AEPS, or Aadhaar Enabled Payment System, uses the Aadhaar number and biometric fingerprint of the user. AEPS financial transactions are performed using Aadhaar-enabled POS machines. AEPS does not require any OTP or PIN for verification. It depends on data available with the UIDAI CIDR repository, which holds your authenticated data during the Aadhaar enrolment process. AEPS performs payment transactions using the Bank Account linked with the Aadhaar Number of the user.
When a payment is initiated from the AEPS platform, the biometric data is converted into an Auth XML PID Block which needs to be digitally signed using the private key on the registered device to be sent to CIDR in an encrypted form using the public key of the UIDAI. The Auth XML is decrypted at the UIDAI CIDR repository using UIDAI's private key and verified using the public key of AUA at CIDR.
In order to securely store these important keys, NIST-recommended FIPS 140-2 Level 3 certified HSMs are required to securely store these private credentials of the authorised individual on behalf of the organisation.