UIDAI, a MeitY authorised body is responsible for issuing a 12-digit unique identification number for citizens of India called Aadhaar. This unique number is personal identifiable information for an Indian citizen as individual’s biometric data is linked to it and stored in the Central Identities Data Repository (CIDR) of UIDAI. With security concerns hovering over UIDAI to secure the Aadhaar numbers and other information, it becomes an added responsibility for all organisations who deal with Aadhaar numbers in any form (in transit, storage or in processing) to secure themselves against attack and malicious usage.
Introduction of virtual ID (VID) for the Aadhaar number holder and UID token, which is a 72 character alphanumeric string, will be provided from UIDAI from March 2018 via APIs. The UID token is a unique value for each Aadhaar number for a particular organisation. All the AUAs/KUAs are categorised into global and local AUAs/KUAs by UIDAI. A global AUA/KUA will have access to full eKYC. A local KUA/AUA will only have access to limited KYC and will not be allowed to store Aadhaar numbers. The categorisation of organisations into global and local AUA/KUA is based on the type of industry they are mapped to, along with direct financial transactions performed by organisations.
- To meet strict compliance from UIDAI for the organisations storing and managing UIDAI data
- To use a FIPS 140-2 compliant device as the hardware protecting keys
- To manage encryption keys in a hardware security module that is compliant to FIPS 140-2 validation standards
- To provide key rotation, key scheduling, key version; in short, overall key management for organisations
- To secure authenticated authorisation to Aadhaar numbers through access control and policy management
- To implement data masking while knowing where the Aadhaar number should be stored be in the system
- Encryption of Aadhaar Numbers: As per UIDAI compliance and guidelines for Aadhaar data vault, the Aadhaar number at any given point in time cannot be clear, which means it needs to be encrypted at all times. Thales Vormetric Solution is capable of storing the Aadhaar number in an encrypted form in the database using industry standard algorithm. The solution can be designed to automatically take care of database encryption, be it column-based or an OS-level file encryption. Safeguarding the interest of the organisation by helping them meet necessary compliance and standards. If scanned copies of Aadhaar cards or PDFs are available, or if organisations have stored some programmatic excels which contain Aadhaar numbers, these can also be protected using Thales Vormetric Data Security solutions.
- Easy compliance with stringent and dynamic guidelines and compliance to UIDAI without the fear of guideline changes
- Automatic key management, access control and policy management through the solution itself
- API-based solutions for easy and seamless integration with other lines of business for organisations