UIDAI system has multiple layers of security check to thwart manipulation: CEO

Once the application for enrolment is received, validation or security checks are performed at the system's back-end too, Ajay Bhushan Pandey said.

Published: 15th September 2018 11:36 AM  |   Last Updated: 15th September 2018 11:36 AM   |  A+A-

Image of Adhar cards used for representational purpose only. (File photo | PTI)


New DELHI: The UIDAI's system contains multiple layers of security checks, and any attempt of manipulation at the operator level will be detected and thwarted at the back-end, Aadhaar-issuing body's CEO Ajay Bhushan Pandey has said.

The comments of the Unique Identification Authority of India (UIDAI) chief come against the backdrop of a recent report alleging Aadhaar software hack.

"The whole Aadhaar system is designed in a manner that it has multiple layers of security. Because of multiple layers of security, if manipulation is done at the systems' front end, at the back-end the security checks will thwart that attempt," Pandey said.

Once the application for enrolment is received, validation or security checks are performed at the system's back-end too, Pandey said, adding that these safeguards allow rogue attempts to be detected.

"All such attempts will get detected at the back-end and the enrolment packets then get rejected, and Aadhaar is not generated. We are also able to identify which operator has done this and, in such cases, the operator will be blacklisted in appropriate cases we file prosecution under the Aadhaar Act," Pandey told PTI.

A report recently claimed that Aadhaar software and database have been compromised by a software patch that purportedly disables crucial safety features of the enrolment software.

The report had also said that the patch allegedly enabled unauthorised people to generate Aadhaar, a claim that has been refuted by the UIDAI.

In a statement earlier this week, UIDAI claimed that no operator can make or update Aadhaar unless an individual gives biometrics details.

"Therefore it is not possible to introduce ghost entries into Aadhaar database," the UIDAI statement had said.

When contacted, Jaideep Srivastava, Professor of Computer Science at University of Minnesota said that the generation of an Aadhaar number is the result of a full 'two-way handshake' between the client software and the server software.

"The former collects and sends a packet, and the latter then decides to accept or not accept the enrolment packet. Since the server-end decides the second, it has more power than the client software. Just because a rogue operator or compromised enrolment software tries to register an unauthorised person does not mean that the server will accept the packet and generate Aadhaar," Srivastava said in response to an e-mail query.

Stay up to date on all the latest Business news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp