Unique Identity Authority of India (UIDAI) is created to provide unique identity to all residents of India. UIDA has enrolled the citizens to provide online authentication using demographic and biometric data. The UID (also known as Aadhar) number that uniquely identifies a resident, allows them to establish their identity to various agencies in India. Aadhar is a permanent non-revocable identity. Citizens can prove their identity using their Aadhar credentials. In order to bring transparency in the whole Aadhar Authentication system, an Hardware Security Module (HSM) plays a vital role.
Aadhar authentication is a process of submitting the personal identity data to Central Identities Data Repository (CIDR) maintained by UIDAI. UIDAI confirms the proof of identity after matching the submitted identity data with the data at CIDR. UIDAI defined a framework called Aadhar Authentication Framework to provide the details of the authentication types offered. Currently, Aadhar Authentication supports Demographic Matching, Biometric Matching, and additional features such as One-Time-Password (OTP). In India, various institutions use Aadhar authentication to establish their customers’ identity, confirming beneficiary, even attendance tracking in offices. It can be used for demographic data verification too.
For providing efficient authentication mechanism, UIDAI defined a structure with the service providers viz., Authentication User Agency (AUA), e-KYC agency (KUA) Sub-AUA (SA), Authentication Service Agency (ASA). AUA/SA/ AUA, KUA & SA are known as authentication user agencies
AUA – It is an entity using Aadhar authentication to provide services to their customers.
SA – It is an entity having business relationship with AUA offering specific services in a domain.
ASA – It is an entity that directly connects UIDAI through private secure connection for transmitting authentication requests from various AUAs.
Terminal Devices – Biometric capture devices, attached with terminals are used by SAs/AUAs in the Aadhar authentication process. These authentication devices must comply with specifications provided by UIDAI to protect all the biometric and demographic information. Moreover, authentication devices initiate the authentication request, create PID block, and forward to user authentication agency server for creating auth XML. To ensure integrity and non-repudiation, the XML must be digitally signed by the AUA/KUA and/or ASA. In e-KYC service e-KYC response data is encrypted. UIDAI mandates the use of FIPS 140-2 Level 3 certified Hardware Security Module (HSM) for digital signing auth XML and decryption of e-KYC data.
Kryptoagile provides FIPS 140-2 Level 3 compliant Hardware Security Modules to fully comply UIDAI directives.
Here are some of the advantages of hardware security modules offered by Kryptoagile:
Best suited for general purpose data processing
Extremely popular in financial data processing
Powered with world's most advanced data encryption mechanism
Compatible with cross industry applications