Aadhaar, the Indian government’s Unique Identification project, will enable developers to integrate it in applications, and develop software surrounding it. It is working with several partners at different levels. The use of open standards enables interoperability and anonymized performance metrics for systems will be made available to the public for transparency. At the NASSCOM Aadhaar Developer Track conference, the UIDAI oultlined the role of developers in the Aadhaar system, but the major announcement was left for UIDAI Chairman Nandan Nilekani: API calls for third party authentication applications will be free of charge, for the next couple of years. The move will certainly act as a catalyst in the devlopment of an applications eco-system surrounding the UID.
Multiple vendors have been deployed by the authority at various stages and to take care of different functions. The Software at the enrollment stage has been developed by MindTree, while Biometrics identification is being handled Morpho, Accenture and L1 Identity solutions; logistics will be taken care of by IndiaPost, while Sify will be doing testing for enrolling agencies empanelled by the UIDAI; support has been outsourced to Intellinet. There is no vendor lockin and multiple vendors are deployed even at the ABIS (Automated Biometric Identification System) level. This was a deliberate decision keeping in mind the scale of deployment, to de-risk the exercise and promoting competition between vendors to improve accuracy and throughput.
The Developer ecosystem surrounding Aadhaar
Since the UIDAI implements an open-system, plug and play approach, developers can enroll for developing software for enrollment devices for vendor device managers, transliteration interfaces and apps integrating UID verification. Since the enrollment devices and client software needs to support 22 Indian languages, transliteration and vernacular input will be employed through developers, who specialize in these fields. Sanjay Jain, the chief product manager for UIDAI explained how developers will be able to contribute to UID.
Aadhaar has APIs for Biometric Capture devices, ABIS (Automated Biometric Identification System) for backend and for Aadhaar Authentication. It supports .NET and Java to for development on Windows and Linux platforms. All 3rd party interfaces are abstracted through standard API layer. So developers get opportunities at various levels:
– Aadhaar Biometric Capture device interface and SDK – Development for enrollment devices installed at the enrolment center.A level field for various device manufacturers who can develop devices, however, a certification from Standardization Testing & Quality Certification (STQC) department is required for quality checks.
– ABIS – For backend de-duplication: Allow multiple players to work together on a common platform. Three main vendors have integrated their systems. This enables identification of biometric attributes and de-duplication by matching them with other UID records, at the time of enrollment, and matching biometric attributes with demographic data and Aadhaar number at the time of authentication.
– Biometric Data Quality and Management Library: To work with biometric data on client and server. Support for biometric data capture, quality measurements, data extraction, local matching on client and server.
– Transliteration Interface:– To support data entry and cross language matching on client and server. This would enable enrollment in one vernacular language and authentication in another if required. For example one can enroll through data input in Tamil and make an authentication request inputting data in hindi. So the client and server will understand data irrespective of the language.
– Authentication APIs: So that third party developers can build apps leveraging UID verification, across different categories
– At the authentication level, Aadhaar only has an API and not an SDK unlike the enrollment level. Aadhaar enabled applications, after receiving information, encrypt it at source in XML. This supports digital signatures, name, finger prints starting with an Auth element. The encrypted XML data is sent to the CIDR server over HTTP(s). Note that data is only decryptable by the UIDAI CIDR and no one else. A reference code is generated for each check for audit purposes, however it is anonymized.
-The UIDAI CIDR sends a response after verification complete with digital signatures, session keys and time stamps to make sure that the response has been sent by the CIDR and not anyone else. Even partner systems do not have access to user data.