Security & Privacy Challenges in UID project · 2018. 5. 31. · and privacy issues in the UIDAI project. 2.1. Issues surrounding Biometrics Before we understand the security issues

Security and Privacy Challenges

in the

Unique Identification Number Project A Government of India initiative under UIDAI

Position Paper - Prepared by DSCI

With inputs from the Industry 21st January 2010

Submitted to Unique Identification Authority of India

(UIDAI)

Security amp Privacy Challenges in UID project

Public Use Page 1

Acknowledgement

DSCI would like to thank Mr Karthik Muthukrishnan (Application Security Architect ndash MNC Bank) for his valuable contribution in the Position paper His ideas and perspective of security and privacy challenges specifically under the Indian context has provided us with a great value addition in the paper DSCI would further like to thank various DSCI chapter members who have contributed their views for this position paper

DSCI acknowledges Dr Ann Cavoukian (Information and Privacy Commissioner of Ontario) and Dr Alex Stoianov (Biometrics Scientist) on their article ldquoBiometric Encryption A Positive-Sum Technology that Achieves Strong Authentication Security AND Privacyrdquo from which DSCI was able to provide various perspective of secure usage of Biometrics for the Identification purposes

Finally we would also like to thank Mr Nandan Nilekani (Chairman UIDAI) for giving us an opportunity to present our views on the unique identification number project of UIDAI

Data Security Council of India (DSCI) Niryat Bhawan 3rd Floor Rao Tula Ram Marg New Delhi - 110057 India

Authors

Name Designation

Mr Vikram Asnani Sr Consultant ndash Security Practices DSCI

Mr Vinayak Godse Sr Manager ndash Security Practices DSCI

Dr Kamlesh Bajaj Chief Executive Officer (CEO) DSCI

Disclaimer

All trademark names are property of their respective companies Information contained in this paper has been obtained by various sources The Data Security Council of India (DSCI) considers to be reliable but is not warranted by DSCI This paper may contain opinions of DSCI and its associated members which are subject to change from time to time


Public Use Page 2

Table of Contents

ACKNOWLEDGEMENT 1

1 INTRODUCTION 3

2 SECURITY AND PRIVACY CHALLENGES IN UIDAI PROJECT 3

21 ISSUES SURROUNDING BIOMETRICS 3

22 BIOMETRICS ACCURACY 5

221 Security Vulnerabilities of a Biometric System 7

23 SECURITY AND PRIVACY CHALLENGES IN A CENTRALIZED UID DATABASE 8

231 Security challenges during collection 10

232 Security challenges during transmission 12

233 Security challenges during Storage 13

24 BIOMETRIC ENCRYPTION ndash SECURING THE CENTRALIZED UID DATABASE 14

25 STRONG AUTHENTICATIONS ndash PRESUMABLY BY APPLICATIONS 15

3 CHALLENGES IN INDIAN SOCIO-POLITICAL SYSTEM 16

31 AUTHORITY RESPONSIBILITY AND ACCOUNTABILITY 17

4 ADDITIONAL OBSERVATIONS ON THE UIDAI APPROACH 17

5 LEGAL REGIME FOR PRIVACY 19

6 DSCI FRAMEWORK FOR DATA PROTECTION AND ITS RELEVANCE TO UIDAI DATA 21

7 SUMMARY 22

ANNEXURE 1 UIDAI FEATURES 24

ANNEXURE 2 UIDAI APPROACH ndash THREAT MODELING 29

ANNEXURE 3 THE UNDERPRIVILEGED SOCIETY 31

ANNEXURE 4 INDUSTRY RESPONSES 32


Public Use Page 3

1 Introduction

The Unique Identification Authority of India (UIDAI) was established in February 2009 for the purpose1 of issuing a unique identification number (UID) to all Indian residents that (a) is robust enough to eliminate duplicate and fake identities and (b) can be verified and authenticated in an easy cost effective way

A key necessity of the UID system is to reduceeliminate duplicate identity in order to improve the efficiency of the service delivery of various government initiatives UIDAI has chosen biometrics feature set as the primary method to check for duplicate identity In order to ensure that an individual is uniquely identified it is necessary to ensure that the captured biometric information is capable of enabling de-duplication accurately at the time of collection of a personrsquos information resident in India As UIDAI proposes to use common demographic data for establishing and verifying identity it becomes critical to standardize these fields and the verification procedure across registrars and to aid interoperability across many systems that will be used to capture and work with resident identity

The features and benefits of the UIDAI model as per the draft paper available on the UIDAI website ldquoCreating a unique identity for every resident in India - Draft approachrdquo are captured in Annexure 1 of this paper

2 Security and Privacy Challenges in UIDAI Project

The basic requirement and objective of UIDAI is to uniquely identify an individual out of a population of 12 billion people and to eliminate duplicate identity UIDAI has selected biometrics feature set as the primary method to check for duplicate identity In this section we will discuss on some of the security and privacy issues in the UIDAI project

21 Issues surrounding Biometrics Before we understand the security issues surrounding biometrics we need to understand the fundamentals of identity and authentication2 An identity is defined as ldquowho you arerdquo while dealing with authentication it is defined as ldquoHow can you prove itrdquo A system must maintain distinct mechanisms for identity and authentication Identity must be unique Authenticators however donrsquot have to be unique -- only secret Now consider biometrics - Given the definitions and characteristics of identity and authentication what is biometrics identity or authentication

Before we answer the question letrsquos think about the attributes of biometrics Is it public or private Public of course We leave various biometrics everywhere we go -- our fingerprints remain on anything we touch our face is stored in countless surveillance systems our retina patterns are known at least by

1 |httpuidaigovindocumentsCreating a unique identity for every resident in Indiapdf

2 |httptechnetmicrosoftcomen-uslibrarycc512578aspx


Public Use Page 4

optometrist perhaps And itrsquos believed although there is no actual evidence to support the claim that biometrics are unique It follows that biometrics are identity not authentication

Identity and authentication are distinct components of the steps necessary to use a secure system Identity without authentication lacks proof authentication without identity invalidates auditing and eliminates multi-user capability

Consider the UIDAI system where biometrics is the only system used for uniquely identifying an individual In such a system biometric is now serving both to identify you and to prove that you are you In a system where authentication is based on a simple password there is a possibility of changing a password if a bad guy learns your password but what if he gets your biometric spoofed how you will change it something you have is unique to you Further it should be evident that the loss or theft of onersquos biometric image opens the door to massive identity theft if the thief can use the biometric for his or her own purposes But because people usually only have two thumbs two eyes and one head it is nearly impossible to change these if and when the related biometric data become compromised In this sense biometrics operate like shared secrets or passwords ndash learn the secret and yoursquore in But there are some very important differences between biometrics and passwords you cannot change them and have no choice but to keep them for life Hence it is better to have additional parameters which are private and belong to the category of ldquosomething you knowrdquo Based on the Biometric Committee Report3 the Unique Identification Authority of India may consider all 10 fingerprints besides an IRIS scan or photographs of a resident especially in rural India to avoid loss of physical identification due to harsh working conditions And itrsquos believed although there is no actual evidence to support the claim that biometrics are unique As per the biometric committee report there are following issues across various biometrics options

FACE A face needs to be well lighted using controlled light sources for automated face authentication systems to work well Face is currently a poor biometric for use in de-duplication It performs better in verification but not at the desired accuracy rates In general it is a good biometric identifier for small-scale verification applications FINGERPRINT There is a large variation in the quality of fingerprints within the population The appearance of a personrsquos fingerprint depends on age dirt and cuts and worn fingers ie on the occupation and lifestyle of the person in general Sampling of the fingerprint is through contact ie pressing the finger against the platen of a fingerprint reader As a result there can be technical problems because of the contact nature of acquisition and problems related to the cleanliness of the finger and the platen Additionally there are people who may not have one or more fingers IRIS There are few legacy databases and not much legacy infrastructure for collection of the IRIS biometric Since the IRIS is small sampling the IRIS pattern requires a lot of user cooperation or the use of complex and expensive devices The performance of IRIS authentication can be impaired by the use of spectacles or contact lenses Also some people may be missing one or both eyes while others may not have the motor control necessary to reliably enroll in an IRIS based system

3 |httpuidaigovindocumentsBiometrics_Standards_Committee20reportpdf


Public Use Page 5

22 Biometrics Accuracy

To assure uniqueness across a population of 12 billion people within technological and economical constraints two important factors raise uncertainty4 First is the scale of database size of a billion and second is the fingerprint quality the most important variable for determining accuracy There has been no proven technology for Biometrics which is 100 accurate The best system was accurate 986 percent of the time on single-finger tests 996 percent of the time on two-finger tests and 999 percent of the time for tests involving four or more fingers These accuracies were obtained for a false positive rate of 001 percent (National Institute of Standards and Technology (NIST) tested 34 commercially available systems5 provided by 18 companies from around the world) So even considering a situation wherein there is 9999 accuracy in the biometric we can see that out of 12 billion people 120000 people will have false positives Further considering the technology and amount of information that will be stored in the form of biometrics it is estimated that the amount of data will approximately be equivalent to 10215 TB as per Biometric committee report

FINGERPRINT For all 10 fingers 10000 TB (Tera Bytes)

IRIS 150KBSubject 200 TB (Tera Bytes)

FACE 11 KBSubject (compression ratio of 10) 15 TB (Tera Bytes

The gross false accept and false reject error rates associated with the fingerprint face and IRIS modalities reported in the Biometric committee report is

Biometric identifier Reference FRR FAR

Fingerprint NIST FpVTE 01 1

Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094

Further the biometric committee report states that the consequences of False Acceptance Rate (FAR) and False Rejection Rate (FRR) of biometrics accuracy during authentication are central to the judicial design of the UID system FAR determines potential number of duplicates FRR determines number of enrolments necessitating manual check hence labor cost Though there is no empirical study available to estimate the accuracy achievable for fingerprint under Indian conditions Indian conditions are unique in two ways

Larger percentage of population is employed in manual labor which normally produces poorer biometric samples

Biometric capture process in rural and mobile environment is less controllable compared to the environmental conditions in which Western data is collected

4 Biometric Committee report| 124 Biometric accuracy pg 21 of 57

5 httpwwwnistgovpublic_affairsreleasescomputer_fingerprinthtm


Public Use Page 6

NIST reports6 FAR of 007 at FRR 44 for 6 million fingerprint gallery size using two plain fingers Similar results were reported for FBIrsquos IAFIS System of 46M samples It is safe to conclude that 99 accuracy - True Acceptance Rate (TAR) can be achieved for database size of 50 million Several NIST reports allow us to estimate the scaling of above data for larger gallery size and for ten fingers Based on these result we can expect that on a population size which is 200 times larger (12 billion versus 6 million) the same system will have an FAR of approximately 007200 = 14 The FRR can be expected to be about 4 based on matching of 2 finger plain fingerprints The table below lists the effect on FAR by increasing the number of fingers for the same FRR4

Number of Fingers FRR FAR

2 103 292

10 109 00

Based on the Empirical data compiled by NIST7 several non-technical factors that can impact accuracy more significantly than technical accuracy improvement efforts are

Simple operational quality assurance

A few simple operational techniques such as keeping a wet towel or maintaining the device in good working order can be superior to squeezing an additional fraction of a percent in accuracy rates through technical improvements An unchecked operational process can increase the false acceptance rate to over 10

Missing Biometric Records

In the data analyzed 2 to 5 of subjects did not have biometric records Missing biometrics is a license to commit fraud It is believed that the failure is due to poorly designed processes The enrolment process when examined had loopholes which prevented it from detecting such omissions

Biometric Software The biometric software needs to be tuned to local data Un-tuned software can generate additional errors in the range of 2 to 3

Further assuming that biometric fingerprint is the only differentiator between past efforts and the UIDAIrsquos letrsquos look at the following analogy Assuming that an identity fraud was committed using the false fingers of a resident - letrsquos call himher (X) Practically let us also consider the corruption index of India8 and assume that the enrolling agencies cannot be trusted When the fraud comes to light will the UIDAI ever be able to trust the fingerprints of (X) again If UIDAI chooses to trust (X) fingerprints how will the authenticators be assured that the authentication is strong reliable and sustainable

Now letrsquos assume that the UIDAI chooses to trust the (X)rsquos fingerprints after a known false finger fraud UIDAI cannot ensure non-repudiation by (X) for any transactions Is such an authentication that cannot guarantee non-repudiation reliable and strong If UIDAI chooses not to trust the fingerprint of (X) then how can UID claim to be a strong and reliable authentication mechanism when other IDs cannot

6 NISTIR 7110 Matching Performance for the US-VISIT IDENT System Using Flat Fingerprints C L Wilson M D

Garris amp C I Watson May 2004 7 Biometric Committee report| 124 Biometric accuracy pg 22 of 57

8 Global_Corruption_Report_2009_170909_2_web[1]Apdf


Public Use Page 7

How will the fraudulent enrollments be detected Can a nefarious person apply for a second ID by sticking synthetic glue to some places in his fingers

In such cases does the integrity of UID data depend on the registrars to be not corrupt How does the system handle fraud when corrupt officials go hand in glove with fraudsters during such enrollment

Are audits by UIDAI a sufficient deterrent Will the negative impact of an audit finding be so low that an audit finding is more of an inconvenience rather than a deterrent

None of the fields in the CIDR including the finger print are a secret Fields like Date of Birth Photograph and Fingerprints are not revocable If an identity fraud happens these non-revocable fields can never be trusted to confirm the identity of the person Persons with disabilities (such as ones without both hands) need to provide additional provisions for biometric authentication If the fingerprint is not used then the UID provides no better authentication than existing ones UIDAI needs to examine how it will counter fraud of UIDs for disabled persons Considering the data flow in the UIDAI system a threat model which covers a few scenarios and possible external and internal threat vectors is presented in Annexure 2

221 Security Vulnerabilities of a Biometric System

Biometric systems especially one-to-one may become vulnerable to potential attacks9 10 Some of these security vulnerabilities include the following

Spoofing It has been demonstrated that a biometric system sometimes can be fooled by applying fake fingerprints face or IRIS image etc

Replay attacks eg circumventing the sensor by injecting a recorded image in the system input ndash much easier than attacking the sensor

Substitution attack

The biometric template must be stored to allow user verification If an attacker gets an access to the storage either local or remote he can overwrite the legitimate userrsquos template with hisher own ndash in essence stealing their identity

Tampering Feature sets on verification or in the templates can be modified in order to obtain a high verification score no matter which image is presented to the system

Masquerade attack

A digital ldquoartifactrdquo image can be created from a fingerprint template so that this artifact if submitted to the system will produce a match The artifact may not even resemble the original image This attack poses a real threat to the remote authentication systems (eg via the Web) since an attacker does not even have to bother to acquire a genuine biometric sample All he needs is just to gain an access to the templates stored on a remote server

Trojan horse attacks Some parts of the system eg a matcher can be replaced by a Trojan horse

9 N K Ratha J H Connell R M Bolle Enhancing security and privacy in biometrics-based authentication systems

IBM Systems Journal vol 40 NO 3 pp 614 ndash 634 2001


Public Use Page 8

program that always outputs high verification scores

Overriding YesNo response

An inherent flaw of existing biometric systems is due to the fact that the output of the system is always a binary YesNo (ie matchno match) response In other words there is a fundamental disconnect between the biometric and applications which make the system open to potential attacks For example if an attacker were able to interject a false Yes response at a proper point of the communication between the biometrics and the application he could pose as a legitimate user to any of the applications thus bypassing the biometric part

How can the challenge of storing biometrics of the entire population of the country be addressed when

it is prone to compromise to attacks from the outside and insiders This will be briefly discussed in a

separate section on biometric encryption section 234

23 Security and Privacy Challenges in a Centralized UID Database

The next big challenge is around security and privacy of the central repository where the complete database of public personal information exists The Central ID Repository (CIDR) is the single location where all the personal information of the residents of the country will be stored Significant privacy (and operational) concerns10 arise with collection and use of more and more biometric data for identification purposes To begin with the creation of large centralized databases accessible over networks in real-time presents significant operational and security concerns If networks fail or become unavailable the entire identification system collapses Recognizing this system designers often build in high redundancy in parallel systems and mirrors (as well as failure and exception management processes) to ensure availability However this can have the effect of increasing security risks and vulnerabilities of the biometric data not to talk of privacy risks Large centralized databases of biometric Personal Identifiable Information hooked up to networks and made searchable in a distributed manner represent significant targets for hackers and other malicious entities to exploit Further large centralized databases are more prone to functional creep (secondary uses) and insider abuse There are also significant risks associated with transmitting biometric data over networks where they may be intercepted copied and actually tampered with often without any detection Some of the other security and Privacy threat to UID system are detailed below11

10

Biometric Encryption A Positive-Sum Technology that Achieves Strong Authentication Security AND Privacy Ann Cavoukian PhDInformation and Privacy Commissioner of Ontario and Alex Stoianov PhD Biometrics Scientist 11

The ENISA position paper ldquoPrivacy feature of European eID Card Specificationsrdquo| wwwenisaeuropaeuactiteideid-cards-enat_downloadfullReport


Public Use Page 9

Falsification of Content The falsification of content due to unauthorised writing into the file system is a threat An altered UID could for example be accepted as authentic if there are no appropriate security measures in place

Eavesdropping

An attacker intercepts the communication between the Registrar system and CIDR and reads the data

Man-in-the-middle attack

Similar to the privacy threat ldquoeavesdroppingrdquo but the attacker is located between the Registrar system and the servermiddleware and communicates with both sides

User signs a bogus document

This can happen for example if what the user sees is not actually what they are signing It can be a privacy threat because the userrsquos data could be misrepresented as a result thereby compromising the privacy principle of the right to rectification

User authenticates to a bogus server due to misplaced trust in a server

This constitutes a privacy threat because the bogus server can then access the userrsquos information

Physical Attacks

Invasive attacks involving eg rewiring a circuit on the chip or using probing pins to monitor data flows They usually aim at stealing private keys in order to access private data

Side-Channel Attacks These attacks use information leaked through so-called side-channels to gain access to private data

Cryptanalytic attacks These attacks directly target the cryptographic algorithms in order to break the confidentiality of information transmitted

Skimming attacks

An attacker opens a clandestine connection to the Registrar database and gains access to the data This privacy threat does not apply but in theory there exists the possibility of skimming Even so there is a considerable incentive to install a hidden reading device that skims personal information from Registrar Database

Though we have no doubts that the central repository will have state-of-the-art IT infrastructure and security controls and thus very difficult to attack it is the other registrars and the agencies which will capture the data and store the same even as they transmit the same to CIDR that may turn out be the weakest link when it comes to the security and privacy The latter are likely to be susceptible to attacks from all angles - people process and technology Those in the remote areas are expected to be more vulnerable since they may not be able to find people to operate the centers securely

Given the experience of implementing large projects in areas away from the metros and major cities it may be a tall order to expect the registrar offices to implement secure processes with adequately trained people for handling and retaining the integrity of the data stored at the registrar locations And it is such registrars and sub-registrars and their agents who among them may collect and retain data of over 70 residents Based on the amount of personal information collected by the UIDAI and its registrars let us evaluate on the security and privacy issues at various stages of the information lifecycle ie collection transmission and storage


Public Use Page 10

231 Security challenges during collection

As we understand from the draft approach on UIDAI

published in the UIDAI website the project will take

support from various registrars who in turn will set

up various sub-registrars and enrollment bodies

(including NGOs individuals) under them to collect

the data The UIDAI will enter into agreements with

individual Registrars and enable their on-boarding

into the UID system It is the responsibility of the

registrar to ensure that clean and correct data flows

into the CIDR It may be worth recalling the

emphasis of the Biometrics Committee on following

stringent processes for capturing correct biometrics

that is capable of enrollment within acceptable levels of FAR and FRR for the biometrics to be useful for

its intended purpose ie de-duplication How will the best practices implementation be ensured This

will be critical to the success of UID since as observed by the Committee there were enrollments even

without capturing biometrics at all

The registrarsrsquo key role in the system will be in aggregating enrolments from sub-registrars and enrolling

agencies and forwarding it to the CIDR While sub-registrars will work under the registrars the enrolling

agency will directly interact with and enroll residents to the CIDR

Though it is assumed that the CIDR will have state-of-the-art infrastructure including multi-factor physical and logical security at all the end-points there is a question mark on the integrity authenticity and security of the data that flows from resident to the registrars and finally to the CIDR Considering the above scenario it is assumed that various collection agencies in the form of registrars sub-registrar and enrollment agencies will be spread across India Each of these collection agencies will collect the details of the residents and pass on the same in batches to the CIDR Some of the key issues that need to be addressed in these collection agencies are described below

S NO KEY OBSERVATIONS

1 It is expected that the registraragencies will follow a standard defined procedures for collecting the information from the residents However these agencies will also be required to collect the biometric samples which mean that there is a requirement of a standard technology across the registrarsrsquo offices and enrollment agencies to record the biometric data

2 It is assumed that the registrars will also store the initial data that is collected from the residents this creates a huge window of opportunity for data leakage Considering Indian boundaries which have around 543 parliamentary constituencies12 and each of them has around 2 million residents on an average Assuming that at least 1 registrar is present in each

12

httpecinicineci_mainStatisticalReportsLS_2004Vol_I_LS_2004pdf - pg52- number of polling stations

Adopted from Draft approach on UIDAI


Public Use Page 11


constituency the data leakage scenario of 2 million residents multiplies itself by 543 times 3 Considering the size of database where multi-modal biometric is used for storage which comes

around to 8 MB of data per subject and multiplying the same with 2 million people (per constituency) the data stored at each constituency will be around 1600 TB Managing and securing a database size of 1600 TB at each constituencies with different registrars and enrollment agencies under them is a tremendous challenge for the authority

4 Since the sub registrar and enrollment agencies will work under the registrars for collecting data the data leakage or sabotage scenario at this location also needs to be considered As per election commission report10 there were 56168 polling stations across India during 2004 election Considering that UIDAI has similar amount of sub registrarsagents to cover as much residents as possible a single data leakage scenario multiplies by 56 168 factor

5 Considering the number of sub-registrars and enrollment agencies that need to be setup the integrity and accountability of the person working under them needs to be ascertained The UIDAI assumes to take care of these issues under the current legal regime of the country But the problem whether our Indian legal regime is strong enough considering where many of the cases are pending for around 20 years in judicial systems and our country among others also has a distinction of having many members of parliaments under criminal cases

6 It is also assumed that these registrars and possibly sub-registrars will also store the physical copies of the documentary evidence collected by the residents Hence there is a need for secure warehouses all over the country Being in the remote areas of the countries where normal food clothing and shelter is a question mark today - physical security at the sub-registrars and enrollment agencies warehouses - working under a registrar itself poses a challenge for the Authority

7 Each of the registrar offices needs to have a standard application support and network infrastructure for communicating with the CIDR The management and maintenance of this infrastructure will require various third party service providers including the Internet service providers Considering the remoteness of these areas the Authority cannot rely on a single vendor for the same which increases the stakeholders in the system and also opens a door of vulnerability which might compromise the sensitive data collected at these offices Vendor management running into hundreds if not thousands will be a problem in its own right

8 Finally the integrity of the data requires that the collected personal information is validated against the CIDR and the biometrics needs to be updated from time to time ie every 5 years for people below the age of 18 and every 10 years for people above the age of 18 Thus ensuring that the registrar plays an active role for creating and updating the personal information from time to time it has to retain the data locally And this opens a door to data leakage Considering the above scenario appropriate mechanism will have to be established to check on the integrity of the data stored or updated at the registrar offices

We will now examine some of the possible data leakage scenarios during the collection stage of the UIDAI project by various registrars sub-registrars and enrollment agencies But before that let us understand the structure of the registrar offices it is assumed that each registrar or sub-registrar office will have

1 Authorized agents 2 Basic biometric device to collect finger print impressions cameras for face capture iris capture

devices


Public Use Page 12

3 Computer system to record the resident entries 4 A communication mechanism between the biometric device and the computer system 5 Internet service for communicating with the CIDR 6 Basic supporting infrastructure for the communication ie Database Applications Storage

Devices and Vaults for storing physical copies 7 Third party support for managing and maintenance of the IT and physical infrastructure of these

locations The enrolling Agents and Registrars are UIDAIrsquos greatest asset they can also be its greatest vulnerability There are two types of data security incidents that can result due to these agents and registrars ndash intentional and unintentional Intentional compromises are typically caused by disgruntled agents or those individuals trying to make a little extra cash on the side or are due to the pressure of high societyprivileged people or on the gunpoint considering our geographical landscape and unspoken truths of individuals residing there While there is also a high possibility of unintentional compromises by making honest mistakes while collecting or processing the data

There are other technological scenarios and limitations wherein the data available or collected at these authorized locations can be compromised either through a logical security compromise of the account or sharing of the account or due to application security (for interconnection between biometric and local server and from the local server to CIDR) Phishing attacks Malicious traffic Virus attacks Unauthorized Access due to Session hijack social engineering or physical security compromise either by internal or third parties supporting the basic infrastructure at each of these locations

The quality of biometric identification collected also poses a question mark and as already discussed there has been no proven technology which is 100 accurate till now Further there are widely available products which can change the biometrics of the finger by the use of chemicals such as gelatin this can also lead to creation of duplicate or fake unique identifications

232 Security challenges during transmission

Once the registrars collect the information from the residents the next challenge is the validation of these data with the CIDR for de-duplication This means that each registrar office or sub-registrars or enrollment agencies need to communicate with the CIDR We assume that a common application and infrastructure will be provided to every registrar office for communication Though the state of architecture can be guaranteed at the CIDR location having a similar infrastructure at every registrar or sub-registrars is an enormous challenge Since the data will flow in batches to and fro the Authority needs to assess the security during the transmission of the data It may be recalled that some of the worst data breaches occurred while data was being transmitted through post or couriers Though it may be assumed that the basic security features like firewall IPSIDS will be installed but the biggest challenge for the Authority is expected on the following

Use of secured communication channel

VPN preferably SSL-VPN or the use of MPLS clouds is generally recommended due to high sensitivity of the data being collected by the registrars How will UIDAI guarantee that such an infrastructure will be made available to all the


Public Use Page 13

registrarsrsquo offices spread in the country Where there is no Internet access it is assumed that the registrar will need to transmit these information physically through disks tapes either through courier or via hand to hand delivery this also creates a possibility of data leakage Even an encrypted tape can be recovered in todayrsquos world as there is lot of data recovery techniques available at a very low cost in the market

Encryption of the data

How much encryption is required whether symmetric or asymmetric all these are challenges that need to be analyzed Another challenge will be for the agents appointed by the Authority to have adequate knowledge and skills in encryption and decryption of the data

Key management Key management for generation exchange storage safeguarding use vetting and replacement of keys is a challenge Successful key management is critical to the security of a cryptosystem In practice it is arguably the most difficult aspect of cryptography because it involves system policy user training organizational and departmental interactions and coordination between all of these elements These concerns are not limited to cryptographic engineering Key management requires both technical and organizational decisions

Non-Repudiation UIDAI also needs to look at common attack vectors like a man-in-the-middle attack which involves using software or hardware to intercept network traffic and then send it to its destination so that the information can be used without the knowledge of the sender or the intended recipient

UIDAI also needs to build secure applications which need to be at least multi-factor authenticated and take care of session timeouts and have enough provision to secure the endpoints of the transactional layer The sensitivity of the data that the Authority is dealing with is such that it cannot be duplicated again because it is capturing the human biometric which cannot be changed if compromised

233 Security challenges during Storage

The aim of the project is to cover 12 billion people by capturing personal information of the residents along with their biometric information Considering the technology and amount of information it is estimated that the database size will around 10215 TB To manage the security of such large sensitive information which is distributed over various touch points across the country is a tremendous challenge for the Authority While we can ascertain that the security of the CIDR will be at the highest level with the state-of-the-art infrastructure and multi-factor security controls - both logical and physical there are threats from insiders This includes people from the data base administrators to the third party employees deployed for the maintenance of the statendashof-the-art infrastructure Studies continue to reveal that internal employees who are the greatest strength of an organization are also their weakest vulnerability Hence their accountability through regular audit and monitoring of the CIDR is extremely important to the Authority The registrarsrsquo offices which will also be required to store the information of the residents may not have the state-of-the-art architecture at par with the CIDR This makes them vulnerable to attackers


Public Use Page 14

who may exploit the information available at these locations Accountability and assurance of people working at these locations is required at an even greater level since they may be locally under the influence of bureaucrats politicians high class society privileged people The most important asset of UIDAI is the data This must be stored backed-up and archived This must also be kept in alternate (BCPDR) locations Many data storage protection measures include a strategic balance between information availability and information security Itrsquos easy to make information completely securemdashby locking it up in a safe for examplemdashbut the trick is to also ensure that it is available when needed However by providing information access there are always risks which generally fall into following categories

Malicious attacks Organized crime has moved online with a variety of tricks including the latest varieties of worms viruses bot networks and phishing attacks

Human error To err is human and unfortunately it happens all too often Agents might leave system unlocked trip over wires or cause system crashes Or as in some cases storage tapes are simply lost in transport

Infrastructure failures

IT infrastructures are not foolproof and all it takes is a power loss or a server failure to lose sensitive personal information To add to that natural disaster can strike and bring any part of the complete infrastructure to its knees

Un-Encrypted data

Unencrypted data is always going to be subject to some level of risk Un-encrypting any data that is going outside the facility raises the risk of the UIDAI Also a plan for decryption and the appropriate individuals having access to the encryption keys is a challenge for the authorities

Access control

Access Control is another basic security measure that should be in place within any facility IT should implement granular control of who can access data and the applications that manage data providing appropriate rights and permissions to various types of data

The storage of biometrics poses a challenge in the form of threat to privacy of an individualrsquos data But does it need to be stored at all Are there ways of using encryption in a way that biometrics of a person may be captured but not stored We will now describe Biometric Encryption as a way out

24 Biometric Encryption ndash Securing the Centralized UID Database

Biometric Encryption13 is a process that securely binds a cryptographic key to a biometric so that neither the key nor the biometric can be retrieved from the stored template The key is re-created only if the correct live biometric sample is presented on verification The digital key (password PIN etc) is randomly generated on enrolment and the user is not aware of it The key is completely independent of biometrics and therefore can always be changed or updated

13

Biometric Encryption A Positive-Sum Technology that Achieves Strong Authentication Security AND Privacy Ann Cavoukian PhDInformation and Privacy Commissioner of Ontario and Alex Stoianov PhD Biometrics Scientist


Public Use Page 15

After a biometric sample is acquired the Biometric Encrypted algorithm securely and consistently binds the key to the biometric to create a protected Biometric Encrypted template also called ldquoprivate templaterdquo In essence the key is encrypted with the biometric The Biometric Encryption template provides an excellent privacy protection and can be stored either in a database or locally (smart card token laptop cell phone etc) At the end of the enrolment both the key and the biometric are discarded On verification the user presents fresh biometric sample which when applied to the legitimate Biometric Encrypted template will let the encryption algorithm retrieve the same keypassword In other words the biometric serves as a decryption key At the end of verification the biometric sample is discarded once again The Biometric encryption system does not require actual Biometric to be stored in the Central Database and thus these encryption technologies have enormous potential to enhance privacy and security of the UIDAI data Some of the key benefits and advantages of this Biometric Encryption technology include

No retention of the biometric image or template

Multiple cancellable revocable identifiers

Improved authentication security stronger binding of user biometric and identifier

Improved security of personal data and communications

Greater public confidence acceptance and use greater compliance with privacy laws

Suitable for large-scale applications

25 Strong Authentications ndash Presumably by Applications Various reports14 suggest that UIDAI will use Strong Authentication but that needs further definition ldquoStrongrdquo is a relative term and so needs to be less ambiguous UIDAI approach does not define strong authentication Does it mean multi-factor authentication or strong encryption If it means multi-factor authentication the criteria that may be used by UIDAI need deeper analysis An authentication factor can be one of ldquowhat you knowrdquo ldquowhat you haverdquo or ldquowhat you arerdquo A multi-factor authentication involves two or more authentication factors Name birth date gender address and parents information are not secret and unsuitable as an authentication factor If it means strong encryption can the authentication still be deemed ldquostrong reliable and sustainablersquo when both the end-points are not to be trusted Given Indiarsquos corruption index the only safe assumption one can have is that none of the endpoints (government departments) are corruption free and cannot be trusted Any assumption to the contrary (even of UIDAI assumes trust on itself) needs to be proved and supported by hard evidence

14

Creating a unique identity for every citizen in Indiapdf


Public Use Page 16

3 Challenges in Indian Socio-Political System

The UIDAI project is one of the largest projects in terms of sheer volumes of data its reach and geographical diversity that it will cover But the following historical evidence may be kept in view Data compromise happened in Germany It happened in the United States despite promises of data confidentiality from those governments Comparing India directly with other countries may not be very correct but India has nothing that assures its residents that what happened in Germany and United States will not be repeated here

India has been ranked as low as 84 among 180 countries on the integrity score it continues to be perceived as a highly corrupt nation in the world by global corruption watchdog Transparency International in its latest survey15 ldquoIndiarsquos integrity score stands at 34 on a scale of 0(perceived as highly corrupt) to 10 (least corrupt)rdquo according to the Corruption Perceptions Index (CPI) 2009 prepared by the Berlin-based Transparency International16 an independent organization tracking prevalence of corruption worldwide In a comment17 to IANS it has been observed that this low ranking is a matter of concern for the nation as police and land records and registration were the most corrupt departments in India

ldquoThe UIDAI will not share resident datardquo But like all other government factions the UIDAI will co-operate with other government departments and data will be shared So what happens when a corrupt leader orders a database search of all persons with specific attributes such as name and city does the UIDAI have the authority to refuse

It is understood that such profiling can also be made from existing ID systems such as PAN card and Passport The risk here is that the UID will soon become mandatory like the SSN and it will make it easier for corrupt politicians to profile data We can safely assume that in future the UID will be linked to the Birth Certificate (which details the religion state mother tongue etc) When such profiling capabilities are in the reach of corrupt politicians and authorities it is a deadly weapon

The Authority needs to study some of the existing projects that failed to provide ldquoclear identitiesrdquo to residents The reasons for the success or failure of Passport PAN Card Ration Card and Voter ID to establish a ldquoclear identityrdquo need to be studied in greater detail even as UIDAI embarks on this project

Since there are no infallible and zero-risk security controls we might assume that the biometric security can be abused by nefarious entities Since compromised fingerprints cannot be revoked is the UID better or worse than existing IDs We must remember that this is a one-way lane one cannot revoke hisher fingerprint if it gets compromised In other countries where such unique ID numbers are presently implemented fixing ID fraud is very difficult When the ID is tied to biometric information this will become much more difficult Except for the Biometric all other ID information is the same as in the existing ID systems and can potentially be forged So the CIDR of an adult will primarily depend on the biometrics as authoritative data

15

Global_Corruption_Report_2009_170909_2_web[1]Apdf 16 httpwwwthaindiancomnewsportalhealthcorruption-index-india-scores-low-on-integrity-lead_100276116htmlixzz0cCnlg9T6 17

httpwwwexpressindiacomlatest-newsWeak-criminal-justice-system-encouraging-corruption-CBI-chief507412


Public Use Page 17

Some other aspects of the Indian Socio-political system are covered under Annexure 3 ndash The Underprivileged Society

31 Authority Responsibility and Accountability

As per UIDAI draft report ldquoThe Registrar will take on the responsibility of ensuring that clean and correct data flows into the CIDR Their key role in the system will be in aggregating enrolments from sub-registrars and enrolling agencies and forwarding it to the CIDRrdquo The UIDAI does not seem to make the registrar responsible for this even though this is critical to the success of this project The registrar cannot be responsible for ldquocleanliness and correctnessrdquo of data they are just a medium between the applicantresident and CIDR They are responsible for tamperproof transmission of data to CIDR The applicantresident will provide (hopefully correct) data to the system But since we cannot assume an applicantresident is not a fraud the UIDAI is ultimately responsible for the correctness of data Assuming that the success rate is less than 100 if a fraudulent high-value or high-risk transaction is approved by an entity based on UID who is responsible for the proving or disproving the legitimacy of the transaction The authenticator UIDAI or the correct ID holder In some cases of fraud impersonation will occur without any involvement or knowledge of the authentic UID holder Hence the authentic UID holder will not be in a position to prevent fraud as he is unaware of it In such a case who is responsible for the loss Is it the authenticator who was a victim of impersonation Can a victim of identity fraud hold UIDAI responsible for loss Or is the service offered by UIDAI on a ldquobest effortrdquo basis As an ldquoAuthorityrdquo UIDAI will have to be trusted though it has not yet proved the trustworthiness of its services

4 Additional Observations on the UIDAI Approach

UID is expected to be used in almost all identities of a person in due course Whether itrsquos issuance of a passport gas connection PAN or for availing of benefits under various government schemes such as NREGA by under privileged people DSCI has made some observations on the UID Implementation approach in so far as they have a bearing on security and privacy of data These are described below

SNO KEY OBSERVATIONS

1

The UIDAI proposes to make use of the existing identity system and by creating a de-duplication process in the UIDAI it proposes to clean and eliminate the possibility of duplicate entities However through this approach UIDAI may not be able to remove fake identities and fake UID numbers may get created in the system If an identity of a person is already established by a


Public Use Page 18


fake person then the genuine person will be deprived of the benefits of the UIDAI forever

2

As per UIDAI18 In case of identity fraud or the system not working properly ldquoXrdquo registers in the name of ldquoYrdquo with Yrsquos demographic details ldquoYrdquo could be living or dead In either case it will be an offence to take on the identity of another person and there may be legal action against this offence Legal system will need strengthening through training of all concerned and perhaps through a new law on privacy of UID

3

The initial introducer in the introducer system does not need to prove his identity and will be self introduced How does UIDAI ensure that such self introduced introducer is not fake Creation of one fake introducer in the system will lead to the creation of multiple fake users in the system

4

The introducer system of UIDAI does not detail the number of people who can be introduced by a single introducer In the absence of such control there is a possibility that an introducer gets an opportunity to misuse his authority and may lead to unlawful activities by utilizing the people who are at the mercy of getting their UID from the introducer

5 Though availability of multiple introducers is a concept provided by the UIDAI committee there is no provision on the data fields for capturing multiple introducersrsquo as per the DDSVP Committee report

6

People today are reluctant to give references of their own servants on whom they are dependent right from the maids to the drivers to security guards Consider the case of Migrant labor that has migrated from far flung villages for daily labor work in either construction factory or loading in markets Railway station or Bus depots Their nature of work is migratory and the only person they know is the contractor who pays them the daily wage but will they introduce these people to the UIDAI for enabling them to get UID For taking the benefits of UID the villagers agriculturists working in their own fields or milkman working in the milk cooperative are at the mercy of their Gram Panchayats or Sarpanchs or cooperatives who may in turn exploit these people for their personal benefits Yet another group of street people - beggars people taking shelters under the flyovers and construction buildings in urban areas - need consideration for issuance of UID

7

The concept of introducer system addresses the problem of the those section of societies who do not have any PoI PoA but this system may accidently provide UID to Migrant population of neighboring countries of India and could be used by illegal or migrant populations to gain citizenship in the long run

8 The UIDAI committee does not detail the protection given to the introducers if he has introduced a person who has been convicted

9

The DDSVP committee report allows various documents to act as a proof of identity or the proof of address however the committee does not provide any detail on checking the authenticity of these documents The committee also provides for a provision wherein absence of original documents ndash can be certified by a public notary Given the way notaries certify this can be a source of fake documents and hence identities

18

httpuidaigovinfaqhtml


Public Use Page 19


10

If there is a fraud on identity resulting in a civil dispute how is one going to prove the same as a litigant Is the onus of proof on the person who is affected As it is stated all UID related cases will be taken by the existing legal framework (Letrsquos not forget the conviction rates in IT offenses is in single figure even after 9 years of law (ITA) being in force) With the existing pending cases figuring in millions in courts all over country (like a small server under a DDOS attack) waiting for their turn on round robin basis matters relating to Identity which need speedy redressed through existing framework

The real challenge for UIDAI is not identity theft but how fast can the system take corrective action to ensure that the affected citizen does not suffer in proving hisher identity In many cases the public systems are so bad that the affected citizen continues to suffer owing to inefficiencies and lack of accountability of our public service system Identity thefts will continue to happen even if best of security is deployed But we should build a system that is resilient enough to correct itself at a fast pace and one that ensures that end users do not suffer owing to someonersquos mischief

5 Legal Regime for Privacy

Privacy as a concept involves what privacy entails and how it is to be valued Privacy as a right involves the extent to which privacy is (and should be legally protected) ldquoThe law does not determine what privacy is but only what situations of privacy will be afforded legal protectionrdquo In the legal parlance the issue of privacy comes up where an obligation of confidence arises between a lsquodata collectorrsquo and a lsquodata subjectrsquo This may flow from a variety of circumstances or in relation to different types of information An obligation of confidence gives the data subject the right not to have his information used for other purposes or disclosed without his permission unless there are other overriding reasons in the public interest for this to happen That is the information collected for a purpose should not be used for any other purpose This is seldom the case here as is evident from telemarketing calls one receives on their mobile unsolicited mails received and so on And this has been the case in more mature democracies in the western world

The IT (Amendment) Act 2008 under section 43(A) makes a body corporate handling any sensitive personal data or information in a computer resource controlledoperated by it liable to follow reasonable security practices ndash failure to do so may result in loss of information which will make it liable to pay compensation Under section 72A punishment for disclosure of information in breach of a lawful contract is prescribed Any person including an intermediary who has access to any material containing personal information about another person as part of a lawful contract discloses it without the consent of the subject person will constitute a breach and attract punishment This will bring those responsible for breaching data confidentiality under lawful contracts to justice and also act as a deterrent

Along with section 43A this section 72A strengthens the data protection regime in the country and it will make UIDAI and its registrars Sub-registrars and enrollment agencies liable under the law And the contractors and vendors working for this project under contracts will also come under the purview of these sections


Public Use Page 20

Data Protection including protection of personally identifiable information are based on the amended IT Act 2008 and the following supporting Acts and Legislations

Act(s) bull The Indian Penal Code 1860 bull The Indian Telegraph Act 1885 bull The Indian Contract Act 1872 bull The Specific Relief Act 1963 bull The Public Financial Institutions Act 1983 bull The Consumer Protection Act 1986 bull Credit Information Companies (Regulation) Act 2005

Special Legislation(s) bull The Information Technology Act 2000 bull The Information Technology (Amendment) Act 2008

International Conventions bull International Covenant on Civil and Political Rights 1966 bull Universal Declaration of Human Rights 1948

While all these laws give privacy protection to a consumer a citizenrsquos right to privacy emanates from Article 21 on Liberty as interpreted by the Supreme Court in a judgment However there is no comprehensive Privacy Law in India Considering the Indian legal regime protecting public safety and a nationrsquos security is a necessary and important function of a civilized society However liberty equality and fraternity are also essential to the functioning of prosperous and free societies Technological advances in the collection and processing of information over the last few decades have positioned this resource as vital to the health well-being and freedom of individuals More specifically abuses of personal information can cause untold harm wasted resources and generally lead to the detriment of society For example a society of individuals perpetually anxious about identity theft misuses of their information or unwarranted search and seizures cannot function at optimum levels


Public Use Page 21

DSCI Security Framework DSFcopy

DSCI Privacy Framework DPFcopy

6 DSCI Framework for Data Protection and its relevance to UIDAI Data

Considering the reach of UIDAI and the amount of sensitive personal information that will be stored in UIDAI there needs to be a systematic and standardized approach which should take support from the leading best practices around the world evolving strategic options and current technological advancements

Data Security Council of India (DSCI) has engaged itself with various industries over the last one year through a number of security awareness seminars and workshops and on the need for best practices and standards for enhancing their trustworthiness DSCI also engaged with various data protection authorities and privacy commissioners in the United States the United Kingdom and the European Union With the support of various stakeholders and industry DSCI has developed Data Security Framework and Privacy Framework These frameworks include a set of best practices in data security and data privacy for achieving data protection

The Data Security Framework comprised of the 16 Best Practices is based on the ISO 27001 security standard and other standards such as PCI DSS It also draws upon the tactical recommendations made by several leading consultants around the world It also draws upon the recent experience of some of the governments that checklist based compliance does not necessarily enhance cyber security Our attempt in developing these best practices includes many tactical guidelines to help enhance security of an organization Regulatory compliance can be achieved through the implementation of these practices since under the DSCI Content Aggregation Program several key regulations were mapped into controls and best practices were derived from them

DSCI Privacy Framework is based on 9 Best Practices and 12 Privacy Principles The privacy principles satisfy the requirements of Privacy laws and data protection directives of the European Union the United States and APEC countries In the context of outsourcing some of these principles may not be applicable since they would be the responsibility of the client - as a data controller Once again the proposed best practices will help an organization achieve not only regulatory compliance but also enable it ensure data privacy

Today personal information especially contact details are available to every other business house to promote their business and the control of restricting such distribution (more so by the telecom players) also seems to have failed miserably Information has become pervasive and is available to the political parties as well to seek support at different times Considering these aspects information security and privacy should have a special focus within the UIDAI


Public Use Page 22

project as well because to ensure unique identification for citizens all the relevant (personal) information will be available accessible Such information should not be misused

DSCI believes that Biometric Encryption presents a possible solution that protects the privacy of citizen while securing the personal informationdata and by achieving the unique identity

DSCI security and privacy frameworks are built on the evolving strategic options and technological enhancements and it believes that UIDAI will be able to address and get support from these frameworks in aligning its security and privacy initiatives which can ascertain and take care of the privacy of personal information of the country

DSCI will be happy to associate with UIDAI in its security and privacy initiatives For record it may be noted that DSCI as an industry initiative for data protection is working in this area at national and international levels with appropriate stakeholders It has created a vibrant body of hundreds of security and privacy professionals through its Chapters and E-Security forums in all the major cities of India It is a part of the international consortium called RISE (Rising Pan-European amp International Awareness of Biometrics amp Security Ethics) which is specifically focused on Biometrics and data protections with funding from the European Union It is also closely working with the Privacy Commissionersrsquo conference APEC privacy program and with other regulatory authorities in the United States UK Canada Australia and other countries In India DSCI is working closely with ITBPO service providers Big 4 Consulting firms Security Vendors companies Banking amp Telecom Sector and major clients

7 Summary

The UID authority will only issue a unique identifier - a randomized number ndash that will only identify a person with his attributes that will include biometric information (Fingerprints IRIS Face) It is clear that only the biometric information will be unique to an individual and will be used for de-duplication process While name photograph address etc of a person may not be entirely private since these can be obtained from various sources it is the biometric information which is unique to an individual that is claimed to be highly confidential and personal even though we have pointed to evidence contrary to this This attribute is not only personal to an individual but it is permanent and does not change significantly over a lifetime for an adult Compromise of biometrics of a person will have serious consequences for an individual throughout his life We have pointed out security vulnerabilities of a biometric system and possibilities of data compromise that can lead to the loss of privacy of an individual due to

bull Spoofing bull Replay attacks bull Substitution attack bull Tampering bull Masquerade attack bull Trojan horse attacks bull Overriding YesNo response


Public Use Page 23

According to the proposal UIDAI will store the information in CIDR ndash Central ID Registry to be operated by the Authority One can trust that the Authority will create CIDR with the best of physical security and other appropriate technologies and processes to secure the data and prevent unauthorized access with the caveats noted above However the documents that have been made public reveal that the registrars and sub-registrars and also enrolment agencies which might number in millions throughout the country will also store such data on a local basis The registrars will be required to maintain this data of the people that they have identified and enrolled since they will be required to update records whenever some of the fields change ndash in particular for the children biometrics will have to be updated every 5 years while for adults biometrics may have to be updated every 10 years The registrars sub-registrars and other enrolment agencies therefore become the weakest link where adequate security measures for protection of data may be lacking Given the cases that have been in the limelight recently such as the infamous rape molestation cases where the Law Enforcement agencies bureaucracy and the politicians have abused the system as also India being one of the more corrupt countries abuse of all these local repositories throughout the country by powerful persons is a strong possibility We have observed that Biometric Encryption technology affords a solution that is fully secure and at the same time protects privacy of individuals since it is based on biometrics being used to encrypt a PIN that is unique to a person ndash it does not require biometrics to be stored

The Demographic Data Standards and Verification Procedure Committee Report submitted on December 9 2009 has identified the key demographic data of residents that need to be captured along with the unique identifier under the Know Your Resident (KYR) program for which KYR process and supporting documentation have been detailed While the supporting documentation includes Proof of Identity (POI) Proof of Address (POA) and Proof of Date of Birth (POD) documents these are based on generally acceptable documents such as Passport PAN Ration Card Gas connection Driver license etc However for the millions of rural residents migrant workers and others who have no POI or POA documents and UID is supposed to benefit them the most as well as help plug-in the loopholes for saving of government funds in socially important schemes such as National Rural Employment Guarantee (NREG) Scheme an Introducer System has been proposed This system is on the lines of opening of a bank account where someone already having an account introduces another person to open a bank account In this case any person who has obtained a UID can introduce others for issuance of a UID Clearly those who are in the greatest need of UID are once again left to the mercy of ldquoPrivilege Personsrdquo ndash those having UIDs such as the BDOs Sarpanches NGOs and other ldquoGram Sevaksrdquo If these functionaries in a rural area wish only then a dispossessed landless labourer or a similar person will be able to obtain a UID This will take over 60 of the population back to square one and they will have to resort to bribery and fulfill other demands of the ldquoPrivilege Personsrdquo to obtain UIDs

Finally we have highlighted the best practices for security and privacy protection developed by the Data Security Council of India (DSCI) These can be used by the Authority to secure its systems especially the numerous registrars and sub-registrars around the country who will store the same data of their region for all time to come

DSCI will be happy to associate with UIDAI in its security and privacy initiatives


Public Use Page 24

Annexure 1 UIDAI Features The annexure is based on the draft document of available on the website ndash ldquoCreating a unique identity for every citizen in Indiardquo and is based on the UIDAI- Demographic Data Standards and Verification procedure (DDSVP) Committee Report As stated in these documents the feature of UID numbers will be

The UID number will only provide identity The UIDAIrsquos scope will be restricted to the issue of unique identification numbers based on personrsquos demographic and biometric information The UID number will only guarantee identity not rights benefits or entitlements A pro-poor approach The UIDAI envisions full enrolment of residents with a focus on enrolling Indiarsquos poor and underprivileged communities The Registrars that the Authority plans to partner with in its first phase are the National Rural Employment Guarantee Act (NREGA) Schemes Rashtriya Swasthiya Bima Yojana (RSBY) public Distribution systems (PDS) These schemes will help bring large numbers of the poor and underprivileged into the UID system Enrolment of residents with proper verification The Existing identity databases in India are fraught with problems of fraud and duplicate beneficiaries To prevent this the UIDAI Authority plans to enroll residents into its database with proper verification of their demographic and biometric information from the start of the program However much of the poor and underserved population lack identity documents and the UID may be the first form of identification A partnership model The UIDAI approach will leverage from the existing infrastructure of government and private agencies across India The UIDAI will be managing a Central ID Data Repository (CIDR) which will issue UID numbers update resident information and authenticate the identity of residents The Authority plans to partner with central state departments and private sector agencies as lsquoRegistrarsrsquo for the UIDAI Registrars will be responsible for processing the UID applications and connect to the CIDR to de-duplicate resident information and receive UID numbers The Authority also plans to partner with service providers for authentication

Enrolment will not be mandated The UIDAI approach will be a demand-driven one where the benefits and services that are linked to the UID will ensure demand for the number This will not however preclude governments or Registrars from mandating enrolment The UIDAI will issue a number not a card The Authorityrsquos role is limited to issuing the number This number may be printed on the documentcard that is issued by the Registrar The number will not contain intelligence Loading intelligence into identity numbers makes them susceptible to fraud and theft The UID will be a random number

The UIDAI Approach

The structure that the UIDAI proposes will have the reach and flexibility to enroll residents across the country The UIDAI as a statutory body will be responsible for creating administrating and enforcing


Public Use Page 25

policy The Authority will prescribe guidelines on the biometric technology the various processes around enrolment and the KYR verification Process to ensure no duplicates Registrars will send the applicantrsquos data to the CIDR for de-duplication The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment to ensure that no duplicates exist Since de-duplication in the UID system ensures that residents have only one chance to be in the database individuals are assumed to provide accurate data This incentive will become especially powerful as the benefits and entitlements are linked to the UID Online authentication The Authority will offer a strong form of online authentication where agencies can compare demographic and biometric information of the resident from the record stored in the central database

The UIDAI will not share resident data The Authority envisions a balance between lsquoprivacy and purposersquo when it comes to the information it collects on residents The agencies may store the information of residents they enroll if they are authorized to do so but they will not have access to the information stored in the UID database The UIDAI will answer requests to authenticate identity only through a lsquoYesrsquo or lsquoNorsquo response The Authority proposes to enter into contracts with Registrars to ensure the confidentiality of information they collect and store

Technology will undergird the UIDAI system Technology systems will play a major role across the UIDAI infrastructure

ndash The UID database will be stored on a central server ndash Enrolment of the resident will be computerized ndash Information exchange between Registrars and the CIDR will be over a network ndash Authentication of the resident will be online ndash The Authority will also put systems in place for the security and safety of information

Benefits of UIDAI

The benefits of the UIDAI will be spread across various sections of society and will also help government to monitor the duplicate identity and enable direct benefit programs For residents The UID will become the single source of identity verification Once residents enroll they can use the number multiple times ndash they would be spared the hassle of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account passport driving license and so on By providing a clear proof of identity the UID will also facilitate entry for poor and underprivileged residents into the formal banking system and the opportunity to avail services provided by the government and the private sector The UID will also give migrants mobility of identity For Registrars and enrollers The UIDAI will only enroll residents after de-duplicating records This will help Registrars clean out duplicates from their databases enabling significant efficiencies and cost savings For Registrars focused on cost the UIDAIrsquos verification processes will ensure lower KYR costs


Public Use Page 26

For Registrars focused on social goals a reliable identification number will enable them to broaden their reach into groups that till now have been difficult to authenticate For Governments Eliminating duplication under various schemes is expected to save the government exchequer upwards of Rs 20000 crores a year It will also provide governments with accurate data on residents enable direct benefit programs and allow government departments to coordinate investments and share information

Process of UID Implementation Approach

The model proposed by the Unique Identification Authority of India (UIDAI) takes into account the inputs of the Planning Commission as well as learningrsquos from the previous approaches to identity The Authority will prescribe guidelines on the use of biometric technology the various processes around enrolment and KYR verification The UIDAI will also design and create the institutional microstructure to effectively implement the policy This will include a Central ID Data Repository (CIDR) which will manage the central system and a network of Registrars who will establish resident touch points through Enrolling Agencies The CIDR will be the central data repository and will only hold the minimum information required to identify the resident and ensure no duplicates that includes

i Unique Identity Number UID number is a 12-digit number with no intelligence built into it and will be a random number with as few digits as possible to accommodate the identification needs of the population for the next 100-200 years UID number will be assigned only after biometric de-duplication process of the data supplied by the registrars

ii Identity fields The fields associated with the UID number as per Demographic Data Standards and Verification procedure (DDSVP) Committee Report will be

Information Fields Mandatory Optional

Verification Required

Verification Procedure

Personal Details

Name Mandatory Yes Any of the PoI documents

Introducer for people who have no documents

Date of Birth Mandatory No

Gender Mandatory No

Address Details

Residential Address Mandatory Yes

Any of the PoA documents


Address will be physically verified during UID letter delivery But residentrsquos physical presence not required during letter delivery

Parent Guardian

FathersHusbandrsquosGuardianrsquos Name

Conditional Conditional No verification of FatherHusbandGuardian


Public Use Page 27




Details FathersHusbandrsquosGuardianrsquos UID

Conditional in the case of adults

MothersWifersquos Guardianrsquos Name

Conditional

Conditional

No verification of

MotherWifeGuardian in the case of

adults MothersWifersquos Guardianrsquos UID

Conditional

Introducer Details

Introducer Name Conditional

Yes

Introducerrsquos Name UID on the form

Physical presence of the introducer at

the time of enrollment may not be

practical UIDAI will therefore suggest

alternate methods to overcome this

practical difficulty

Introducers UID Conditional

Contact Details

Mobile Number Optional No

Email Address Optional No POI ndash Proof of identity (must contain name and photo of the resident) POA ndash Proof of Address (must contain name and address of the resident) A flag is maintained to indicate if Date of Birth (DoB) is verified declared or approximate Adopted From Section 23 of the Demographic Data Standards and Verification Procedure (DDSVP) Committee Report

iii The UniqueID agencies The UIDAI will partner with a variety of agencies and service providers

to enroll residents for UID numbers and verify their identity Registrars ndash Registrars will be state governments or central government agencies such as the Oil Ministry and LIC Registrars may also be private sector participants such as banks and insurance firms ndash The UIDAI will enter into agreements with individual Registrars and enable their on-boarding

into the UID system The UIDAI will support them in this and in linking to the CIDR connecting to the UID system and adding UID fields to their databases

ndash The Registrar will take on the responsibility of ensuring that clean and correct data flows into the CIDR Their key role in the system will be in aggregating enrolments from sub-registrars and enrolling agencies and forwarding it to the CIDR Each Registrar will adopt UIDAI standards in the technology used for biometrics as well as in collecting and verifying resident information and submitting to audits

ndash The UIDAI will also enter into agreements with some Registrars for using the CIDR solely for authentication purposes The service providers who will adopt the UID system for identity authentication during service delivery will follow certain processes and standards and may need to re-engineer their internal processes

Sub-Registrars ndash These will be the departmentsentities that report to a specific Registrar For instance the line departments of the state government such as the RDPR (Rural Development and Panchayati Raj) department would be sub-registrars to the state government Registrar


Public Use Page 28

Enrolling Agencies ndash Enrolling agencies will directly interact with and enroll residents into the CIDR For example the hospital where a baby is born would be the lsquoenrolling agencyrsquo for the babyrsquos UID and would report to the municipality sub-registrar Outreach Groups ndash The UIDAI will also partner with civil society groups and community networks which will promote the UID number and provide information on enrolment for hard to reach populations such as rural women tribalrsquos and others

iv Introducer system An approach to use a network of ldquoapprovedrdquo introducers who can introduce a resident and vouch for the validity of residentrsquos information will be established by the UIDAI In the UID registration process registration is proposed to be done through various registrars like the Banks Insurance Companies Central and State Government Departments In each of these institutions the introducer concept will work like a ldquotree structurerdquo where one introducer may introduce more than one person However someone needs be the first introducer and be the ldquorootrdquo of this tree The person at the root will be the person who will be ldquoself-introducedrdquo In other words that person will be initially registered without any introducer He will then introduce and get a number of persons registered This process will then continue

v Supporting Documentation During enrollment the quality of data has to be ensured primarily

with supporting documents that the resident provides Copies of documents provided will be verified against the original Physical copies of the documentary evidence will be stored by the Registrar and available for audit by the designated audit agencies In the case of residents with no documentation introducer system can be used to enroll them into the system


Public Use Page 29

Annexure 2 UIDAI Approach ndash Threat Modeling

Draft Data Flow

1 Resident applies for UID and submits any required documentation 2 The registrar sends the information to UIDAI 3 UIDIAI verifies the uniqueness of resident and issues UID if unique 4 Resident provides his UID and biometrics for authentication 5 Authenticator send the data to UIDAI for verification 6 CIDR authenticates the resident data and sends back to the authenticator 7 Authenticator provides the requested service to resident upon successful identification

Considering the data flow of the UIDAI let us understand the attack sources

External Attack Sources Internal Attack Source

Resident UIDAI employee

Registrar Other government factors

Authenticator

Considering the attack sources lets understand the possible attack scenarios

1 Resident registering a fake identity using false fingers 2 Registrar colluding with the Resident to create fake identities This can be achieved for example

by using forefinger of one resident and the middle finger of another resident 3 Registrars creating fake identities The registrar can use a valid biometric data and alter it

randomly to create a new identity This artificial identity can then be injected into the UID CIDR to create a new UID

Resident

Registrar Sub-Registrars

CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30

4 Authenticator can collude with the registrar to validate fake identities The authenticator can inject the artificial identity data (created in the above step) to validate fake identities

5 Resident colluding with the Authenticator The authenticator might allow multiple attempts of a resident in order to exploit the FAR of the biometric device

6 An external attacker (might himself be a resident) may compromise the Registrar or Authenticator to obtain all identity information stored in their system

7 The Registrar or Authenticator may illegally reveal (or sell) the identity information stored in their servers

8 A local authority such as a politician or dignitaries or even a high ranking official might order a profile search of UID databases present with local registrars and authenticators This might lead to profiling of UID data at the state level if not at the national level

9 An employee of CIDR might illegally reveal (or sell) the identity information


Public Use Page 31

Annexure 3 The Underprivileged Society

The Indian society is divided into various geographical boundaries there are many people who live in remote areas of the country who are not classified in any of the existing government schemes these people are generally the tribalrsquos the migratory people the construction workers etc

As a general the UID objective is to spread the government initiatives and grants to the poor sections of the society through the National Rural Employment Guarantee Act (NREGA) Schemes Rashtriya Swasthiya Bima Yojana (RSBY) public Distribution systems (PDS) etc Each of these Schemes has some registered people but yet the grants do no reach to the people So how does UID help these people is a big challenge for the authority Does the additional Biometric information collected apart from the documents which are used by the above schemes ensure that the government initiatives reach to the society which needs the most

The Indian tribes19 constitute roughly 8 percent of the nations total population nearly 90 million people according to the 1991 census Though some of these societies are covered under the BPL (below poverty line) ration cards (which many of them do not have) basic health services and at least 100 days of employment a year their children are entitled to mid-day meals in schools But the truth of the matter is that despite these entitlements deprivation persists BPL families are supposed to be given health cards which entitle them to free treatment up to a certain amount But residents of these villages have never even heard of such schemes The people who are responsible for taking care of these societies are themselves illiterate Considering such state of our country where villages are registered in the government records but people do not have verification details how will the UIDAI proposes to cover them is again a challenge to the authority

19

httpwwwindianchildcomindian_tribeshtm


Public Use Page 32

Annexure 4 Industry Responses

This annexure covers some of the concerns that were received from the industry on conceptualization of

this paper

Industry Inputs

1 UI database should not be sharable through the lsquoRight to Informationrsquo Act 2005 since it could compromise a Personally Identifiable Information

2 Personal information of Indian citizens should be protected following the generally followed data protection principles that exist in developing countries and using similar frameworks

3 Many people will have access to this information resulting in loss of privacy Define where all it can be used and cannot be used Limit the use of UID ex UID should not be used to login to a web site should not be displayed in a student ID card or mailing envelope etc

4 Identity theft concerns Those who collect the information does not properly keep it secure For organizations that accepts this UID define how to protect them how to limit who can access how to dispose if no longer required and how to report if there was a breach

5 The prominence and acceptance of biometric technologies such as fingerprinting facial recognition hand geometry and iris recognition may leave little demand for other modalities While some of these technologies are either costly or have high fault ratio its accuracy depends on the cooperation of the subject For example criminals have been known to use eye drops to dilate their pupil thus masking the majority of their iris Conversely face recognition is technically the least intrusive as faces can be scanned at a distance by surveillance cameras (although this also poses privacy issues) but its accuracy varies greatly according to light exposure etc Moreover experiments have shown that these solutions are also vulnerable to counterfeit and theft

6 If there is no legal mandate to secure such information organizations may not do it Define actions to be taken if these rules are not followed by an individual or a corporation

7 Too much security may limit legal disclosure of the information Define how to divulge the information legally for law enforcement and relatives of a deceased person

8 Awareness and education on these requirements Educate the general public government organizations and corporations on all the requirements through newspaper and TV ads

9 Once UID number gets widely used both as an identifier then there is very high degree of chance that it will be used as an authenticator This will result in higher risk of disclosure of that personrsquos identity Widespread use of the UID number as an identifier and authenticator will result in identity theft as it already happening in other geographies

10 How UIDAI will enforce organizations not to use UID number as the primary identification number and printuse it on their application such as loan health insurance etc Even though it is for internal use of that organization there is high chance of UID number getting disclosed

11 How the life cycle of the UID number (from generation to termination) will be handled 12 Will the UID number generation process use any biometric information of a person and if yes what will be

the process to keep its integrity intact 13 If the UID number generation process is not based on biometric information then how we can assure that

the person can get only one UID number as sometime in our country it might be possible to forge some documents for some gain

14 There should be consumer awareness well in advance (at least a year) before release of UID program Awareness should include the following

Where the entire customer should provide the information

What information within the UID should be provided for which government requirement


Public Use Page 33

How the user should not get caught in any phishing attempts as and when UID news is released by the government

Threats of UID exploitation and the resultant impact of the same

Doordarshan should be used as the primary medium if the rural population is anywhere in the initial list of consumers of this service

Contact details for consumers to enquire and clarify

Detailed risk analysis by the UID team for each service the UID would be required for and the resultant impact

Consumer redressal services for UID related disputes theft and misuse of UID info 15 The primary ID should be more securely stored and should have most restricted access Data for

secondary identification has to be available at multiple verification points and hence making it extremely secure may not be cost effective The primary identification pattern should be made very secure and any verification against the primary ID should be with very strict controls This suggestion has to be discussed in depth and the cost aspects will have to be understood But if implemented the UID will not only be useful for normal identification of a person it could also be used for forensic investigation crime detection identity theft and so on

16 Offenses on identity ndash The current UIDAI framework interprets offenses on identity based on the foundation laid by Information Technology (Amendment) Act 2000 which relies on the State police for enforcement Enforcement challenges - Considering the 001 of failure there will be 120000 casescomplaints to deal with either in the form of civil or criminal complaints In case there is a misuse of identity with a fraudulent intention Whether the State police is capable of taking cognizance of such complaintshellip

Therefore in light of above UIDAI should incorporate ldquoAdjudication amp Dispute resolutionrdquo as a part and parcel of their working frame work

The authority can look to the model of ITA-2000 where the IT-Secretary is appointed as adjudicator in the same way UIDrsquos respective state authorities can appoint ldquoTechnically competentrdquo personnel in a quasi judicial body comprising of a judicial representative to hear matters relating to ldquoIdentity TheftMisuseAbuseFraudrdquo etc

17 One area of concern is native aboriginals like the Onges the Shompens the Sentinelese the Andamanese the Jarawas and the Nicobarese of the Andaman amp Nicobar Islands They are shunning the outside world and every effort by lsquooutsidersrsquo to talk to them is met with fierce resistance Similarly the Jarawas have constantly resisted all contact with the modern world ndash happy with their ancient way of living

18 Given the sheer size of the population that the project is expected to cover there are bound to be challenges umpteen However given the power of technology and maturity in delivering complex solutions the project shall come out with flying colors The approach shall be ldquobest fitrdquo rather than ldquoperfect fitrdquo The entire identity life cycle shall be identified and process be put in place While we cover the existing population by identified approach we shall look at better approaches to cover the incremental load coming through following ways-New born Citizens returning from abroad Deaths Missing people

19 The UID should not be recycled or rather should be used only once This will ensure that even at a later stage after disabling an UID say after a death will help authorities to track back an entity using this UID After establishing an UID say the person is working in a bank and gets transferred every three years After relocating whose responsibility is it to update the new address of the person in the repository or is the UID independent of address

20 In India we can get any information of any individual if you have money and needhellip Our personal information is being sold to advertising agencies for making the promotion of products services of their clientrsquos throughrsquo mobile and emails in all combinations of geographical consumption timing etc As long as we are not bothered about our data it is difficult to protect it and hence the present loopholes needs to be plugged safely to ensure avoidance of a common manrsquos personal information without hisher


Public Use Page 34

consent 21 Data Privacy amp Protection shall be to the core at least when UIDAI being launched in India at par with

international regulations guidelines Sensitivity should be brought to the adequate level for each data to ensure protection of Personally Identifiable Information (PII) andor Personal Health Information (PHI) and Insurance of an individual without hisher authorization Government should take responsibility and accountability for any compromise of sensitive data being gathered for UIDAI

22 Good Governance Framework including regular reviews assessments and assurance to its stakeholders (ie the public whose personal data is being part of UIDAI) on their personal data NDNC (National Do Not Call) Registry or a similar procedure should be made effective (Default Setting should be ldquoNordquo for any unauthorized use of personal details such as contact phone numbers email etc by the outsiders having good and bad intentions) and the responsibility shall lie with the service provider to ensure loss misuse of any individual clientrsquos data Government should make the businesses understand the immediate need on protection of its residentrsquos personally identifiable data sets

23 Empower our individual resident Indian to object and if need be initiate the legal proceedings in case of any unauthorized unwanted communication being received against the service provider or sender of that communication

24 Processes around the data creation maintenance and disposal

Framework for self audit and self governance within government itself to control data protection aspects

There shall be stringent background verification process for teams working on this project from criminal background verification etc as a starting point

The system shall be subject to periodic audit like any other financial system control and such a report shall be made public to boost public confidence

Certain standards either existing or new shall be adhered to

ABOUT DSCI

DSCI has been established as an independent self regulatory organization (SRO) by NASSCOM as an

industry initiative to focus on best practices and standards for data protection While its immediate goal

is to raise the level of security and privacy of IT and BPO service providers to assure their customers and

other stakeholders that India is a secure destination for outsourcing DSCI also wishes to promote these

practices for customers in the country Since E-Governance applications are increasing and the IT

industry is a joint partner in implementation of these projects it is right time to focus on security of data

so as to build confidence of citizens in E-Governance DSCI has been instrumental in taking the Amended

IT Act 2008 to larger audience creating awareness about its importance for a strong data protection

regime and engaging industry

DSCI engages with all the stakeholders which include IT BPO service providers their clients worldwide

data protection authorities in different countries and Self Regulatory Organizations in the US European

Union countries and data standard organizations in sectors such as Banking and Finance It conducts

data protection awareness programs as part of its outreach and education activities It also engages

with the government and other data protection authorities on such practices DSCI is also evolving ways

of enforcing these practices among the service providers

DSCI believes that its SRO Framework can support the data accountability principle in cross-border data

flows namely that the business data and personal data collected in originating country will continue to

be subjected to compliance of data privacy laws of the originating country Service providers in India

through appropriate contracts on best security practices will ensure data privacy as per clientrsquos

requirements


Public Use Page 1

Acknowledgement

DSCI would like to thank Mr Karthik Muthukrishnan (Application Security Architect ndash MNC Bank) for his valuable contribution in the Position paper His ideas and perspective of security and privacy challenges specifically under the Indian context has provided us with a great value addition in the paper DSCI would further like to thank various DSCI chapter members who have contributed their views for this position paper

DSCI acknowledges Dr Ann Cavoukian (Information and Privacy Commissioner of Ontario) and Dr Alex Stoianov (Biometrics Scientist) on their article ldquoBiometric Encryption A Positive-Sum Technology that Achieves Strong Authentication Security AND Privacyrdquo from which DSCI was able to provide various perspective of secure usage of Biometrics for the Identification purposes

Finally we would also like to thank Mr Nandan Nilekani (Chairman UIDAI) for giving us an opportunity to present our views on the unique identification number project of UIDAI

Data Security Council of India (DSCI) Niryat Bhawan 3rd Floor Rao Tula Ram Marg New Delhi - 110057 India

Authors

Name Designation

Mr Vikram Asnani Sr Consultant ndash Security Practices DSCI

Mr Vinayak Godse Sr Manager ndash Security Practices DSCI

Dr Kamlesh Bajaj Chief Executive Officer (CEO) DSCI

Disclaimer

All trademark names are property of their respective companies Information contained in this paper has been obtained by various sources The Data Security Council of India (DSCI) considers to be reliable but is not warranted by DSCI This paper may contain opinions of DSCI and its associated members which are subject to change from time to time


Public Use Page 2

Table of Contents

ACKNOWLEDGEMENT 1

1 INTRODUCTION 3
















7 SUMMARY 22






Public Use Page 3

1 Introduction











Public Use Page 4







Public Use Page 5









Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094







Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 2

Table of Contents

ACKNOWLEDGEMENT 1

1 INTRODUCTION 3
















7 SUMMARY 22






Public Use Page 3

1 Introduction











Public Use Page 4







Public Use Page 5









Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094







Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 3

1 Introduction











Public Use Page 4







Public Use Page 5









Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094







Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 4







Public Use Page 5









Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094







Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 5









Face NIST FRVT 10 1

Voice NIST 2004 5-10 2-5

IRIS ITIRT 099 094







Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 6



2 103 292

10 109 00













Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 7









Substitution attack



Masquerade attack






Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 8









10




Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 9


Eavesdropping








Physical Attacks




Skimming attacks





Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 10

























12




Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 11











devices


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 12











Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 13










Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 14






Un-Encrypted data


Access control





13



Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 15









14



Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 16








15




Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 17







1



Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 18



2


3


4



6


7



9


18



Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 19


10








Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 20







Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 21










Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 22





7 Summary




Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 23






Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 24




The UIDAI Approach



Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 25





Benefits of UIDAI



Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 26









Personal Details




Gender Mandatory No

Address Details





Parent Guardian




Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 27







Conditional

Conditional

No verification of



Conditional

Introducer Details


Yes








Contact Details










Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 28






Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 29


Draft Data Flow






Authenticator





Resident


CIDR

Authenticator

1

2

3

5

6

7

4

Trust Boundary

Trust Boundary


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 30








Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 31





19



Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 32



this paper

Industry Inputs


















Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 33
















Public Use Page 34










ABOUT DSCI




















requirements


Public Use Page 34










ABOUT DSCI




















requirements

ABOUT DSCI




















requirements

Documents

Security & Privacy Challenges in UID project · 2018. 5. 31. · and privacy issues in the UIDAI project. 2.1. Issues surrounding Biometrics Before we understand the security issues