UIDAI introduces face authentication to further strengthen Aadhaar security
The Unique Identification Authority of India (UIDAI) on Monday decided to enable \'Face Authentication\' in fusion mode on registered devices by July 1, so that people facing difficulty in other existing modes of verification such as fingerprints, iris, and one-time-password (OTP) could easily authenticate.
New Delhi : The Unique Identification Authority of India (UIDAI) on Monday decided to enable 'Face Authentication' in fusion mode on registered devices by July 1, so that people facing difficulty in other existing modes of verification such as fingerprints, iris, and one-time-password (OTP) could easily authenticate.
Not only will this new facility help in an inclusive authentication of those who are not able to biometrically verify their identity, due to worn out fingerprints, old age, or hard working conditions, but also add another layer of security.
Presently UIDAI provides two modes of biometric authentication. While most of the residents are able to authenticate themselves using fingerprint or iris authentication, some residents face difficulty in successfully using biometric authentication using one of the modalities.
"The 'Face Authentication' provides additional option for all residents to have inclusive authentication. It shall be allowed only in fusion mode along with one more authentication factor combined with either fingerprint or iris or OTP to be able to successfully authenticate an Aadhaar number holder. Face Authentication shall also be allowed on need basis," statement from UIDAI read.
To facilitate this authentication service, UIDAI will work with biometric device providers to integrate face modality into the certified registered devices and also may provide standalone Registered Device (RD) service as required by the ecosystem.
UIDAI will further provide Software Development Kits (SDKs)/ RD services in various operating systems which will have the ability to capture face image, check liveness, and create digitally signed and encrypted authentication input (PID block), as required.
According to UIDAI, the Authentication User Agencies (AUAs) shall be required to ensure inclusive authentication, when single modality is not working for specific residents. Applications need to enable face capture via RD service to capture face photo in addition to fingerprint/iris/OTP.
For this, the AUAs would require to make necessary changes on the server side to process the encrypted authentication input.
Since face photo is already available in the UIDAI database, there is no need to capture any new reference data at UIDAI Central Identities Data Repository (CIDR).
"Camera is now pervasively available on laptops and mobiles making the face capture easily feasible for AUAs without needing any additional hardware. Face authentication with liveness detection can be used as an additional factor to increase security," the statement added.
UIDAI will extend necessary support for enabling 'Face Authentication' and would release necessary details for implementation by March 1.
Earlier on January 10, UIDAI had introduced 'Virtual ID' (VID) and limited 'Know Your Customer' (KYC) service for Aadhaar holders in a bid to address privacy concerns.
While the Aadhaar-issuing body will start accepting Virtual ID from March 1, it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from their users from June 1, 2018.