Sridhar K wrote:Marten wrote:Sum, they have an AUA agency license, meaning they have access to demographic data - to validate against the documents presented by the applicant. When you say entire data, biometrics is NOT included in the same. The full aadhaar number will also be present on the copy of the card itself, right? The authenticaion mechanism is such that it can only give Yes or No answers for the biometric matching -- there is absolutely NO way for exernal access to the biometrics. I mean Zero chance because the APIs do not carry such data back in their response, plus the data used to validate is an encrypted format that even on decryption can only be understood by the vendor system that itself is operated by UIDAI. The vendor too has zero access to the data (most importantly, the identity is completely unknown to the vendor) so no one can really use the biometric data itself.
More details here: https://authportal.uidai.gov.in/web/uid ... entication
I agree that the UiDAi API returns 17 fields based on the aadhar number and not the biometric data. However. for ekyc, JIO, iDfc bank etc have fingerprint scanners attached to mobile phone and the fingerprint is validated against the one in the server. The 17 field data plus the fingerprint now is available to the likes of jio and the banks. My kB has implemented this solution for a couple of banks and now one more bank is in the pipeline.
We must meet Saar. Please drop me a line at marten dot brf at chacha. In any case, the banks do have ALL of your data and your money and your signature. Whatever they need is right on hand, and they would not have this data if they were not trusted agencies. One of the tenets of authentication is that the data being used for auth cannot be stored within your system. You can enroll the person separately with their consent, but the auth biometrics cannot be stored. Is that condition being violated? It is now an act of parliament after all.