What is Aadhaar Virtual ID (VID)? Generation, revocation and replacement of VID

What is Aadhaar Virtual ID? How to generate aadhaar virtual id, revocation and replacement of VID. UIDAI has been mandated to issue biometric based unique identity number Aadhaar to the eligible residents of India. The first Aadhaar number was issued on 29 September 2010 and till now more than 119 crore Aadhaar numbers have been issued. The coverage of almost whole of they population has led to the acceptability and use of Aadhaar as a universal and a primary identity proof of residents by government as well as non-government entities. Many systems such as Banks, Telecom companies, PD S, income Tax, etc, have been mandated through various laws to use Aadhaar for identity verification and de-duplication. Similarly, a number of private entities are also using Aadhaar to verify identity of their customers.

What is Aadhaar Virtual ID (VID)? Generation, revocation and replacement of VID

To further strengthen privacy and security of Aadhaar number holders, UIDAI hereby lays down the following process:

I. Introduction of Virtual ID for Aadhaar holder to use it in lieu of his her Aadhaar number to avoid need of sharing of the Aadhaar number at the time of authentication.

II. Introduction of Limited KYC Service that does NOT return Aadhaar Number and only provides an "agency specific" unique UID token to eliminate many agencies storing Aadhaar Number while still enabling their own paperless KYC.

The following paragraph provides details of the above features and advises agencies using Aadhaar authentication and e-KYC to make necessary improvements within their respective systems to support this roll out within the stipulated timeframe.

Aadhaar Virtual ID (VID)

Residents are currently required to share Aadhaar number to authenticate their identity to avail various services. With the introduction of Virtual ID, a fungible number mapped to Aadhaar number, Aadhaax number holders will have an option not to share their Aadhaar number to further improve privacy. Virtual IDs allow Aadhaar number holders to share VID instead of their Aadhaar number during Aadhaar authentication thus reducing collection of Aadhaar numbers by various agencies.

Features of VID are:

  • check
    VID will be a temporary, revocable 16-digit random number mapped with the Aadhaar number. It is not possible to derive Aadhaar number from VID.
  • check
    Last digit of the VID is the checksum using Verhoeff algorithm as in Aadhaar number.
  • check
    There will be only one active and valid VID for Aadhaar number at any given time.
  • check
    Aadhaar number holder can use VID in lieu of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using VID in a manner similar to using Aadhaar number.
  • check
    VID, by design being temporary, cannot be used by agencies for de-duplication.
  • check
    VID is revocable and can be replaced by a new one by Aadhaar number holder after the minimum validity period set by UIDAI policy.
  • check
    No entities like AWL/KUA can generate VID on behalf of Aadhaar number holder.

Generation, revocation, and replacement of VID

VID can be generated only by the Aadhaar number holder. They can also replace (revoke and generate new one) their VID from time to time after UIDAI set minimum validity period. UIDAI will provide various options to Aadhaar number holders to generate their. VID, retrieve their VID in case they forget, and replace their VID with a new number. These options will be made available via UIDAI's resident portal, Aadhaar Enrolment Center, mAadhaar mobile application, etc.

all agencies using Aadhaar Authentication and e-KYC services shall ensure Aadhaar number holders can provide the 16-digit VID instead of Aadhaar number within their application. All agencies offering assisted services shall inform their offices and operators to enable this option for Aadhaar number holders.

1. Via UIDAI's resident portal,

https://resident.uidai.gov.in/

2. Aadhaar Enrolment Center,

Locate Enrolment Center

3. mAadhaar mobile application

Download here

Limited KYC and UID Tokenization

While VID allows Aadhaar number holders to avoid sharing Aadhaar number, storage of Aadhaar number within various databases also needs to be further regulated, Limited KYC will allow agencies to do their own paperless KYC process without access to Aadhaar number thus significantly enhancing the privacy within Aadhaar system.

UIDAI will categorize all AUAs into two categories - "Global AUAs" and "Local AUAs". Once this scheme is fully implemented, ONLY Global AUAs will have access to e-KYC with Aadhaar number, while all other agencies will only have access to "Limited KYC".

  • Global AUAs: UIDAI from time to time will evaluate AUAs/Sub-AUAs based on the laws governing them and categorize them as "Global AUAs" only if laws require them to use Aadhaar number in their KYC. Only such agencies will have access to Full e-KYC (with Aadhaar number) and the ability to store Aadhaar number within, their system.
  • Local AUAs: All AUAs who are not categorized under "Global AUAs" will automatically be categorized as "Local AUAs". Such entities will ONLY have access to "Limited KYC" and will NOT be allowed to store Aadhaar number within their systems. Every agency using authentication and Limited KYC can get agency specific UID Token, that can be used within their systems to uniquely identify their customers. UIDAI reserves the right to determine, in addition to UID Token, what demographic fields need to be shared with the Local As depending upon its need.

Enhanced Privacy via UID Token: Once storage of Aadhaar number is restricted and since VID is a temporary number, agencies need a mechanism to uniquely identify their customers within their system. In order to ensure that these entities are able to establish uniqueness of beneficiaries in their database, UIDAI in response to the authentication and Limited KYC request would return a unique UID Token. This Token will be unique for each Aadhaar number for a particular entity (AUA/Sub-AUA). This Token will remain same for an Aadhaar number for all authentication requests by that particular entity. However, for a particular Aadhaar number different AUAs/Sub-AUAs will have different UID Tokens. The UID Token will be a 72 character alphanumeric string meant only for system usage.

UID Token allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store the Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy substantially. All agencies should use UID Token within their systems. In addition to UID token, Global AUAs are also allowed to securely store Aadhaar number.

Authentication API will also allow authentication using UID token in place of  Aadhaar number or VID, provided the token belong to that AUA. But, AUAs who are categorized as "Global AUAs" will be given, in addition to Aadhaar number, a UID token for each Aadhaar number in response to e-KYC request. Global AUAs can use UID token as per their need for authentication and database usage.

In view of the above mentioned changes, agencies using Aadhaar Authentication and e-KYC would need to make suitable changes so that their systems can accept VID in place of Aadhaar number, use UID Token within their database  instead of Aadhaar number, and enhance application to access Limited or Full e-KYC  based on their categorization. As an illustration, following changes may be required by the AUAs/KUAs:

a. at Allow VII D to be used in lieu of Aadhaar number. Since VID is optional for Aadhaar number holders, they can still provide Aadhaar number as they do so today.

b. Local AUAs should make changes inside their systems to replace Aadhaar number within the databases with UID Token. Existing Aadhaar  numbers can be replaced with corresponding UID token by doing  demographic match using authentication API.

c. Global AUAs should make changes in their systems to accept UID token, in addition to Aadhaar number and use it in their processes.

d. Agencies categorized as 'Global AUAs" can continue to securely store and  use Aadhaar number along with UID token.

e. Agencies using demographic match without the presence of Aadhaar number holder need to use UID token instead of Aadhaar number in authentication input.

f. Update applications, processes,, and train the operators and personnel across AUS ecosystem to ensure that all changes are roiled out smoothly.

UIDAI would share updated API/technical documents, guidelines, and conduct work shops/ training sessions for AUAs/KUAs to ensure smooth and timely implementation.

UIDAI will be releasing necessary APIs with implementation by 1st March 2018. All AUAs/KUAs shall accordingly need to make necessary changes in their authentication system for use of Virtual ID, UID Token, and Limited KYC to start using it from 1st March 2018. By 1st June 2018, all AUAs/KUAs shall have to fully migrate to the new system, failing which their authentication services may be discontinued and financial disincentives may be imposed.

AUAs and KUAs, under Regulations 14(n) and 17(g) of Aadhaar (Authentication) Regulations, 2016, are required to comply with the directions issued and process laid down under this Circular for the purposes of using the authentication facilities provided by the Authority. Any non-compliance of these directions shall invite action under sections 42 and 43 of the Aadhaar Act, 2016, financial disincentives as per Schedule to AUA/KUA Agreement v.4.0 and termination of the said Agreement.