Nell’iperspazio con Rocket: il Framework Web di Rust!
practical risks in aadhaar project and measures to overcome them
1. AADHAAR
brand name of UIDAI
KU COLLEGE OF ENGINEERING AND
TECHNOLOGY
TEAM:
D.SAIPRIYA
B.SNIGDHA
2. CONTENTS
What is AADHAAR??
Goals and missions of UIDAI
Projected benefits of AADHAAR
Practical risks involved in this
project
SOLUTIONS to overcome these
threats
CONCLUSION
3. What is AADHAAR??
Aadhaar is a 12-digit unique number which
the Unique Identification Authority of
India (UIDAI) will issue for all residents
in India. The number will be stored in a
centralized database and linked to the
basic demographics and biometric
information
UIDAI launched AADHAAR on 29 th
September 2010.The first person to receive
an AADHAAR was Rajana Sawane of
Tembhli village.
4. Number schema of AADHAAR
As shown in the picture above, the India Aadhaar
number schema will actually have not even 12
digits but only 11 digits. The 1st number will be
the Implicit Version Number while the second, be
the Check digit. So, that means that the Aadhaar
number will only have 11 digits which really
matter.
The numbers in UID will be non repeating and
non traceable or predictable and will be generated
7. UIDAI will provide AADHAAR
to residentsand missions of
Goals of India that UIDAI
can be verified easily,
quickly and in cost effective way
can eliminate duplicate
and fake identities
The UIDAI intends to cover all
residents of the country, but the
focus will be on enrolling the India's
8. Continued… .
The UIDAI will offer a strong form of
authentication where agencies can compare
demographic and biometric information of the
resident with record stored in central data base
This central data base is stored in a computer
which will be linked to all government and
private agencies like banks
9. Projected benefits
Aadhaar will become the single source of identity
verification. Residents would be spared the hassle
of repeatedly providing supporting identity
documents each time they wish to access services
such as obtaining a bank account, passport, driving
license and so on.
Financial inclusion with deeper penetration of
banks, insurance and easy distribution of benefits
of government schemes.
10. Continued….
By providing a clear proof of identity,
Aadhaar will also facilitate entry for
poor and underprivileged residents into
the formal banking system and the
opportunity to avail services provided by
the government and the private sector.
Giving migrants mobility of identity.
12. Practical risks of
AADHAAR
1. India has been facing various
hacking problems from inside and
abroad. Many times our government
sites were also being hacked by
hackers .This is very clear that our
cyber security is not safe.
2. We are having a lot of corrupted
people in India especially in
government department. Everyone
know that for money, maximum of
government official leak any kind of
information. Then what will be surely
13. Continued…
3.It is proposed that UIN will
be used as PAN for income tax
purpose. If this happen than
PAN will be available easily
to any body and one may use
other UIN or say PAN for any
transaction. Today at least
one can't find easily others
PAN no.
4.Village people will be
offered Rs.100 for getting
their Unique Identity Number.
Every one know very well how
14. Proposed solutions
Information classification:
Information associated with the UID shall be
classified in the minimum into two categories
namely “Primary” and “Secondary”.
Out of the “Primary” category a part would be
considered “Public” information and other would be
treated as “Private-Primary Information”
Public information may consist of name, sex, age,
registered address.
Private-Primary information would be available to
the data holder for query on a synchronized data
server to ensure that the information is accurate at
all times.
15. Secondary Information would be kept in paper format in
multiple locations. One copy would also be kept in digital format
with strong encryption in an offline media with DRP support.
This would be available to authorized UID employees only for
grievance redressal and under appropriate audit trail recordings.
Within UIDAI no employee would be provided access to all
aspects of the data base.
The elements of the data base would be broken into multiple
parts and scattered with an algorithm across the data base. They
would be assembled only by authorized employees.
16. Information storage security:
Information under storage is kept in encrypted.
Access shall be backed up by data integrity control, audit trail
monitoring and archival.
Information transmission security:
Transmission of Information into and out of the systems
would be monitored by a suitable Firewall and appropriate
polices and procedures shall be implemented to ensure that
viruses and other malicious codes are filtered.
Al l transmissions of data including confidential mails in
the name of UIDAI should be encrypted and digitally signed.
17. Logical access security:
Policies and Procedures shall be implemented for
ensuring that access to any IT device is made
available only with appropriate access authentication
such as Passwords.
Appropriate measures shall be initiated for
ensuring that a strong password policy is maintained
across the organization.
Use of hardware tokens with biometric and RFID
tags shall be used where considered necessary.
18. Employee consent:
“ Agents” of UIDAI must be subjected to a
very strict selection criteria including
background checks, privacy declarations,
indemnity etc should be obtained from every
individual who is involved in this activity.
Any mistake observed and corrected will also
be recorded as a “Security Breach” and the
responsibility for the same would be fixed on
the concerned person.
Employee awareness
19. Employee cyber usage
policy:
• Employees would be subject to appropriate
restrictions in use of Computers so that UID
information is not subject to risk elements
from Cyber space.
• All access would be based on multi factor
authentication of the employee and with
archival of audit trail with a trusted third
party with adequate security.
• In particular, no computer which has access
to secondary data will have access to Internet
20. Continued…
In particular, no storage media (such as cell
phones)would be allowed to be used by the
employees in the ordinary course. All computers
would work on the network with dumb terminals.
UIDAI shall retain all Policy documents related
to information security for a period of a minimum
of 3 years either in print or electronic form. Data
which is part of a security breach incident, is kept
permanently.
21. CONCLUSION
“… Theconscious and intelligent
manipulation of the organized habits
and opinions of the masses is an
important element in democratic
society. Those who manipulate this
unseen mechanism of society
constitute an invisible government
which is the true ruling power of our
23. Print master
QUERIES??
• Your Text here
• Lorem ipsum dolor sit amet, consectetuer
adipiscing elit, sed diam nonummy nibh euismod
tincidunt ut laoreet dolore magna aliquam erat
volutpat. Ut wisi enim ad minim veniam, quis
nostrud exerci tation ullamcorper suscipit lobortis
nisl ut aliquip ex ea commodo consequat.
• Duis autem vel eum iriure dolor in hendrerit in
vulputate velit esse molestie consequat, vel illum
dolore eu feugiat nulla facilisis at vero eros et
accumsan et iusto odio dignissim qui blandit
praesent luptatum zzril delenit augue duis dolore
te feugait nulla facilisi.