Are you ready for UIDAI?

In 2017 the Unique Identification UIDAIAuthority of India (UIDAI), a Government of India statutory authority, mandated the use of hardware security modules (HSMs) to secure Unique Identification numbers (UIDs) named “Aadhaar”.  As Aadhaar contain Personally Identifiable Information (PII), it is important to protect the UIDs and ultimately the residents – are you ready to meet compliance?

About Aadhaar:
Aadhaar are 12 digit unique-identity numbers issued to all residents, and are based on a person’s biometric and demographic data. The UIDs are intended to: eliminate duplication and fake identities; empower residents to authenticate anytime, anywhere; and provide an easy, cost–effective way for residents to verify their identity and authenticate to Aadhaar-linked applications.

What you need to know:
The Government of India has provided the following detailed guidelines for securing UIDs and ultimately its residents from the data breach threats that are prevalent today:

  • Store the private keys used for digital signing of Auth XML and decryption of electronic “know your customers” (e-KYC) data
  • Authentication User Agencies (AUA) and Know Your Customers User Agencies (KUA) must digitally sign the authentication requests and / or they must be signed by the Authentication Service Agency (ASA) HSM
  • To decrypt the e-KYC response data received from the UIDAI, the KUA must use its own HSM
  • The HSM to be used for signing Auth XML as well as for e-KYC decryption should be FIPS 140-2 compliant

High-Assurance Key Protection with Keys in Hardware
In the case of UIDAI, private cryptographic keys used to digitally sign, encrypt and authenticate the UIDs must be stored in a HSM. HSMs are dedicated crypto processors that are specifically designed to securely manage, process, and store cryptography keys. But buyer beware – not all HSMs are created equal. Storing private crypto keys inside a hardened, tamper-resistant, FIPS 140-2-validated device ensures your keys cannot be accessed, unlike alternative solutions on the market. With the keys in hardware approach, applications communicate via a client with keys stored in the HSM – but keys never leave the appliance.

Learn more about UIDAI, the steps you need to take to become compliant, and how a keys in hardware approach can ensure that only the right people have access to the data, download the Securing UIDAI Unique Identification Numbers with Gemalto’s Data Protection Solutions solution brief.

2 thoughts on “Are you ready for UIDAI?

  1. The simple facts in life anything created by man women can be un-done by the same the problem with any ANSWER is did you ask the correct question because if the question is wrong then you have the wrong answer ! In cloud and information storage I always find that most people ask the wrong question in search of a correct answer!

  2. I would like to know if there is any compliance required from NIST point of view or PCI DSS standards as banks are asking for Aadhar now. So, for payment card industry, PCI standards are also applicable.
    Does GoI prescribe those industry standards compliance while using Aadhar?
    Thanks a lot for your reply!

Leave a Reply

Your email address will not be published. Required fields are marked *