The Unique Identification Authority of India, or UIDAI, offers Aadhaar-based authentication as a service that can be availed by requesting entities (government / public and private entities/agencies) to authenticate the identity of their customers / employees / other associates before providing them access to their services / business functions.

A requesting entity can be a UIDAI licensed Authentication User Agency (AUA) or KYC User Agency (KUA). The requesting entities connect to UIDAI’s Central Identities Data Repository (CIDR) through an Authentication Service Agency (ASA). ASAs are entities that provide secure connectivity to UIDAI data centers for transmitting authentication requests from various AUAs.

As AUAs handle sensitive information, they are required by the UIDAI to have their systems audited for integrity and for compliance with the Information Security Policy issued by UIDAI. The audit is to be carried out by an information security auditor certified by CERT-IN. Any non-compliance with the security requirements is a violation of the Aadhar Act, 2016, its Regulations, the AUA/ASA agreement; and leads to penal action.

At GRM Technologies, our experts will work with you to establish the necessary cybersecurity controls to safeguard your systems to prevent the data of Aadhar card holders from being compromised. We will walk you through the encryption requirements laid out by UIDAI to ensure that data at rest and in transit cannot be compromised.

UIDAI requires the use of asymmetric encryption to preserve the integrity of data. Biometric devices that capture citizen data initiate an authentication request and create an encrypted PID block before forwarding it to the authentication server of AUA/KUA for creating an auth XML. The XML must be signed using the public key of the AUA/KUA and/or KUA. The UIDAI server encrypts the response using the public key of AUA/KUA, which can be decrypted by the AUA using its private key. The keys used for encryption and decryption should be FIPS 140-2 compliant and must be protected securely using a Hardware Security Module (HSM)

Our experts will also review your operations security, access control measures, and asset management policies to check your levels of compliance. We will provide you a detailed assessment report containing recommendations and guidance on fortifying your applications and systems. We will also keep you up-to-date with the different regulations and guidelines issued by UIDAI so that your organization is in compliance at all times.

Finally, our team will carry out extensive trainings and internal audits to set you up for success. We believe security is an iterative and continuous process, and with GRM Technologies by your side, you can be rest assured that we will partner with you to achieve and maintain not just compliance, but establish the necessary cybersecurity controls to preserve the security, integrity, and reliability of your data and business processes.