March 20, 2017 -
Unique Identification Authority of India (UIDAI), the governing agency in charge of Aadhaar, will make it mandatory for all devices using Aadhaar authentication to comply with its new encryption standards, according to a report by The Economic Times.
The new rule is intended to provide an extra security layer to the hardware as the country transitions to biometrics-based digital payment system.
“We have recently come out with new specifications and asked manufacturers and vendors to go for STQC certification as per the new stand,” UIDAI CEO Ajay Bhushan Pandey said. “We are continuously trying to tighten the security. We felt that while the system is secure, we want to further improve the security by building one more layer. So, if the device itself can be encrypted it will be harder to break into the system.”
Pandey said that only those devices that want to use Aadhaar authentication would have to adhere to the new standards, while only ‘registered devices’ that incorporate the new specifications would be allowed to conduct Aadhaar authentication.
“We are continuously trying to tighten the security,” Pandey said. “We felt that while the system is secure, we want to further improve the security by building one more layer. So, if the device itself can be encrypted it will be harder to break into the system.”
Pandey also said that while there are only two locks currently available – one at the level of agency and another at UIDAI – the new system will add a third lock on the biometric device itself.
UIDAI has been in discussions with the device vendors for nearly 18 months for implementation of the new specifications, during which time the number of daily Aadhaar enrolments and authentications have increased from 1 million to 20 million.
“Unless they see demand, no manufacturer will manufacture as per your specification. Now manufacturers too are showing interest,” Pandey said. “They know when they make specially designed biometric fingerprint scanner for Aadhaar and put another lock as per UIDAI’s requirement, it will sell in the market. Hence, they are open to the idea.”
Previously reported, the Unique Identification Authority of India is acquiring new hardware to raise its authentication capacity to 100 million transactions a day.