Unique Identification Authority of India (UIDAI) has launched three new Aadhaar enabled services – an authentication services using Iris, an authentication service using one time pin (OTP) and an electronic know your customer (eKYC) service. It also announced that currently over 400 million residents have been enrolled for an Aadhaar number, while about 350 million Aadhaar numbers have been issued.

eKYC service: The eKYC service will allow one to authorize service providers to receive electronic copy of their identify proof and address. This will allow instant and paperless verification of of one’s identity and address. Using this service will allow sharing of demographic information including name, address, DOB, gender, photograph and mobile number this was collected during enrollment.

This is quite different to what was said at the Aadhaar Development Track conference organized by NASSCOM in Bangalore in 2011. At the conference, key personnel from the authority including Head of Technology Srikanth Nadhamuni, Chief Product Manager Sanjay Jain and Pramod Varma, Chief Architect had mentioned that the Aadhaar backend will simply verify the info and return a Yes or No response. Aadhaar would not send any other data back, except in cases of National Security, for which protocols were not been decided back then.

This contradicts with the services that UIDAI is offering for Aadhaar enabled services. With the eKYC service, UIDAI shares all demographic information including name, address, DOB, gender, photograph, and mobile number to the service providers. With 350 million Aadhaar cards issued, access to such information not only brings up privacy issues but also security concerns. What stops hackers to get into UIDAI server and collect all private information. Also note that, this information is not that one can easily change. One’s name, address, DOB, gender, and mobile number (possibly) remains the same for a larger part of their life. The fact that this information can be retrieved means UIDAI provides an API to access them, and it won’t be long before the system is abused.

Iris Authentication: With Iris based authentication service, residents will be able to authenticate their identity for availing Aadhaar enabled services by providing a combination of Aadhaar number and Iris image. One just needs to submit their Aadhaar number and Iris image to UIDAI’s Central Identities Data Repository (CIDR) for verification. The CIDR then verifies whether the image submitted matches with the Iris data available in CIDR which was collected during enrollment. Once verified, the CIDR responds with Yes or No message. The government claims that this service can be availed by anyone who has an Aadhaar number including old, blind and those who may have undergone cataract surgery. It also claims that it can offer Iris Authentication for 350 million residents who currently hold Aadhaar number.

Authentication service using One Time Pin (OTP): Through this authentication process, residents will be able to authenticate their identity for Aadhaar enabled service by providing a combination of Aadhaar number and OTP sent to the registered mobile number provided at the enrollment time or subsequent updation.

This process can be carried out by users themselves using their mobile number on a self service mode without having to use biometric authentication device which requires assisted service. To use this authentication method, one has to request for OTP against an Aadhaar, which is sent to UIDAI’s CIDR. CIDR then sends a newly generated random OTP to users mobile or email address. The users then have to submit the Aadhaar number and the OTP received on their mobile number or email address to CIDR for verification. Once verified, CIDR responds with a Yes or No reply.

Aadhaar Kendra: Besides these services UIDAI has also launched Aadhaar Kendra, which will be permanent enrollment centers to facilitate enrollment of residents. Besides registrations, one can also update their biometric or demographic data at these centers. These centers will be located in the Common Services Centers, government buildings or in official premises of the registrar. Note that while earlier these enrollment was free, the registrar at these centers may choose to charge a convenience fee not exceeding Rs 10 for printing e-Aadhaar letter and Rs 12 for update requests.

It has also announced that Aadhaar enabled service delivery will soon be linked to various schemes such as MNREGA wage payments, PDS distribution, payment of social security benefits, among others.

RCOM’s Aadhaar-Based Authentication: Just yesterday, RCOM announced that it will be using Aadhaar’s online authentication process to activate new connections. The company claims to have tested this solution in a non company owned multi brand small retail outlet and claims to be the first telco in the country to offer Aadhar authentication in both company owned and non company owned multi brand small retail outlet. Vodafone had also carried out pilot project offering Aadhaar based verification in October 2012.