NewKerala.com

Aadhaar Hits 134 Crore Users, Govt Details Multi-Layered Security Shield

Aadhaar, the world's largest biometric ID system, now has approximately 134 crore live holders and has processed over 17,000 crore authentication transactions. The government, through Minister Jitin Prasada, emphasized that the ecosystem is designed with privacy protection, keeping data encrypted and processed within India. A multi-tiered security framework, including three types of audits, governs the system for entities using Aadhaar authentication. Strict protocols under the Aadhaar Act mandate informed consent, prohibit biometric retention, and ensure data is used only for permitted purposes.

Key Points: Aadhaar Security: 134 Cr Users, Multi-Tier Audit Framework

  • 134 crore live Aadhaar holders
  • 17,000 crore authentication transactions
  • Three-tier security audit framework
  • Data encrypted and stored only in India
  • Mandatory informed consent for use
3 min read

Aadhaar reaches 134 crore holders as government outlines multi-tier security framework

Aadhaar reaches 134 crore holders. Govt outlines 3-tier security, encrypted data, and strict protocols under the Aadhaar Act to protect privacy.

Aadhaar reaches 134 crore holders as government outlines multi-tier security framework
"The Aadhaar ecosystem is designed to protect privacy. - Jitin Prasada"

New Delhi, March 18

Aadhaar is the world's largest biometric identity system with approximately 134 crore live Aadhaar holders, the Ministry of Electronics & IT said on Wednesday. Maintained by the Unique Identification Authority of India, the platform has recorded more than 17,000 crore authentication transactions to date, serving as a primary tool for identity verification across the country.

Union Minister of State for Electronics and Information Technology Jitin Prasada in the Lok Sabha, noted that the Aadhaar ecosystem is designed to protect privacy. According to the Ministry, demographic data remains encrypted both at rest and in transit.

By design and architecture, the storage and processing of Aadhaar data takes place within India, and safeguards are in place to ensure that this is not breached.

The UIDAI provides Aadhaar authentication services to authorised entities to verify an individual's identity against the central database. This verification confirms the individual's identity using a one-time password (OTP), biometric data such as fingerprints, iris, and face, or demographic details to deliver specific services.

The Ministry specified that the Aadhaar Face Authentication used by these authorised entities is based on AI and Machine Learning technology, which enables accurate authentication of face biometrics.

Any entity desiring to use these services must be onboarded with UIDAI as an Authentication User Agency (AUA) or a KYC User Agency (KUA), in accordance with the provisions of the Aadhaar Act. The regulatory framework requires every AUA or KUA to retain authentication logs for two years. These logs can be accessed by the Aadhaar number holder or shared for grievance redressal and dispute resolution. After the initial two-year period, the logs are archived for five years and subsequently deleted.

To maintain the security of the system, UIDAI has implemented a three-tier audit framework. This includes the Self-Compliance Audit, the Information Security Annual Audit, and the Governance, Risk, Compliance, and Privacy (GRCP) Audit for entities within the ecosystem. This multi-layered approach ensures the integrity, security, and effectiveness of the system while helping to mitigate risks to Aadhaar number holders.

The Ministry further highlighted that detailed Standard Operating Procedures (SOPs) and guidelines governing the collection and use of data are available in the public domain. Key provisions include the mandatory informed consent of the Aadhaar number holder and the requirement that authentication is performed only for predefined and explicitly permitted purposes.

Security protocols also mandate the use of certified devices and secure storage within the Aadhaar Data Vault. Under the current guidelines, there is a strict prohibition on biometric data retention by any entity.

The Aadhaar Act also imposes restrictions on the collection, retention, and access of data, ensuring limited and encrypted data retention alongside mandatory audit trails.

- ANI

Share this article:

Reader Comments

R
Rahul R
Good to know about the security framework, but the real test is on the ground. Last month, my father had issues with fingerprint authentication at the ration shop. The machine wasn't working. The tech is great, but we need reliable infrastructure everywhere, including villages.
A
Aman W
The fact that data stays in India and is encrypted is very reassuring. In today's world, data is gold. We must protect our citizens' information from foreign entities. UIDAI seems to have taken strong steps. Hope they keep updating against new cyber threats.
S
Sarah B
I appreciate the transparency about the audit logs being accessible to the holder. That's a good feature for user control. The informed consent part is crucial—no service should use my Aadhaar without clearly telling me why.
K
Karthik V
While the security framework looks good on paper, I have a respectful criticism. The article says "authorised entities" can use it. Who authorises them? What checks are there to prevent misuse by these partner agencies? The chain is only as strong as its weakest link.
M
Meera T
Face authentication using AI is a game-changer for elderly relatives who have worn-out fingerprints. My dadi can never get her fingerprint scan to work. If this tech becomes widespread, it will be a big relief for so many families.
V
Vikram M

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50