identification will have two unique features:

services. They would no longer have to deny services to residents without identification documents. Residents would also be spared the trouble of repeatedly proving identity through documents each time they wish to access services such as obtaining a bank account, passport, or driving license etc. By providing a clear proof of identity, Aadhaar will empower poor and underprivileged residents in accessing services such as the formal banking system and give them the opportunity to easily avail various other services provided by the Government and the private sector. The centralised technology infrastructure of the UIDAI will enable 'anytime, anywhere, anyhow' authentication. Aadhaar will thus give migrants mobility of identity. Aadhaar authentication can be done both offline and online, online authentication through a cell phone or land line connection will allow residents to verify their identity remotely. Remotely, online Aadhaar-linked identity verification will give poor and rural residents the same flexibility that urban non-poor residents presently have in verifying their identity and

accessing services such as banking and retail. Aadhaar will also demand proper verification prior to enrolment, while ensuring inclusion. Existing identity databases in India are fraught with problems of fraud and duplicate or ghost beneficiaries. To prevent these problems from seeping into the Aadhaar database, the UIDAI plans to enrol residents into its database with proper verification of their demographic and biometric information. This will ensure that the data collected is clean from the beginning of the program. However, much of the poor and under-privileged population lack identity documents and Aadhaar may be the first form of identification they will have access to. The UIDAI will ensure that its Know Your Resident (KYR) standards do not become a barrier for enrolling the poor and has accordingly developed an Introducer system for residents who lack documentation. Through this system, authorised individuals ('Introducers') who already have an Aadhaar can introduce residents who don't have any identification documents, enabling them to receive their Aadhaar.

Benefits of AADHAAR for Residents

‡ The AADHAAR will become the single source of identity verification. Once residents enroll, they can use the number multiple times ± they would be spared the trouble of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account, passport, driving license, and so on. The large number of residents, who currently don¶t have any identity documents and are therefore µexcluded¶ from beneficiary lists, can also get an µidentity¶ through the 'Introducer' system. AADHAAR number (or the UID) will thus become the µkey that opens all doors¶ ± especially for the deprived and marginalized. Benefits of AADHAAR for Government ‡ Eliminating duplication under various schemes is expected to save substantial money for

the government exchequer. It will also provide governments with accurate data on residents, enable implementation of direct benefit programs, and allow government departments to coordinate investments and share information. The Unique Identification Authority of India (UIDAI) UIDAI was notified by the Planning Commission on 28th January, 2009 as an attached office under the Planning Commission with an initial team of 115 officials. The UIDAI will be the regulatory authority managing a Central Identities Data Repository (CIDR), which will issue AADHAAR, update resident information, and authenticate the identity of residents as required. The UIDAI will ensure that the proper laws, technologies and infrastructures are being implemented such that each resident of India gets enrolled under AADHAAR.

A Solution from the Government ² UID / AADHAAR

The Government of India conceived the idea of having a unique form of identification for residents of India. The features of UID or AADHAAR will be as follows: ‡ It will be a randomly generated twelve digit number for every resident of India. Example: 2653 8564 4663. This number will be called the Unique Identification Number or AADHAAR. ‡ The number will be unique, which means, no two residents will have the same number. ‡ No resident can have two numbers because AADHAAR is based on a combination of standard information like name, address, age and biometric information which is unique to every person. ‡To avoid frauds, the AADHAAR number will have no additional information within its value or structure. It will be a µrandom¶ number like the result of a lottery draw or like throwing a dice. ‡ AADHAR will be used to prove identity not citizenship. ‡ It will not be compulsory to get an AADHAAR number. It will be voluntary. However in the future,

certain service providers (government or private agencies) may require a person to have an AADHAAR number to deliver services. For example, in future, the Public Distribution System (PDS) department may issue ration cards based on an individual¶s AADHAAR number and the AADHAAR number will appear in the ration card.

AADHAAR ² y Concept y Logo

Concept:Aadhaar: The UID brand name and logo The brand name of the Unique Identification number (UID) will be Aadhaar. The name and logo for the unique numbers to be issued by the UIDAI have been developed keeping in mind the transformational potential of the program. Together, they communicate the essence and

spirit of the UIDAI's mandate to people across the country.

The UIDAI's mandate is to issue every resident a unique identification number linked to the resident's demographic and biometric information, which they can use to identify themselves anywhere in India, and to access a host of benefits and services. The number (referred to until now as the 'UID') has been named Aadhaar, which translates into 'foundation', or 'support'. This word is present across most Indian languages and can therefore be used in branding and communication of the UIDAI program across the country.

y Aadhaar's guarantee of uniqueness and centralised, online identity verification would be the basis for building these multiple services and applications, and facilitating greater connectivity to markets. y The UIDAI's mandate is to issue every resident a unique identification number linked to the resident's demographic and biometric information, which they can use to identify themselves anywhere in India, and to access a host of benefits and services. The number (referred to until now as the 'UID') has been named Aadhaar, which translates into 'foundation', or 'support'. This word is present across most Indian languages and can therefore be used in branding and communication of the UIDAI program across the country. y As Mr. Nandan Nilekani, Chairman of the UIDAI notes, "The name Aadhaar communicates the

As Mr. Nandan Nilekani, Chairman of the UIDAI notes, "The name Aadhaar communicates the fundamental role of the number issued by the UIDAI the number as a universal identity infrastructure, a foundation over which public and private agencies can build services and applications that benefit residents across India."

fundamental role of the number issued by the UIDAI the number as a universal identity infrastructure, a foundation over which public and private agencies can build services and applications that benefit residents across India." y Aadhaar would also be a foundation for the effective enforcement of individual rights. A clear registration and recognition of the individual's identity with the state is necessary to implement their rights ±to employment, education, food, etc. The number, by ensuring such registration and recognition of individuals, would help the state deliver these rights.

the vision for Aadhaar. It represents a new dawn of equal opportunity for each individual, a dawn which emerges from the unique identity the number guarantees for each individual. The winning design, shown below, was submitted by Mr. Atul S. Pande of Pune:

Finance and Budget
Annual Budget :This gives a broad picture of the annual budget outlays vis-a-vis the expenditure incurred. Budget Estimates for 2010-11 Expenditure of 2010-2011 Budget Estimates for 2011-12

Logo:The design, which has been selected as the logo for Aadhaar, is a sun in red and yellow, with a fingerprint traced across its centre. The logo effectively communicates

Expenditure for the Quarter AprilJune 2011 Cumulative Expenditure for 2009, 2010, 2011 (upto June 2011). Outcome Budget :The extracts of the Outcome Budget 2010-11 of Government of India, Planning Commission pertaining to Unique Identification Authority of India. Executive Summary Outcome Budget 2010-11 Information Regarding Performance of UIDAI Past

purposes of the UIDAI. The order constituting the Council as well as its mandate can be found here: Awareness and Communications Strategy Advisory Council order. Information, Education and Communication Strategy Information, Education and Communication (IEC) is an important process in the enrolment strategy. The basic objective of IEC is to educate all the partners and residents so as to make them aware of the various usages and benefits which can be derived from Aadhaar. The Registrar, along with the UIDAI will strive to disseminate information regarding the applications of Aadhaar so that benefits of governmental and other schemes reach the intended beneficiaries. To ensure comprehensive coverage across all the residents, the message of Aadhaar shall be spread through the following communication channels: Broadcast & Telecast: TV, radio, print, Internet Information: News and publications Outdoors: Posters, handouts, wall paintings, banners, hoarding

Awareness and Communication
The Awareness and Communications Strategy Advisory Council The UIDAI recognising the importance of an awareness and communications strategy for the success of the UID project appointed an Awareness and Communications Strategy Advisory Council (ACSAC), with a mandate to recommend the awareness and communications strategy required to achieve the

Entertainment: Cinema, sports, endorsements Inter-personal: Audio, video, telecom Support infrastructure: Registrar and Enrolment infrastructure Agency

UIDAI will provide the funding where required at the production and execution stage, for all material directly related to the Aadhaar brand. Funding for communication material associated with the Registrar that includes the Aadhaar brand will also be provided by UIDAI. However, any additional requirements by the Registrar for dissemination of information pertaining to their specific needs shall be borne by the Registrar. A dedicated team from UIDAI, along with the relevant agencies such as Advertising & Public Relations will work closely with the Registrar in executing the IEC strategy.

The Aadhaar will only provide identity: The UIDAI's purview will be limited to the issuance of unique identification numbers (Aadhaar) linked to a person's demographic and biometric information. The Aadhaar will only guarantee identity, not rights, benefits or entitlements. A pro-poor approach: The UIDAI envisions full enrolment of the residents, with a focus on enrolling India's poor and underprivileged communities. The Registrars that the Authority plans to partner with in its first phase such as ± the Mahatma Gandhi National Rural Employment Guarantee Scheme (NREGA), Rashtriya Swasthya Bima Yojna (RSBY), and Public Distribution System (PDS) ± will help bring large number of the poor and underprivileged into the UID system. The UID method of authentication will also improve service delivery for the poor. Enrolment of residents with proper verification: Existing identity databases in India are fraught with problems of fraud and duplicate/ghost beneficiaries. To

Aadhaar Technology

Features of the UIDAI Model:--

prevent this from seeping into the UIDAI database, the Authority plans to enrol residents into its database with proper verification of their demographic and biometric information. This will ensure that the data collected is clean right from the beginning of the program. However, much of the poor and underserved population lack identity documents and the UID may be the first form of identification they will have access to. The Authority will ensure that the Know Your Resident (KYR) standards do not become a barrier for enrolling the poor, and will devise suitable procedures to ensure their inclusion without compromising the integrity of the data. A partnership model: The UIDAI approach leverages the existing infrastructure of government and private agencies across India. The UIDAI will be the regulatory authority managing a Central ID Repository (CIDR), which will issue Aadhaar, update resident information and authenticate the identity of the residents as required. In addition, the Authority will

partner with agencies such as central and state departments and private sector agencies, who will be 'Registrars' for the UIDAI. Registrars will process Aadhaar applications, and connect to the CIDR to de-duplicate resident information and receive Aadhaar. The Authority will also partner with service providers for authentication of identity. The UIDAI will emphasize a flexible model for Registrars: The Registrars will ensure significant flexibility in their processes, including issuing cards, pricing, expanding KYR verification, collecting demographic data of residents for their specific requirements, and in authentication. The UIDAI will provide standards to enable Registrars to maintain uniformity in collecting certain demographic and biometric information, and in performing basic KYR activities. These standards will be finalised by the KYR and biometric committees constituted by the Authority. Process to ensure no duplicates: Registrars will send the applicant's data to the CIDR

for de-duplication. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment, to minimise/eliminate duplicates in the database. The incentives in the UIDAI system are aligned towards a selfcleaning mechanism. The existing patchwork of multiple databases in India provides scope to individuals to furnish different personal information to different agencies. Since de-duplication in the UIDAI system ensures that residents have only one chance to be in the database, individuals are made to provide accurate data. This incentive will become especially powerful as benefits and entitlements are linked to Aadhaar. Online authentication: The Authority will offer a strong form of online authentication, where agencies can compare demographic and biometric information of the resident with the record stored in the central database. The Authority will support Registrars and Agencies in adopting the Aadhaar authentication process, and will

help defining the infrastructure and processes they need. The UIDAI will not share resident data: The Authority envisions a balance between 'privacy and purpose' when it comes to the information it collects on residents. The agencies may store the information of the residents they enrol if they are authorised to do so, but will not have access to the information in the Aadhaar database. The UIDAI will answer all requests to authenticate identity only through a 'Yes' or 'No' response. The Authority will also enter into contracts with Registrars to ensure the confidentiality of the information they collect and store. Data Transparency: The authority will place all the aggregated data for public to access under RTI. However Personal Identity Information (PII) will NOT be accessible by any entity. Technology will undergird the UIDAI system: Technology systems will have a major role across the UIDAI infrastructure. The Aadhaar database will be

stored on a central server. Enrolment of the residents will be computerised, and information exchange between Registrars and the CIDR will take place over a network. Authentication of the residents will be online. The Authority will also put systems in place for the security and safety of information.

Application Architecture:--

The Authority will issue Aadhaar and set standards for enrolment and authentication, to be universally followed. Initially, UIDAI will design, develop, and deploy the Aadhaar Application with the help of service providers. Subsequently, the entire operation will be expanded and operated by an external service provider. In addition to providing the product and services, the UIDAI is also responsible for recruiting Registrars, approving enrolment agencies and providing a list of introducers among others. To further enhance the mission, UIDAI will also help in the creation of services that depend on the Aadhaar authentication.

Registrars These are public and private organisations that are currently engaged in providing services to the residents, and which operate on behalf of the UIDAI to provide UIDAI services (such as enrolment) to their constituents. For example, profiles of Registrars include state governments, ministries and departments in the Central Government, banks and

Entities and Roles:-UIDAI

other financial institutions, telephone companies, etc. While Registrars may provide UIDAI services to all residents, they are not required to do so. Registrars may collect documentation ± such as proof of residence, and proof of identity from residents. Registrars are required to store such documents, and have them available for later investigation/audits. Registrars may also receive and have access to some of the data specifically collected by the UIDAI, e.g. demographic data and photograph of the resident. Registrars may store the Aadhaar in their systems, as well as print it on artefacts provided to the resident (such as a card, or a letter). Certain Registrars may store biometric data such as fingerprint, and iris image in a secure manner on smart cards for offline authentication purposes. This data may not be stored on their servers or used for online authentication. To ease the process of registration for the marginalised sections of society, Registrars may provide a list of introducers who may introduce residents thus waiving certain proofs, as required by the KYR document. This list of

introducers is Registrar specific. Registrars are also authenticators, and use the authentication interfaces to confirm the details for residents who may have already enrolled in UIDAI system.

Sub-Registrars These are departments or entities that report to specific Registrar. For instance, the line departments of the state government such as the Rural Development and Panchayati Raj (RDPR) department would be SubRegistrars to the state government Registrar. Enrolment Agency An agency contracted by the Registrar, subject to certification by the UIDAI, to perform their duties. Enrolment agencies provide operators and supervisors for the enrolment stations on the field, and also create the necessary conditions for the optimal enrolment of residents. Enrolment agencies must collect demographic data prior to an enrolment drive. They must notify

residents and UIDAI, of the enrolment schedule in advance. Enrolment agencies may be empanelled by the UIDAI for the assistance of the Registrars. However, the Registrars, will be free to engage any other enrolment agencies as well. Introducer An Introducer is a well known person authorised by the UIDAI or by a Registrar to introduce individuals for enrolment. This mechanism was specifically created to allow the UIDAI system to reach out to the marginalised and excluded residents who may not have sufficient documentation to meet the proof of identity or address specified in the published KYR norms. Hence, an introducer provides an assurance that the individual applying for an Aadhaar is indeed a resident, and to the best of his/her personal knowledge who they say they are. Registrars may provide a list of introducers with their name and Aadhaar. For various Registrars, we expect that this list will include officials (elected, gazetted and others), school teachers, headmasters, anganwadi workers,

etc. The UIDAI may seek the help of NGOs and other civil society organisations to provide additional Registrars to improve the coverage for the marginalised groups. A carefully crafted enrolment strategy to reach out to the marginalised section of society will depend on a strong, reliable introducer network ± that will have to be crafted ahead of time. Resident Residents of India, who wish to obtain an Aadhaar, are expected to provide appropriate documentation to meet the KYR norms or to be introduced by an appointed introducer. A resident is defined as a natural person, usually residing in India. Residents are expected to truthfully provide information and documentation to meet the KYR norms, or be introduced by an introducer. Further, they are expected to provide biometric information to the UIDAI. They can expect a smooth experience with the enrolment agency, and a swift response to various issues that they may have. Residents will have access to their data, and the ability to identify when they were

authenticated (for a period of time). Access to data of other residents is to be restricted by the UIDAI. Authenticator An authenticator is an agency that uses the UIDAI system to authenticate a resident. Authenticators may use demographic data and/or biometric data in addition to the resident's Aadhaar. The authenticator must use the appropriate form of authentication that provides him/her with the necessary assurance for the transaction. Authenticators must register with the UIDAI and provide an estimated usage (primarily for the provisioning). Authenticators may have presence at multiple locations, at each of which they deploy authentication devices. Authenticators may be billed by the UIDAI for certain service levels. The billing relationship will require additional data. The number of authenticators is an important indicator of the health of the UIDAI system as diverse authenticators imply the availability of diverse services to the residents. UIDAI

will also lead the way in enabling the creation of service platforms and standards that will allow authenticators to come on board easily. Overview of applications hosted in CIDR The application hosted by CIDR can be broadly categorised into core applications and supporting applications. In the core category we have the enrolment and authentication applications services. While the supporting category consists of applications required for administration, analytics, reporting, fraud detection interfaces to Logistics Provider and Contact Centre and the portal. The Enrolment Application serves the client enrolment request for providing an Aadhaar. The application orchestrates the enrolment workflow by integrating various sub-systems such as address normalisation, third party de-duplication, and Aadhaar generation. Manual exception workflow is required to resolve enrolment requests that cannot be resolved automatically. Basic letter printing and delivery functionality

is available for servicing exceptions to normal workflow. The Authentication Application provides the identity authentication services. Various authentication request types such as demographic, biometric, simple or advanced authentications are supported by this application. The Aadhaar submitted is used for 1:1 match for the resident's record. The inputs are then matched against the resident information found in the biometric database. The Fraud Detection Application is deployed to detect and reduce identity fraud. For example, identifying fraud scenarios that the application needs to handle are: misrepresentation of information, multiple registrations by same resident, registration for nonexistent residents, or personification as someone else. The Administrative Application takes care of user management, roles and access control, business process automation, and status reporting. It ensures a trust network across both internal and external entities. The external entities could be Registrars, Sub-

Registrars, Enrolment Agencies, Field Agencies, Introducers and Authentication clients. For example, the application is required to manage user accounts for the Registrars or Introducers who vouch for identity of individuals who lack proper documentations. The internal entities could be system administrators, customer service agents or biometric and fraud detection agents. The application will allow administrators to track status of other applications, and provide mechanism to escalate failures or delays. The Analytics and Reporting Application provides enrolment and authentication statistics for both public and partners. It supports visual representation of statistics and allows drill down at regional levels. All the information available for this application is only at the aggregate level thus, ensuring individual identity is completely protected. The Information Portal provides administrative and information access for internal users, partners and public. Besides the above application, interface application

for Logistics and contact centre are also present in the CIDR. The Contact Centre Interface application provides query and status update functionality. The Logistics Interface Application interfaces with the logistics provider for letter printing and delivery. It is used for sending and receiving raw data, sending Aadhar data for letter printing, delivering and receiving periodic status updates on the inbound and outbound communication. Biometric Solution The Biometric Solution Provider (BSP) will design, supply, install, configure, commission, maintain and support biometric components of the UIDAI System. In CIDR, there can be up to three BSPs operating simultaneously. Two biometric components are utilised in the UIDAI System. The biometric components are: 1. Automated Biometric Identification Subsystem (ABIS): ABIS will be used in the Enrolment Server as a part of the multi-modal biometric de-duplication solution.

In the early release, ABIS will also be used in the Authentication Server for verification. The ABIS will maintain its own database of proprietary fingerprint and iris image templates for de-duplication (and face templates at the discretion of the vendor), and must be able to respond to verification requests accompanied by fingerprint and/or iris images, as well as ISO/IEC 19794-2:2005 format fingerprint minutiae files. Vendors will work with UIDAI to provide further specification within ISO/IEC 19794-2:2005 to promote interoperability with future verification clients. 2. Multimodal Software Development Kit (SDKs): SDKs will be used in the enrolment client, manual check (for duplicates), authentication server (for later releases) and the analytics module. The SDK may contain signal detection, quality analysis, image selection, image fusion, segmentation, image preprocessing, feature extraction and comparison score generation for fingerprint, iris and face modalities. The biometric solution

components used in the UIDAI system are: ‡ Multi-modal de-duplication in the enrolment server ‡ Verification subsystem within the authentication server ‡ Enrolment client ‡ Manual checks and exception handling ‡ Biometric sub-system monitoring and analysis. The functional requirements of the above mentioned five areas are described, followed by the overall functions of the two biometric components.

the de-duplication task, the UID Enrolment server will utilize: 1. Multi-modal de-duplication. Multiple modalities such as± fingerprint and iris image will be used for de-duplication. Face photograph is provided if the vendor desires to use it for deduplication. While certain demographical information is also provided, UIDAI provides no assurance of its accuracy. Demographic information shall not be used for filtering during the deduplication process, but this capability shall be preserved for potential implementation in later phases of the UIDAI program. Each multi-modal de-duplication request will contain an indexing number (Reference ID) in addition to the multi-modal biometric and demographic data. In the event of one or more duplicate enrolments are found, the ABIS will pass back the Reference ID of the duplicates and the scaled comparison scores upon which the duplicate finding was based. The scaled fusion score returned with each duplicate found will have a range of [0, 100], with 0 indicating the least level of similarity and 100 as the highest level of similarity. 2. Multi-vendor: The complete multi-modal solutions from more than one vendor will be used. The Aadhaar Application will determine

UID System Requirements of the Biometric Components-

a) Multi-modal Biometric deduplication in the Enrolment Server Considering the expected size of

routing of a particular deduplication request. It may determine to route a particular deduplication request to more than one biometric solution. If it routes a de-duplication request to more than one solution, it is responsible for determining the final outcome of the de-duplication request. The UIDAI ABIS API specifies the interaction between UIDAI Application and ABIS. The middleware included in the UIDAI application (being developed by ASDMSA) is meant to provide vendor independence and standardisation. The key features of the middleware are: ‡ Routing and mediation. ‡ Guaranteed delivery ‡ Fault tolerance and load balancing ‡ Open standard based messaging (AMQP) using open source Rabbit MQ ‡ Transparent connectivity to analysis and system monitoring modules of UIDAI applications ‡ Support of Web 2.0 based UIDAI ABIS API and CBEFF data format standard ‡ Encapsulation and isolation of ABIS components (b) Verification Subsystem of Authentication Server

In the first release of the UIDAI server, the biometric verification module, provides verification within the authentication server. The solution should be capable of 1:1 verification comparisons of enrolled references with incoming ISO/IEC 19794-2-compliant fingerprint, iris or face images or ISO/IEC 19794-2 compliant fingerprint minutiae sets without proprietary extended data. For the purpose of distributed authentication by UIDAI at a later stage, the biometric verification module may be constructed using SDK. While the functionality of the verification subsystem will not change, the internal architecture may change. The templates will be maintained in memory resident database by the UIDAI authentication server application (not in scope of BSP). If the incoming requests contain a biometric image, the authentication server will use SDK to extract the feature. SDK will also be used to generate comparison score of the sample. The decision for distributed authentication will rest with UIDAI and will be binding on the BSP.

overall statistics that involve them, as well as allow them to track individual cases. These users will be able to track: ‡ Administration and user management ± creation / deletion of the user records ‡ Aggregate pre-enrolment statistics ± number, latency, validation issues. (for Registrars, Sub-Registrars, and Enrolment Agencies) ‡ Aggregate enrolment statistics ± number, latency, approvals, rejection reasons (for Registrars, Sub- Registrars, and Enrolment Agencies) ‡ Aggregate authentication statistics ± number, latency, success / failures (for authentication clients) ‡ Track individual resident information ± pre-enrolment, enrolment, and authentication ± that they are involved in. Public Portal The UIDAI being a project of national importance will need to continually share various design, development, implementation and operational aspects with the public. The grievance redressal system also needs to be integrated into the public portal to redress complaints and grievances faced by residents in

Partner Portal The UIDAI project is based on a partnership model consisting of Registrars and their respective enrolling agencies on the ground. There are other entities such as device suppliers, trainers, letter delivery agencies, pre-enrollers etc all of whom play an important role in enrolling 1.2 billion residents. The partner portal will cater to the needs of the partner community. This portal will provide them with

the process of enrolment and authentication. The UIDAI information portal will address the above needs. This portal will also provide all users with information about the UIDAI system, and allow them to drill down on the performance by region, etc. It will not allow users to track individual cases. However, a method will be provided to get in touch with the UIDAI for specific questions as well as addressing grievances. All users will be able to view the following: ‡ List of Registrars, Enrolment Agencies, etc. ‡ Number of UIDs issued by time (day, month, year), and region (country, state, district, city) ‡ Performance Metrics ± At an aggregate level ± the number of Registrars, latency to allocate UIDAIs, number of complaints, etc. ‡ Authentication requests ± count, latency, success /failures. ‡ Grievance requests filed with the UIDAI and the responses.

allows third party developers to develop Web 2.0 applications based on this data. Registrar System: Registrars will have their own IT infrastructure to interact with Aadhaar System. The functionalities include the following: ‡ Getting updates during enrolment process ‡ Uploading bulk demographic data ‡ Act as an Authentication User Agency (AUA) As we have seen earlier, a copy of the enrolment data flows from the Enrolment Stations to the Registrar System. The CIDR also updates the Registrar System with the assigned Aadhaar. To keep the confidentiality of the data being sent to the registrar system, the data will be encrypted using the public key provided by the Registrar. It follows that the Registrars have to manage their <Private Key, Public Key> pair securely and put the necessary infrastructure in place. The interacting Registrar systems have to be hardened. UIDAI may provide security guidelines to Registrars to assist in the implementation but the ownership will always reside with the Registrars. UIDAI will define

Data Portal: We want to expose all publishable public information through a "Data Portal" where all data is exposed in machine readable formats. This portal

interfaces for the Registrar System to interact with CIDR. There will be no libraries to be integrated with. Since the Registrars also maintain a copy of their enrolment data, they have to take enough precautions to secure the data. In order to integrate Aadhaar authentication with applications like PDS, NREGA or similar applications in private sector, UIDAI will provide a library of API using which the new applications can be developed and deployed. Logistics Logistics service will be provided by Department of Posts. There are two parts to this: (i) Inbound Logistics ± to receive the raw enrolment images + data in magnetic media and through the network from the Regional Offices or Facilitation Centre. All the incoming data is processed by the CIDR DMZ Application. (ii) Outbound Logistics ± Delivering the UIDAI to applicants and getting the Status Update

Responsibilities of Logistic Service Provider includes the following: ‡ Logistics setup for enrolment agencies to send the enrolment data/manifest to the RO/data centre ‡ Provide printing infrastructure and connectivity to the CIDR. The printing infrastructure electronically receives the Aadhaar allocation letter to be printed and mailed to the enrolled

residents ‡ Mail the printed Aadhaar letter to the enrolled resident ‡ Provide an online track and trace system to track the status of the enrolments and Aadhaar generation ‡ Support the call centre provider to track the enrolment status

Security and Infrastructure Technology²
Authentication User Agency

Contact Centre The Contact Centre provides a central point of contact to residents and other entities that will partner with UIDAI during the enrolment and post enrolment stages. The Contact Centre will provide services in multiple languages for residents, Registrars, enrolment agencies

and resident service agencies. The service provider for Contact Centre will setup, operate and maintain the Contact Centre including the agents. The service provider for Contact Centre will be expected to:y Scale operations at the required pace to match volumes of interactions. y Provide analytics support to UIDAI. y Assist in driving performance improvements y Take end to end responsibility of driving resolution of queries and services. y Analyze the various interactions with the stakeholders, identify and develop process models.

Benefits:y The UIDs will provide unique identity to residents of India. Indians will not require to prove their identity to various government departments over and over again. y It will streamline benefits so that they reach the right people. y The numbers will eliminate duplication an attempts to obtain fake documents.

The RFP for Contact Centre contains the detailed requirements for Contact Centre. Please refer to this document from UIDAI website. UIDAI has selected Intellinet as the service provider for setting up and operating the Contact Centre. The Contact Centre Architecture diagram is shown below:

y They will facilitate mobility, especially for India's migrant population. y The numbers will ensure that different public service delivery organisations work efficiently.

we can simply declare all 0numbers as TBD (to be decided). 1- numbers(a1 = 1) could be reserved for entities rather than individuals. Alternative-ly, 11could be reserved for entities (or 111-) to match the size of the reserved space to the number of entities expected. We could use 2-9 numbers (a1 =2,3«9) right away to assign UIDs. That is 80 billion numbers -plenty of space.

Number Design: 12 Digits
The format of 12-digit number is discussed below. UID Numbering Scheme

1. The Version Number: Some digits may be reserved for specific applications. This is an implicit form of a version number embedded into the numbering scheme. We rec-ommend the following reservations: 0- numbers (a1 = 0) could be used as an ³escape´ for future extensions to the length of the number. For example, in future if we need 16 digit numbers, then we could say that 0 means that the number is 16-digits. As of now

2. Number Generation: The numbers are generated in a random, non-repeating se-quence. There are several approaches to doing this in the computer science literature. The algorithm and any³seed´ chosen to generate IDs should not be made public and should be considered a national secret. 3. Lifetime: Individual UID is assigned once, at inception, and remain the same for the lifetime of the person, and for a specified number of years beyond. At this point there is no consideration of reusing numbers. 4. Entity ID¶s: We expect that entity ID numbers (1- numbers) will have different rules for periods of validity and retirement.

5. The Checksum: There are several schemes possible. We recommend the Verhoeff scheme. More on this in the section titled Checksum.

The need for iris in the UID Project:The Biometrics Committee played a key role in helping the UIDAI determine the biometrics to be used in UID enrolment, and the standards to be adopted. The Committee submitted its report on 7th January 2010 to the Chairman of the UIDAI1.Prior to recommending the type of biometrics to be captured, the Biometrics Committee debated a key challenge that the UIDAI faces ± that of ensuring the uniqueness of biometrics across a population of 1.2 billion people. To ensure uniqueness, the UIDAI has to minimize the false acceptance rate (FAR) in its biometrics. However, the Biometrics Committee noted that the approach using fingerprint biometrics alone, in addition to face, faces two challenges in ensuring uniqueness and low FAR within the Indian environment ±

the varying quality of fingerprints, particularly among poor residents; and the scale of the database, at 1.2 billion records2. Both these challenges could make uniqueness in biometrics difficult to achieve. The risk that fingerprinting may not be sufficient to ensure uniqueness is not a risk that can be ignored, particularly when enrolling residents on such a large scale. The cost and logistics of going back and re-enrolling residents, in case the biometrics set is insufficient, would be unacceptable. The addition of iris to finger and face biometrics would help the UIDAI achieve accuracy rates that go beyond 95%, and would ensure very low FAR. This will also make the UID number highly robust, and enable the number to be used in a wide variety of applications that require high security, such as in financial transactions. Ensuring inclusion ± Ensuring the inclusion of poor residents: India faces unique challenges in collecting biometrics from its rural population and the poor. The poor, due to occupations that usually involve

physical labour, have fingerprints that are worn out and difficult to capture4.Experts estimate that the challenges in collecting the biometrics of the poor would be lower in the case of iris devices. The iris does not get worn out with age, or with use. It even remains unaffected by most eye surgery. Consequently the use of iris biometrics would help ensure that poor residents are not left out of UID enrolment. Ensuring the inclusion of children: Collecting and deduplicating the biometrics of children is a challenge ± face and finger biometrics are not stable until the age of 16. The lack of deduplication of a child¶s biometrics would require that the child¶s UID be linked to the parents¶ UIDs in the database and the child¶s ID is not issued on the basis of deduplication of his/her biometrics. This however, increases the risk of duplicates/fakes among UIDs for children. Such UIDs would represent a significant proportion of the UIDs issued. The iris presents a potential means to issue the majority of children a unique number linked to their biometrics, since the iris stabilizes at a very

young age. Unlike fingerprints,the iris is said to be fully developed at the time of birth itself.The limitation on iris capture of a child only due to the requirement for a child to follow the instructions of keeping his/her eyes open before the iris camera. On an average, the age at which the child can understand and follow such instructions will be around 4 years. If we use iris, we would be able to reduce the size of our inaccurate UID sub-set ( due to the inability to de-duplicate) from 35% to 11% (the percentage of population below four years of age as per the 2001 Census). This will be a significant gain in terms of accuracy. Other benefits ± i) Comfort: The addition of iris as a third biometric would not be intrusive. As is visible from the photographs below ± taken at one of UIDAI¶s biometric test centres in Andhra Pradesh ± iris capture also does not involve physical contact with the resident, making it a comfortable experience. ii) Ease of use: Both fingerprint devices and iris devices are not difficult

To use with a trained operator. Newer iris devices however, are also auto-focus and autocapture and will prevent the operator from taking an out-of-focus image. Reducing risks in execution: UID enrolment will take place on a large scale and in diverse environments across the country. While the enrolment processes and systems will be standardised, the UIDAI cannot guarantee high quality across its thousands of enrolment points. Collecting iris in addition to fingerprints will help limit the risk of low quality in the biometric data collected. Reducing technology risks: There are significant technology risks in the UID project ± there are for instance, no examples to follow, with no previous such technology implementations of this scale. The project also pushes the boundaries of existing deduplication and authentication technologies, due to the project¶s unprecedented size. iv) iii)

While ten fingerprints, when collected with care with special emphasis on quality can give us high accuracy, this faces some uncertainties, considering the technology challenges stated above. The use of iris as an additional (and uncorrelated) biometric mitigates the project¶s technology risks considerably. De-duplication Process: During the deliberations of the Biometrics Committee, it was pointed out by experts that iris de-duplication is today, much faster than finger-print deduplication. More importantly, multi-modal de-duplication, while keeping iris as the primary means of deduplication, can be made to work much faster than single mode deduplication. Given the flexibility that the UIDAI wants on deduplication, and the possibility that the UIDAI may like to reduce the time taken to achieve universal coverage, the speed of finger-print de-duplication should not become a limiting factor in project implementation. vi) Applications: The requirement of uniqueness and accuracy in UID-linked v)

biometrics is a function of the applications which utilize the residents¶ data. The applications that use the UID would be many and varied ± as an example,an application may use UIDs to monitor the coverage of immunizations, and may not require very significant accuracy. However, if UIDs are to be used to authenticate financial transactions and micro-payments, then even a small percentage of inaccuracies in UID-linked biometric data may make the data unusable for these purposes. Hence, compromises made on uniqueness and accuracy may limit the use of the UID in critical applications. vii) Security: It is highly desirable to have access to an additional biometric trait,from the viewpoint of national security. It is possible to disguise facial features, and mask fingerprints through cuts and bruises. It is much harder to alter iris along with the face and fingerprint. Iris use has consequently become more common in national security and border control applications worldwide.

Future development of identity systems: The use of biometric systems for verifying identity is growing rapidly around the world, and both fingerprint and iris vendors are expanding their market. The use of both iris and fingerprint within the UID project will ensure that the number is still usable, if either technology gains ground for identity verification in the future.It is for the reasons stated above that the UIDAI has decided to include iris along with face and fingerprints, in its biometrics. Iris Technology :Overview While the benefits of using iris biometrics are important to consider, not much is known about how iris biometrics systems function. Here, the paper provides an overview on iris biometrics and the technology that is used. The iris of the eye is a protected organ, which controls the diameter of the pupils ± the centre part of the eye ± and the amount of light entering the eye.

viii)

The field of iris biometrics has seen significant research and investment over the last decade, and at this point, iris capture has become a mainstream technology with wide acceptance. In India, over 50 million people have been enrolled using iris recognition systems in Andhra Pradesh and Orissa. Feedback on these systems has been positive both from enrolling agencies and state government officials. Mexico is also using iris for its version of Unique ID to deliver public benefits to its entire population. De-duplication through iris has been carried out on a large scale ± one implementation that deduplicated the entry of immigrants into a country has carried out five trillion iris comparisons since 2001. In Andhra Pradesh, the government has carried out 6.26 quintillion matches in two months for its PDS programs in 2009. According to one research firm, iris is the fastest growing segment of biometrics market and will have the largest market share in next ten years. Responding to the increased demand, the technology has become rapidly cheaper, with a friendlier user experience. How do we capture the iris image?

The front, pigmented layer of the iris, seen in Figure 1 above, contains random patterns that are visible and highly stable. These patterns are also highly intricate, and unique to every individual. The iris faces very little wear, and can consequently serve as a secure, always available passport that an individual can present for verification.

The capture of the iris image is identical to taking a regular photograph, except that it operates in the infrared region, nearly invisible to our eye. The figure below shows the process for capturing the iris image. The camera captures the image of the iris; the image generated is permanently stored in the database, and is used for matching while verifying the identity of the resident, as well as for de-duplication.

Case I: Enrollment using a centralized architecture In the case of enrollment using a centralized architecture, the biometrics of the citizen have to be matched against the biometrics of all the previously enrolled citizens. The matching has to be done soon after the biometrics are captured to check whether the same citizen has been enrolled earlier. In case a match is found, the citizen will not be enrolled into the system. To accomplish this, the speed of matching has to be very high and without any false accepts. Case II: Enrollment using a Decentralized architecture

De-duplication :De-duplication is the processing of the biometric data of citizens to remove instances of multiple enrollments by the same citizen. During de-duplication, matching the biometrics of a citizen is done against the biometrics of other citizens to ensure that the same person is not enrolled more than once. This will ensure that each person will have a unique identity. De-duplication will be a necessary component in the ³Unique ID´ project. In the case of enrollment using a De-centralized architecture, the biometrics of citizens captured during a certain period have to be matched against the unique ID enrollment database of all the previously enrolled citizens. The matching has to be done by aggregating the data from each of the decentralized enrollment stations and matching against the de-duplicated biometrics of all the previously enrolled citizens. Conclusion ±

Choosing the right biometrics plays a very important role for ensuring the success of the Unique ID project. While Iris as a biometric ensures high matching speeds and high degree of accuracy which are very essential for large Unique ID projects, fingerprint as a biometric will be economical for verification at the Point of Service.Thus the use of Multi-Modal biometrics will enable Governments to reap the advantages of both in the most optimal manner.