What is Aadhaar Authentication?
Aadhaar Authentication means the process by which the Aadhaar number along with the demographic information or biometric information of a Aadhaar number holder is submitted to the Central Identities Data Repository (CIDR) for its verification and such repository verifies the correctness, or the lack thereof, on the basis of the information available with it.
The Aadhaar number or the authentication thereof shall not, by itself, confer any right of, or be proof of, citizenship or domicile in respect of an Aadhaar number holder.
Several requesting entities (or service providers) require individuals to submit their identity proofs that serve as an enabler for providing consumer services, subsidies or benefits. While collecting such identity proofs, these service providers face challenges in verifying/validating the correctness of identity information documents or proofs submitted by individuals.
The purpose of Aadhaar Authentication is to provide a digital, online identity platform so that the identity of Aadhaar number holders can be validated instantly anytime, anywhere.
UIDAI offers Aadhaar-based authentication as a service that can be availed by requesting entities (government / public and private entities/agencies). This service from UIDAI can be utilized by the requesting entities to authenticate the identity of their customers / employees / other associates (based on the match of their personal identity information) before providing them access to their consumer services / subsidies/ benefits / business functions / premises.
Modes of Authentication
- An authentication request shall be entertained by the Authority only upon a request sent by a requesting entity electronically in accordance with these regulations and conforming to the specifications laid down by the Authority
- Authentication may be carried out through the following modes.
- Demographic authentication : The Aadhaar number and demographic information of the Aadhaar number holder obtained from the Aadhaar number holder is matched with the demographic information of the Aadhaar number holder in the CIDR.
- One-time pin based authentication: A One Time Pin (OTP), with limited time validity, is sent to the mobile number and/ or e-mail address of the Aadhaar number holder registered with the Authority, or generated by other appropriate means. The Aadhaar number holder shall provide this OTP along with his Aadhaar number during authentication and the same shall be matched with the OTP generated by the Authority.
- Biometric-based authentication : The Aadhaar number and biometric information submitted by an Aadhaar number holder are matched with the biometric information of the said Aadhaar number holder stored in the CIDR. This may be fingerprints-based or iris-based authentication or other biometric modalities based on biometric information stored in the CIDR.
- Multi-factor authentication : A combination of two or more of the above modes may be used for authentication.
- A requesting entity may choose suitable mode(s) of authentication from the modes specified in sub-regulation for a particular service or business function as per its requirement, including multiple factor authentication for enhancing security. For the avoidance of doubt, it is clarified that e-KYC authentication shall only be carried out using OTP and or biometric authentication.