This post is on explaining on AADHAAR authentication in the view of recent issues highlighted by media reports as follows:
https://thewire.in/210497/data-breach-aadhaar-details-grabs-just-rs-500/
Let us understand how you can fetch/integrate AADHAAR services
Government has already opened up AADHAAR data for building software services using UIDAI authentication protocol. For the same they are promoting platforms like India stacks.
So any company or individual can request to integrate AADHAAR authentication with their application by registering with service providers like AADHAAR Bridge. On the portal they have already listed plans for accessing the same & access is provided following a proper KYC process.
How the AADHAAR authentication works
It comes in 2 variants
- First just for authentication i.e. it will simply say whether the requested AADHAAR no. is true or false. Also even this happens with minimum authentication of sending an OTP on the registered mobile no.
- Getting eKYC against the AADHAAR i.e. getting demographics data linked with the AADHAAR. This will work only if the biometric data is sent with the request protocol. For e.g you would have experienced this while getting new Jio sim cards.
Is the breach real?
There is no report that claims to have got access to 1.2 billion users data on a single click. All reports state that they have got access to a software in which data was available against adding a AADHAAR number using proper authentication request.
Also as claimed in the story there seems to be a possible misuse of the Common Service Centres Scheme (CSCS) across India.
It seems that few people or group of people have some personal issues with govt. enforcing AADHAAR linking with govt. services & they are always ready to convert any opportunity they get in their way to blame the system without understanding its working.
For statement by UIDAI on the issue
http://www.tribuneindia.com/news/nation/uidai-denies-any-breach-of-aadhaar-data/523469.html
No #Aadhaar data breach; Aadhaar data including biometric information is fully safe and secure: @UIDAI, denying report by @thetribunechd, saying it is a case of misreporting 1/2 pic.twitter.com/2d4ORHqqMh
— PIB India (@PIB_India) January 4, 2018
If you are planning to integrate AADHAAR authentication in your software, shoot an email at [email protected]