Wednesday, March 21, 2018

How to implement Aadhaar Data Vault without using HSM based tokenization?


In accordance with the UIDAI circular 11020/205/2017, any organisation that stores Aadhaar number in their database should implement Aadhaar Data Vault and replace the Aadhaar numbers using the reference tokens created by the Aadhaar Data Vault. The Aadhaar number and the XML returned by UIDAI as part of Aadhaar authentication/eKYC call will have to be stored in the encrypted format and the access to the Aadhaar Data Vault will have to be strictly controlled. The encryption keys should be stored in a Hardware Security Module.   This is the crux of the reference id circular published by UIDAI, for more details please follow the link given above.

Now the question is how do you implement Aadhaar Data Vault in an organisation that is storing Aadhaar numbers without using HSM based tokenization solution which can be very costly?