UIDAI says in an unlikely scenario where both iris and fingerprint scan could not be used for Aadhaar authentication, the person's mobile number would be used
New Delhi: Authentication rate failure at the national level under Aadhaar stood at 8.54% in cases of iris scans and 6% in those concerning fingerprint scans, the Unique Identification Authority of India (UIDAI) told the Supreme Court on Tuesday.
It was however, clarified that an authentication failure did not mean exclusion or denial of subsidies, benefits or services.
The chief operating officer of UIDAI, Ajay Bhushan Pandey was responding to a set of questions raised by the petitioners on his presentation on technical and security aspects of Aadhaar before a constitution bench.
The authority said that in an unlikely scenario where both iris and fingerprint scan could not be used for authentication, the person’s mobile number would be used for authentication.
In cases where authentication through mobile number was not possible, the requesting entities would have to go through the exception handling mechanism under which a digitally signed QR code in e-Aadhaar would be used by agencies to verify the Aadhaar number in an offline manner without accessing eKYC API service of UIDAI.
On the issue of de-duplication rejections since inception of Aadhaar scheme, there have been a total of 6.91 crore rejections as on 21 March, UIDAI stated in the 13-page reply. This figure corresponds to the number of applications that were identified by the Aadhaar de-duplication system as having matching biometrics to an existing Aadhaar holder.
Similarly, the total rejection figure for enrolment packets with UIDAI stood at 18 crore as on 26 March. Incomplete data, use of expletives in name and age-photo mismatch were some of the reasons for rejection, Bhushan said.
In response to the question seeking reasons for blacklisting of 49,000 enrolment officers by the authority, UIDAI said it has a policy to enforce guidelines and data quality check during the enrolment process and any enrolment done against its guidelines gets rejected. Accordingly, enrolments by the 49,000 blacklisted officers found in violation of the guidelines were rejected.
It was reiterated that UIDAI does not ask requesting entities to maintain logs relating to the IP address of the device, GPS coordinates of device or purpose of authentication. Authenticating User Agency (AUA) like banks and telecom companies may store additional information to ensure that their systems are secure and no frauds take place.
In his presentation, Bhushan had told the apex court that there had not been a single breach of biometric data from UIDAI’s end and that it had in place a robust system of security for Aadhaar data.
It was also claimed that Aadhaar had a 2048-bit encryption key, which worked like a number lock, making it extremely secure.
The case will continue to be heard on Wednesday.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!