Aadhaar-Behind the scenes

Author:Bhargav

In 2009, the Government of India set up UIDAI(Unique Identification Authority of India). This was done to uniquely and digitally identify the citizens. Social security of an individual was the primary reason to set up Aadhaar.

The driving force behind Aadhaar

AAdhaarThe Government of India spends about $30bn only for subsidies. But there is no guarantee that this is actually reaching the people. Less than 20% of the population have a bank account.


So the Govt of India came up with an idea of providing a UID to create an identity for every citizen to prevent leakages in subsidy tranfer. This was done by taking the personal and biometric details to eliminate duplicates.

A brief overview

Financial inclusion, direct cash transfers, pensions, health services delivery, identity, crime reduction, transparency in transactions. You name it, Aadhaar has the capability to do it.

Had Aadhaar been implemented properly,

  • India would have been a paperless society today. No more paper verification needed for confirming your identity.
  • There would have been linking of Aadhaar to rural schemes to track health and education of children.
  • We would have had a national database for health records.
  • We would have had a database for skills of citizens. A major boost for generation of employment.

So how does Aadhaar actually work?

Aadhaar Application

Page-39-Image-13

The Aadhaar system was designed keeping three things in mind

  • Open Architecture- To ensure openness. The system was built such that open APIs can build on top of existing Aadhaar APIs. The identity system was designed to work on any device and any network
  • Design for scalability-Enrolment for Aadhaar involved de duplication. The citizen’s demographic data and biometric data were matched with the already existing data so that no duplication occurred. Imagine the amount of transactions the server has to do. At the same time, online services like Aadhaar authentication need to be up and running. This involved massive server load and it was important that there was high scalability
  • Data Security-Data privacy is always an issue. Aadhaar used 2048 bit end to end encryption. A keyed hash message authentication code(HMAC) was used to detect tampering. Even if someone intercepts the data packet, it was impossible for them to decrypt the data. It is important to note that Aadhaar never returns the data when the API is called for authentication. It only returns a yes or a no. Also the UID is just a random number, no personal information is embedded into it. Even after extensive security measures, Aadhaar was criticised for not being extra careful about citizens data.

Enrolment

The demographic details along with the bio-metric details are collected in this stage.


The major part of enrolment apart from collecting details is de duplication.
During de duplication, the data is sent to three different ABIS(Automatic Biometric Identification System). The results of all the three is combined to improve the accuracy of de duplication. If ABIS fails, the entire systems does not come to a halt.

The software used for collecting data, called the Enrolment Client(EC) works offline. It does data validation, quality checking and captures location and time. It also has some built in features like data encryption, encrypted data storage. The software is also in constant touch with the server also called smart sync

Page-99-Image-26
The client works on both Windows and Linux.


The EC, in real time, performs translation into local language.


During master sync, all the packet data is sent to the server. After the server confirms the processing of data, the data is deleted from the enrolment database on the client side.


The EC ensures that the entire data is encrypted even before it is stored to the disc.


The EC also sends data like “how long operator spent on demographic data screen”, “how many times a fingerprint was captured”, etc. to the server.

Page-43-Image-15
Each data packet is about 3MB in size. Once exported from the EC, these are uploaded in encrypted form. Scanning for viruses, malware is also done during this process.

Page-91-Image-24

Authentication Module

This is a process in which the UID is sent to servers along with other attributes for verification. In addition to this, OTP or biometric authentication can also be done.


Aadhaar Authentication API is open source and can be viewed on their website
Along with Aadhaar Authentication API, there are two other APIs, Best Finger Detection(BFD) API and OTP API.


The basic job of the Authentication Server is to the match the demographic data with the help of BFD and OTP APIs.

Page-56-Image-18
It is also responsible for detecting inline frauds, sending SMS/Email notifications
The servers are capable of handling 1.5 million transactions every day. They are built to scale horizontally.


Initially MongoDB was used as MySQL was not capable of storing images. MongoDB was unable to handle the load, Aadhaar is now slowly switching to MySQL.


Since there is a chance of false reject or a false accept during authentication, Aadhaar gives multiple attempts to users along with a backup authentication module.

Aadhaar Number Generation

On successful validation of data, a 12 digit unique number is generated. The first 11 digits are random and the last digit is a checksum based on Verhoeff algorithm. This ensures that the UID is unique. The rejected enrolments are stored in a reject database.

Updates/Changes

If a citizen wishes to update his details, there are special centers for this. Here a mini version of the EC is used. The Update API ensures that authentication is done along with the validation of data.

E-KYC Module

Verification of identity in banks is done using KYC module. This is ensure identity without any physical documents.


The E-KYC API is also open source. This integrates with the Aadhaar application for the authentication.


The KYC server login is given below

Page-145-Image-50

Basic Architecture Explained

The architecture today has evolved from mainframe era to a cloud computing era. The data should now to be presented in highly interactive form. There is a massive increase in the amount of data. Aadhaar has petabytes of data.

Page-72-Image-20
These affect the building of next generation systems.


Architecture has moved from Scale-up in 1980s to Scale-out in 2000s to Open Scale-out today


Aadhaar uses Open Scale-out architecture. It does not depend on OS, database vendor or storage. The system is built entirely using open source. This also allows the existence of heterogenous hardware within the same application.


Aadhaar uses distributed platforms for handling the massive amounts of data. Google had demonstrated this earlier

Technology, Commodity Hardware

Aadhaar system uses XML, JSON, 2048 bit encryption, open protocols like HTTP. The system uses Java as its primary programming language.


Aadhaar system works on commodity hardware. It consists of cheap servers than run 64 bit Linux. For storage, SATA disks are used. The servers run on 10Gbps network.


Apart from this, Aadhaar uses auto-suggest dictionary, GPS API and Translation API.

Page-100-Image-28 Page-100-Image-30


For syncing, communication takes place through HTTP using SSL encryption. REST interface is also used for remote access. Data is sent using POST method. Security tokens are sent and received to ensure secure communication.

Printing and Logistics

The printing module provides the layout for the template in all Indian languages. Changes to the template are distributed as updates.


Logistics is another area where there is seamless interaction among vendors. The logistics and printing module of Aadhaar is capable of re printing specific letters during any updates or changes. All this is integrated using a common integration layer. The print documents are encrypted and are digitally signed XMLs. After the printing is done, the letter bags are handed over to India Post for delivery.

The monitoring dashboard

Page-161-Image-58

What went wrong with Aadhaar?

The things that go behind Aadhaar are extra ordinary. There is much more that is happening in the system. A one page article will not be enough to explain Aadhaar’s working. The implementation went wrong because the Government did not get the basic things right. Petty politics brought one of the most ambitious projects down.


Aadhaar never got the respect it deserved.


Just to find out that something as big as Aadhaar was tried in India is much more satisfying than the end result. Hats off to a ‘Made in India’ project. Hope the project is revived by the present government

Reference and Image Source: http:///www.uidai.gov.in

Like the post? Share it.

Advertisements

2 thoughts on “Aadhaar-Behind the scenes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s