In 2009, the Government of India set up UIDAI(Unique Identification Authority of India). This was done to uniquely and digitally identify the citizens. Social security of an individual was the primary reason to set up Aadhaar.
The driving force behind Aadhaar
So the Govt of India came up with an idea of providing a UID to create an identity for every citizen to prevent leakages in subsidy tranfer. This was done by taking the personal and biometric details to eliminate duplicates.
A brief overview
- The entire Aadhaar application ecosystem was built using open APIs. This was done so that banks and other platforms can be integrated with the Aadhaar platform.
- The Aadhaar backend is the largest biometric repository in the world. It is also the first to provide an online, multi-factor authentication service.
- It is believed that the Aadhaar system has more than 4000 terabytes of data.
- Aadhaar’s back end technology is worth discussing. Consider this, you have the entire population in a single database. Imagine the potential of this achievement if Aadhaar is used properly.
Had Aadhaar been implemented properly,
- India would have been a paperless society today. No more paper verification needed for confirming your identity.
- There would have been linking of Aadhaar to rural schemes to track health and education of children.
- We would have had a national database for health records.
- We would have had a database for skills of citizens. A major boost for generation of employment.
So how does Aadhaar actually work?
The Aadhaar system was designed keeping three things in mind
- Open Architecture- To ensure openness. The system was built such that open APIs can build on top of existing Aadhaar APIs. The identity system was designed to work on any device and any network
- Design for scalability-Enrolment for Aadhaar involved de duplication. The citizen’s demographic data and biometric data were matched with the already existing data so that no duplication occurred. Imagine the amount of transactions the server has to do. At the same time, online services like Aadhaar authentication need to be up and running. This involved massive server load and it was important that there was high scalability
- Data Security-Data privacy is always an issue. Aadhaar used 2048 bit end to end encryption. A keyed hash message authentication code(HMAC) was used to detect tampering. Even if someone intercepts the data packet, it was impossible for them to decrypt the data. It is important to note that Aadhaar never returns the data when the API is called for authentication. It only returns a yes or a no. Also the UID is just a random number, no personal information is embedded into it. Even after extensive security measures, Aadhaar was criticised for not being extra careful about citizens data.
The major part of enrolment apart from collecting details is de duplication.
During de duplication, the data is sent to three different ABIS(Automatic Biometric Identification System). The results of all the three is combined to improve the accuracy of de duplication. If ABIS fails, the entire systems does not come to a halt.
The software used for collecting data, called the Enrolment Client(EC) works offline. It does data validation, quality checking and captures location and time. It also has some built in features like data encryption, encrypted data storage. The software is also in constant touch with the server also called smart sync
Aadhaar Number Generation
On successful validation of data, a 12 digit unique number is generated. The first 11 digits are random and the last digit is a checksum based on Verhoeff algorithm. This ensures that the UID is unique. The rejected enrolments are stored in a reject database.
If a citizen wishes to update his details, there are special centers for this. Here a mini version of the EC is used. The Update API ensures that authentication is done along with the validation of data.
Basic Architecture Explained
The architecture today has evolved from mainframe era to a cloud computing era. The data should now to be presented in highly interactive form. There is a massive increase in the amount of data. Aadhaar has petabytes of data.
Aadhaar uses Open Scale-out architecture. It does not depend on OS, database vendor or storage. The system is built entirely using open source. This also allows the existence of heterogenous hardware within the same application.
Technology, Commodity Hardware
For syncing, communication takes place through HTTP using SSL encryption. REST interface is also used for remote access. Data is sent using POST method. Security tokens are sent and received to ensure secure communication.
Printing and Logistics
Logistics is another area where there is seamless interaction among vendors. The logistics and printing module of Aadhaar is capable of re printing specific letters during any updates or changes. All this is integrated using a common integration layer. The print documents are encrypted and are digitally signed XMLs. After the printing is done, the letter bags are handed over to India Post for delivery.
The monitoring dashboard
What went wrong with Aadhaar?
The things that go behind Aadhaar are extra ordinary. There is much more that is happening in the system. A one page article will not be enough to explain Aadhaar’s working. The implementation went wrong because the Government did not get the basic things right. Petty politics brought one of the most ambitious projects down.
Just to find out that something as big as Aadhaar was tried in India is much more satisfying than the end result. Hats off to a ‘Made in India’ project. Hope the project is revived by the present government