UIDAI extends deadline for new security key for biometric authentication devices
Unique Identification Authority of India (UIDAI), the governing agency in charge of Aadhaar, has given a four-month extension to manufacturers and user agencies to comply with the new encryption requirements for biometric authentication devices as well as implemented a strict fine for those organizations that fail to comply by July 31, according to a report by Money Control.
The authority originally set a June 1st deadline for manufacturers, banks and telcos to comply with the new requirements, but they will now have until September 30 to ensure that they have embedded the new encryption key in all devices used for Aadhaar authentication.
Nearly 11.5 million to 11.6 million biometric devices are currently being used for Aadhaar authentication across India.
In addition, more than 1.15 billion Aadhaar have been generated in the country, while the total number of Aadhaar authentications has surpassed 6 billion.
“We have decided to grant additional time as some device manufacturers and user agencies asked for more time for rolling out the new standards onto existing authentication devices,” UIDAI CEO Ajay Bhushan Pandey, said.
UIDAI will impose a Re 0.30 (US$0.005) fine on each transaction for any agency that is using non-conforming or ‘unregistered’ biometric devices after July 31.
In addition, only ‘registered devices’ that incorporate the new specifications will be allowed to conduct Aadhaar authentication after September 30.
Pandey said that UIDAI deviced to push back the deadline to ensure that the authentication process would not be disrupted, as well as reassured the public that the security layers currently in place will sufficiently protect the system against any potential breach.
He added that while two “locks” exist – one at the agency level and another at UIDAI – the new system will implement the third lock on the biometric device itself.
“Nearly two crore authentications are taking place every day, and we wanted the encryption roll-out to be non-disruptive,” Pandey said. “So we decided to take a gradual and measured approach.”
The fines being imposed will ensure that the user agencies place more pressure on device manufacturers to comply with the new standards as early as possible.