Aadhaar data needs to be held inside a UIDAI compliant Aadhaar Vault. We have produced the first such Vault using microHSM
The images need to be redacted if they contain aadhaar number in any form or shape. We can give you Sync and Async services to achieve this
For non-DBT services, you have to use aadhaar paperless offline authentication based on OTP and XML or PDF or QR code based signed and encrypted file. Check out our service for this as a part of KYC
For DBT type of services, and select IRDAI vendors, you can use AUA/KUA based online biometric authentication. Check out our comprehensive services for this as a part og KYC
microHSM is a revolutionary new chapter in the security domain. Our solution is a comprehensive re-think of the security architecture based on today's realities that does not compromise on Security, that is Flexible, that is Affordable and Easy to Integrate into today's diverse user environment which is becoming more and more distributed and connected. MyTAG* CSP-8 is a Micro High Security Module (HSM) that packs a punch. At the core, it implements the CSP (Cryptographic Service Provider) security architecture. The CSP encapsulates re- usable essential cryptographic functions along with secure time stamp service and audit trail implemented on a secure element - SE (CSP) , a highly secure high-performance dual-core 32bit security chip with Common Criteria EAL5+ hardware security and dedicated secure co- processor for all cryptographic operations combined with our EAL4+ certified CSP Operating System. At the next level, a second secure element - SE (Application) of same hardware specifications is implemented for Aadhaar Vault. Finally, the product is integrated with the host through a standard UHS-I class microSD flash controller with 8GB of NAND flash along with sufficiently large tamper resistant storage deep inside the secure chips.
Core of any Aadhaar vault is an HSM
We have developed a UIDAI Compliant HmicroHSM module hardware, Firmware and the software to make a complete HSM for your Aadhaar Vault needs affordable.
Symmetric Cryptography -
AES 128, 256 bits (CBC & CMAC Modes)
Secure hash - SHA256/384/512 bits, HMAC-SHA256.
Elliptic Curve Cryptography (ECC) with key sizes 256, 384 & 512 bits (ECDSA & ECDH).
RSA with key sizes 2048 and 3072 bits (RSA-PSS & RSA-OAEP).
On device key generation for all key types.
Key Import & Export.
On device PKCS#10 CSR generation. Key Attestation.
Key usage counter.
Session key Generation and Usage.
Signature Creation with optional time stamp & Verification.
Hybrid Encryption & Decryption.
UIDAI requires that the tokens replace aadhaar numbers and these be stored on an HSM in an encrypted and secure way and encrypted Aadhaar Data Vault to securely store Aadhaar number and eKYC data. Recheck provides you a cost efficient solution to meet or exceed the UIDAI requirements of an Aadhaar Vault. As per UIDAI Circular No. K-11020/205/2017 , Aadhaar Data Vault is a secure encrypted centralized storage for all the Aadhaar numbers and related data collected by the AUAs/KUAs/Sub-AUAs/ or any other agency for specific purposes under Aadhaar Act and Regulations, 2016. It should be inside the respective agency’s infrastructure accessible only on a need to know basis. The Aadhaar data vault should provide a key, which is a unique token to represent the Aadhaar number in the entire internal ecosystem of the agency. The mapping of reference key and Aadhaar number should only be maintained in the Aadhaar Data Vault. All users shall use this Key instead of Aadhaar number in every system where such reference key needs to be stored/mapped. All db operations requiring storage of Aadhaar numbers should maintain only the key. Actual Aadhaar number should not be stored in any business databases other than Aadhaar Data Vault.
Recheck Aadhaar Data Vault solution is the complete software and haardware package that is needed to implement Aadhaar Data Vault within your organization. The software exposes REST APIs that can be used to easily integrate with existing software services.
It is mandatory to redact or mask your aadhaar numbers! They may appear anywhere, soft copies of the aadhaar cards collected and stored in your DMS, on your application forms filled up by the customer and stored in your DMS or simply as a part of your databases. We provide you a comprehensive service for search and redaction of all your aadhaar numbers either srored as past records or online for new transactions.
Offline Authentication! Recheck applciations help yoi conduct the complete cycle of concent based Aadhaar Offline KYC using OTP based XML, PFD or QR code based verification. The client has to use the UIDAI facilities and provide you a consent as well as the OTP for you to download the file that is signed and encrypted. We provide decryption services to help integrate the offline aadhaar Authentication into your process of onboarding seamlessly
When customer has a Registered his/her mobile number with UIDAI
Authentication can be done via two modes
1. With High-Res Photo: Downloaded as XML or PDF file on customer device shared by him/her with the RE or
2. With Low-Res Photo: Downloaded as QR code
Secured by “Share Phrase” as a password to ZIP file, provided to the customer via OTP which needs to be shared with the RE to open the ZIP file and access XML/PDF/QR file
Optionally one can do an OTP validation against the mobile number (customer needs to provide mobile number which can be hashed and verified against the KYC data) and/or do face validation by capturing face and matching against the photo within the e-KYC XML.
When customer does not have registered mobile number with UIDAI
Follow the old method of Digital KYC (RBI MD-2016 Annex 1)