What is Aadhaar Authentication?
Aadhaar Authentication means the process by which the Aadhaar number along with the demographic information or biometric information of a Aadhaar number holder is submitted to the Central Identities Data Repository (CIDR) for its verification and such repository verifies the correctness, or the lack thereof, on the basis of the information available with it.
The Aadhaar number or the authentication thereof shall not, by itself, confer any right of, or be proof of, citizenship or domicile in respect of an Aadhaar number holder.
Several requesting entities (or service providers) require individuals to submit their identity proofs that serve as an enabler for providing consumer services, subsidies or benefits. While collecting such identity proofs, these service providers face challenges in verifying/validating the correctness of identity information documents or proofs submitted by individuals.
The purpose of Aadhaar Authentication is to provide a digital, online identity platform so that the identity of Aadhaar number holders can be validated instantly anytime, anywhere.
UIDAI offers Aadhaar-based authentication as a service that can be availed by requesting entities (government / public and private entities/agencies). This service from UIDAI can be utilized by the requesting entities to authenticate the identity of their customers / employees / other associates (based on the match of their personal identity information) before providing them access to their consumer services / subsidies/ benefits / business functions / premises.
Modes of Authentication
- An authentication request shall be entertained by the Authority only upon a request sent by a requesting entity electronically in accordance with these regulations and conforming to the specifications laid down by the Authority.
- Authentication may be carried out through the following modes:
- Demographic authentication: The Aadhaar number and demographic information of the Aadhaar number holder obtained from the Aadhaar number holder is matched with the demographic information of the Aadhaar number holder in the CIDR.
- One-time pin based authentication: A One Time Pin (OTP), with limited time validity, is sent to the mobile number and/ or e-mail address of the Aadhaar number holder registered with the Authority, or generated by other appropriate means. The Aadhaar number holder shall provide this OTP along with his Aadhaar number during authentication and the same shall be matched with the OTP generated by the Authority.
- Biometric-based authentication: The Aadhaar number and biometric information submitted by an Aadhaar number holder are matched with the biometric information of the said Aadhaar number holder stored in the CIDR. This may be fingerprints-based or iris-based authentication or other biometric modalities based on biometric information stored in the CIDR.
- Multi-factor authentication: A combination of two or more of the above modes may be used for authentication.
- A requesting entity may choose suitable mode(s) of authentication from the modes specified in sub-regulation (2) for a particular service or business function as per its requirement, including multiple factor of authentication for enhancing security. For the avoidance of doubt, it is clarified that e-KYC authentication shall only be carried out using OTP and/ or biometric authentication.
Obtaining Aadhaar number holder’s Consent for Authentication
The Central / State Government may, for the purpose of establishing the identity of individual as a condition for receipt of subsidy, benefit or service require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment of Aadhaar.
If an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of subsidy, benefit or service.
In compliance with Aadhaar Act, all requesting entities or service providers shall
- unless otherwise provided in the Act, obtain the consent of an individual before collecting his/her identity information for the purpose of authentication in such manner as mandated by UIDAI’s policy and regulations.
- ensure that the identity information of an individual is only used for submission to the CIDR for authentication.
Nothing contained in this Aadhaar Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or anybody corporate or person, pursuant by law, for the time being in force, or any contract to this effect.
Provided that the use of Aadhaar number shall be subject to the procedure and obligations under section 8 and Chapter VI of the Act.
The authentication service is provided in online and real-time manner by UIDAI through its two data centres i.e. Hebbal Data Centre (HDC) and Manesar Data Centre (MDC) where online services for authentication and other services such as e-KYC are deployed in active-active mode to ensure high availability of services.
The UIDAI’s Central Identities Data Repositotry (CIDR) is currently capable of handling tens of millions of authentications on a daily basis, and can be scaled up further as demand increases. Many requesting entities that provide services to Aadhaar number holders have integrated Aadhaar into their domain applications for improved service delivery anywhere in the country in a real-time, scalable, interoperable manner.