Wednesday, May 31, 2017

Aadhaar Taking to the Indian Skies

Ever since the demonetization fever hit the nation, technological advancements have radically altered the status quo of things. Aadhar is one such technology that has stepped up to cater to the evolving tech ecosystem in India.
Issued by the Unique Identification Authority of India (UIDAI), Aadhaar is a unique 12 digit identity number issued to all residents of India based on their biometric and demographic data. In short, it is your unique National ID. And this is where the endless possibilities begin; from getting your rations to being the exclusive identification agency at airports. Speaking of airports, how exactly would this play out?

Monday, May 22, 2017

How common API for registered biometric devices is game changer?

UIDAI is coming up with new Authentication API ver 2.0 which is going to support registered devices. UIDAI is planning to remove the support for public devices and will support only registered devices in near future. Before understanding registered devices and the need for it, it is important to understand how public devices work.

Public devices are raw biometric capture devices that provide Aadhaar compliant biometric data to the application, which, in turn, encrypts the data before using for authentication purposes. Currently, AUA/Sub-AUA applications manage the biometric capture feedback user experience, any validation, and encryption of PID block. With public devices, providers may or may not provide an easy to use libraries to application developers. Several security measures are taken to ensure strong transaction security and end to end traceability even in public devices. These security measures fall into prevention and traceability. These include deploying signed applications, host and operator authentication by AUA, usage of multi-factor authentication, resident SMS/Email alerts on authentication, biometric locking, encryption/signing of sensitive data, and so on. In the case of public devices, although above security measures are in place, there is still a technical possibility of having the biometric data captured in between sensor device and host machine if the device or host machine of AUA is compromised.