The Unique Identification Authority of India (UIDAI), which has the authority to issue Aadhaar cards, on Saturday said that its Virtual ID (VID) system is now operational with its Authentication User Agencies (AUA) that have migrated to the new system.
The Unique Identification Authority of India (UIDAI) has mandated the use of Virtual Identification from July 1.
The Virtual ID is a 16-digit random number that is tagged to one's Aadhaar number. Only thee Aadhaar number holder will be able to generate, replace or revoke the virtual ID.
After the introduction of VID, a person will not need to share his actual 12-digit Aadhaar number for authenticating identity. The VID initiative is aimed at ensuring multi-layered security to reinforce privacy for Aadhaar holders.
Banking sector, however, has been given time till 31 August to migrate to the new system which supports authentication using Virtual IDs and UID tokens.
“It has been observed that a number of AUAs have already migrated to production environment using APIs 2.5 for Virtual ID implementation and most of the remaining AUAs have tested Virtual ID and UID Token in pre-production environment APIs 2.5. We are requesting with these agencies to fully migrate to production environment by the stipulated date,” the UIDAI said in a statement.
Meanwhile, UIDAI has also classified its AUAs in 'Global' and 'Local' categories for providing authentication facility for VID through UID Token and Limited KYC.
Telecom companies and E-sign provider AUAs not using API version 2.5 and e-KYC API 2.5 starting July 1 shall be charged Rs. 0.20 for every transaction performed.
As many as 121 crore people have been issued Aadhaar numbers so far.
Authentication ecosystem varies from agency to agency and while for certain entities the authentication is carried out in a "controlled environment" in the presence of their own regular staff, in some other cases the authentication is performed in the presence of agents who may cater to more than one entity. At times, these agents in addition to authentication activity are also involved in other business activities, the UIDAI said.
"It is imperative that on the basis of level of supervision in authentication ecosystem and the risk assessment, the VID/UID Token associated security features should be implemented in certain category of AUAs sooner without any delay," Pandey asserted.
UIDAI which has, for now, categorised all its authentication agencies as either global or local is in the process of reviewing the classification, based on the security and risk assessment of the authentication process of the said entity.
"Pending this review, AUAs which were not classified earlier are now being provisionally classified. Nonetheless, global AUAs shall develop their application in such a manner that their Aadhaar based services may continue even in case of a change in their classification in future," UIDAI said.
UIDAI also plans to introduce other forms of Aadhaar data verification, Pandey said adding that the same may be provided to agencies for identity verification in lieu of the current global or local (tags).
The UIDAI CEO has instructed all authentication agencies to make necessary changes in front-end application to accept Aadhaar number as well as Virtual ID, and in backend application to acccept UID token and limited KYC data immediately.
Once the new Virtual ID feature is fully implemented by user agencies, it allows Aadhaar holders to quote this random 16-digit number without actually disclosing Aadhaar number for authentication or verification purposes.
A user can generate as many VIDs as he or she wants, and the older ID gets automatically cancelled once a fresh one is generated. The move, besides strengthening the privacy and security of Aadhaar data, will also reduce the collection of Aadhaar numbers by various agencies.
(With agency inputs)