What is Aadhaar Virtual ID? How to generate aadhaar virtual id, revocation and replacement of VID. UIDAI has been mandated to issue biometric based unique identity number Aadhaar to the eligible residents of India. The first Aadhaar number was issued on 29 September 2010 and till now more than 119 crore Aadhaar numbers have been issued. The coverage of almost whole of they population has led to the acceptability and use of Aadhaar as a universal and a primary identity proof of residents by government as well as non-government entities. Many systems such as Banks, Telecom companies, PD S, income Tax, etc, have been mandated through various laws to use Aadhaar for identity verification and de-duplication. Similarly, a number of private entities are also using Aadhaar to verify identity of their customers.
To further strengthen privacy and security of Aadhaar number holders, UIDAI hereby lays down the following process:
I. Introduction of Virtual ID for Aadhaar holder to use it in lieu of his her Aadhaar number to avoid need of sharing of the Aadhaar number at the time of authentication.
II. Introduction of Limited KYC Service that does NOT return Aadhaar Number and only provides an "agency specific" unique UID token to eliminate many agencies storing Aadhaar Number while still enabling their own paperless KYC.
The following paragraph provides details of the above features and advises agencies using Aadhaar authentication and e-KYC to make necessary improvements within their respective systems to support this roll out within the stipulated timeframe.
Residents are currently required to share Aadhaar number to authenticate their identity to avail various services. With the introduction of Virtual ID, a fungible number mapped to Aadhaar number, Aadhaax number holders will have an option not to share their Aadhaar number to further improve privacy. Virtual IDs allow Aadhaar number holders to share VID instead of their Aadhaar number during Aadhaar authentication thus reducing collection of Aadhaar numbers by various agencies.
Features of VID are:
VID can be generated only by the Aadhaar number holder. They can also replace (revoke and generate new one) their VID from time to time after UIDAI set minimum validity period. UIDAI will provide various options to Aadhaar number holders to generate their. VID, retrieve their VID in case they forget, and replace their VID with a new number. These options will be made available via UIDAI's resident portal, Aadhaar Enrolment Center, mAadhaar mobile application, etc.
all agencies using Aadhaar Authentication and e-KYC services shall ensure Aadhaar number holders can provide the 16-digit VID instead of Aadhaar number within their application. All agencies offering assisted services shall inform their offices and operators to enable this option for Aadhaar number holders.
While VID allows Aadhaar number holders to avoid sharing Aadhaar number, storage of Aadhaar number within various databases also needs to be further regulated, Limited KYC will allow agencies to do their own paperless KYC process without access to Aadhaar number thus significantly enhancing the privacy within Aadhaar system.
UIDAI will categorize all AUAs into two categories - "Global AUAs" and "Local AUAs". Once this scheme is fully implemented, ONLY Global AUAs will have access to e-KYC with Aadhaar number, while all other agencies will only have access to "Limited KYC".
Enhanced Privacy via UID Token: Once storage of Aadhaar number is restricted and since VID is a temporary number, agencies need a mechanism to uniquely identify their customers within their system. In order to ensure that these entities are able to establish uniqueness of beneficiaries in their database, UIDAI in response to the authentication and Limited KYC request would return a unique UID Token. This Token will be unique for each Aadhaar number for a particular entity (AUA/Sub-AUA). This Token will remain same for an Aadhaar number for all authentication requests by that particular entity. However, for a particular Aadhaar number different AUAs/Sub-AUAs will have different UID Tokens. The UID Token will be a 72 character alphanumeric string meant only for system usage.
UID Token allows an agency to ensure uniqueness of its beneficiaries, customers etc. without having to store the Aadhaar number in their databases while not being able to merge databases across agencies thus enhancing privacy substantially. All agencies should use UID Token within their systems. In addition to UID token, Global AUAs are also allowed to securely store Aadhaar number.
Authentication API will also allow authentication using UID token in place of Aadhaar number or VID, provided the token belong to that AUA. But, AUAs who are categorized as "Global AUAs" will be given, in addition to Aadhaar number, a UID token for each Aadhaar number in response to e-KYC request. Global AUAs can use UID token as per their need for authentication and database usage.
In view of the above mentioned changes, agencies using Aadhaar Authentication and e-KYC would need to make suitable changes so that their systems can accept VID in place of Aadhaar number, use UID Token within their database instead of Aadhaar number, and enhance application to access Limited or Full e-KYC based on their categorization. As an illustration, following changes may be required by the AUAs/KUAs:
a. at Allow VII D to be used in lieu of Aadhaar number. Since VID is optional for Aadhaar number holders, they can still provide Aadhaar number as they do so today.
b. Local AUAs should make changes inside their systems to replace Aadhaar number within the databases with UID Token. Existing Aadhaar numbers can be replaced with corresponding UID token by doing demographic match using authentication API.
c. Global AUAs should make changes in their systems to accept UID token, in addition to Aadhaar number and use it in their processes.
d. Agencies categorized as 'Global AUAs" can continue to securely store and use Aadhaar number along with UID token.
e. Agencies using demographic match without the presence of Aadhaar number holder need to use UID token instead of Aadhaar number in authentication input.
f. Update applications, processes,, and train the operators and personnel across AUS ecosystem to ensure that all changes are roiled out smoothly.
UIDAI would share updated API/technical documents, guidelines, and conduct work shops/ training sessions for AUAs/KUAs to ensure smooth and timely implementation.
UIDAI will be releasing necessary APIs with implementation by 1st March 2018. All AUAs/KUAs shall accordingly need to make necessary changes in their authentication system for use of Virtual ID, UID Token, and Limited KYC to start using it from 1st March 2018. By 1st June 2018, all AUAs/KUAs shall have to fully migrate to the new system, failing which their authentication services may be discontinued and financial disincentives may be imposed.
AUAs and KUAs, under Regulations 14(n) and 17(g) of Aadhaar (Authentication) Regulations, 2016, are required to comply with the directions issued and process laid down under this Circular for the purposes of using the authentication facilities provided by the Authority. Any non-compliance of these directions shall invite action under sections 42 and 43 of the Aadhaar Act, 2016, financial disincentives as per Schedule to AUA/KUA Agreement v.4.0 and termination of the said Agreement.