UIDAI – Aadhaar eKYC – AUA/ASA/KUA/KSA

Aadhaar eKYC is a service offered by the Unique Identification Authority of India (UIDAI) to businesses and organisations. These organisations can validate the identity of individuals by verifying their personal details such as name and address against their biometric information held as part of the Aadhaar database.

KYC details are required to be submitted mandatorily to several departments of the Government, banks, telecom operators and financial entities. The electronic KYC or eKYC validates the identity of an individual using an Aadhaar-based biometric scan and/or OTP in a matter of seconds.

Challenges:

  • To prevent unauthorised or malicious users from getting access to the private and critical information of your end customers
  • To protect your end customer’s biometric data from manipulation by authorised and unauthorised users to serve their malicious intentions or goals
  • To safeguard your organisation from data breach harms, protecting from legal harm, safeguarding the organisation's brand image, saving heavy penalties or even legal action against the system manager under the Section 66 A of IT Act 2008

Solutions:

  • The eKYC data, such as Aadhaar numbers and biometric data, along with demographic data, needs to be protected and secured when the data is at rest, in transit or in processing within your organisation.
  • UIDAI published a circular dated 22.06.2017 stating that it would need Auth XML PID block to be digitally signed using the Private Key of the organisation and sent to CIDR repository. UIDAI, as an eKYC response, will send the demographic data along with session key which is encrypted using the organisation's Public Key. The same would then be needed to be decrypted using the organisation's Private Key for further decryption of demographic data, only after which the next level of processing would be achieved. This circular mandates that these keys need to be generated within a FIPS 140-2 Level 2 or Level 3 HSM, and the Private Key should be stored inside the HSM and it should not be extracted outside the device at any given point of time.

Benefits:

  • Complying with the UIDAI's eKYC compliance of FIPS 140-2 Level 2 or Level 3 mentioned in circular dated 22.06.2017
  • Secure management and protection of encryption & signing keys
  • Quick business continuity approach in the event of a data breach

Required Products:

  • General Purpose HSMs

 

 

Get In Touch