Tag Archives: Authentication

ePramaan – India’s own National e-Authentication service

Pramaan in Hindi means validation. This word has been adopted by DeitY to christen its eAuthentication service as ePramaan.

ePramaan is a National e-Authentication service offered by Department of Electronics and Information Technology (DeitY).

ePramaan provides a simple, convenient and secure way for the users to access government services via internet/mobile as well as for the government to assess the authenticity of the users.

ePramaan offers authentication as a service by verifying the credentials of a person who is wishing to access any e-Governance service.

Q: What is e-Authentication?

Ans:   Electronic Authentication (or e-Authentication) is the process of electronic verification of the identity of a user. e-Authentication provides a simple, convenient and secure way for the users to access government services via internet/mobile as well as for the government to assess the authenticity of the users.

e- Authentication helps to build up confidence and trust in online transactions and encourages the use of the electronic environment as a channel for service delivery.

The next question is than Why e-Pramaan?

The answer is e-Pramaan provides guidelines that will help in the selection and implementation of the appropriate e-authentication approaches. Having a standardised e-Authentication framework has the following benefits:

  1. Transparency- E-authentication decisions will be made in an open and transparent manner
  2. Cost-effectiveness Government departments and agencies will not have to implement cumbersome and expensive e-authentication processes for simple or low-risk transactions
  3. Risk management: The selection of e-authentication mechanisms will be guided by the likelihood and impact of identified risks
  4. Consistency: Government departments and agencies will apply a consistent approach to selecting the appropriate e-authentication mechanism
  5. Trust: The mechanisms used will support online and mobile based services and enhance security, safety, and trust in such transactions
  6. Improved privacy: Personally identifiable information will be collected only where necessary as per the sensitivity level of the application or service
  7. Efficiency: The time to deploy an e-Authentication capability for any government application will be greatly reduced

The framework provides various levels of authentication based on the sensitivity requirement of an e-Governance service.

  • Level 0: No Authentication required for publicly available information.
  • Level 1: User Id and Password based authentication. This is meant for basic public services with low sensitivity service.
  • Level 2: Two factor authentication (User Id and Password AND OTP). Meant for personally identifiable information and services with moderate levels of security.
  • Level 3: User Id and password PLUS Digital Certificate (soft/hard). Meant for services which requires high security and any or all of PAIN properties.
  • Level 4: User Id and password PLUS Biometric based authentication. Meant for services requiring the highest levels of security.

The level 4 of Authentication in e-Pramaan supports UIDAI biometric authentication in which Aadhaar holders can get authenticated by giving their fingerprint which will be verified in the background through Aadhaar Authentication Server.

The services of e-Pramaan will be provided through NSDG, SSDG. Central government department or state government department services registered with various service delivery gateways will call e-Pramaan services for authentication before the actual service is invoked.

Read the FAQs now or see the video.  The choice is yours.  The project is the development stage now, and will be ready for Beta launch in another three months.

Advertisements

UIDAI-Aadhaar: Aadhaar Number is the new User Name for Authentication of an Indian individual

To reduce leakages or to increase security levels, be it in physical buildings or computer networks, Authentication is the preferred mode. Authentication is the process wherein the individual conforms who she/he claims to be.

The ‘Authentication’, process is not a modern process but was prevalent even in ancient times. Only the methods of ‘Authentication’ have changed.

The latest ‘Authentication’, tool is the Aadhaar based mode. In modern world, ‘Authentication’, revolves around a UserName and Password.

In the UIDAI-Aadhaar Authentication model, the USERNAME is the ‘Aadhaar Number’, and the PASSWORD is either the OTP (One Time Password) or Iris or fingerprint.

At present, UIDAI-Aadhaar Authentication offers the following 5 types:

Type 1 Authentication: Through this offering, service delivery agencies can use Aadhaar Authentication system for matching Aadhaar number and the demographic attributes (name, address, date of birth, etc) of a resident.

Type 2 Authentication: This offering allows service delivery agencies to authenticate residents through One-Time-Password (OTP) delivered to resident’s mobile number and/or email address present in CIDR.

Type 3 Authentication: Through this offering, service delivery agencies can authenticate residents using one of the biometric modalities, either iris or fingerprint.

Type 4 Authentication: This is a 2-factor authentication offering with OTP as one factor and biometrics (either iris or fingerprint) as the second factor for authenticating residents.

Type 5 Authentication: This offering allows service delivery agencies to use OTP, fingerprint & iris together for authenticating residents.

To reduce load on the Aadhaar Servers, the Aadhaar Number is part of all forms of the above 5 authentication models i.e the operation is reduced to 1:1 match.

This means as mentioned above, the Aadhaar Number is the Username only, and not the Password.

 

UIDAI holds Half Day eKYC Workshop. No additional investment of Aadhaar online authentication.

Read my earlier Post 1 and Post 2 on eKYC here.

To familiarize eKYC process flow amongst Bankers, Insurance Companies, Securities Market and Telecom Sector, UIDAI held a workshop on August 19, 2013.

The workshop was followed by a media brief, and UIDAI Chairman Shri Nandan Nilekani was taking questions from the media personnel, on doubts on eKYC implementation and the legal backing for eKYC.

The highlight of the Media brief was:

“If a certain authority feels that the beneficiaries of a particular scheme need to possess Aadhar cards, they can make it mandatory for them for that particular scheme,” said Nandan Nilekani, Chairman, Unique Identification Authority of India, on Monday here.

The workshop was done to demonstrate the practical implementations and to specify some of the salient features and the benefits of its implementation.

Residents have to authorize UIDAI to release the information available in the CIDR.

Authorization can be done via two channels:

01) In person (through  biometric authentication),

02)Online (through OTP authentication).

Upon successful authentication and consent of the resident, the UIDAI will provide the resident’s name, address, date of birth, gender, photograph, mobile number (if available), and email address (if available) to the service provider electronically.

One of the foremost advantages of Online Authentication is that the latest details of the resident can be viewed by the service provider and stored as proof of KYC being done.

Online authentication also costs less as compared to biometric authentication. No additional investment needs to be done for Online Authentication.

 

Computerworld Honors 2013: Economic Development Winner – Aadhaar

 

UIDAI has one more feather in its cap. It is the winner of Computerworld Honors 2013 under Economic Development.

ComputerWorld describes Aadhaar as : : ID program empowers citizens in India

Government program, the 21st Century Achievement Award winner for economic development, uses biometrics to assign unique identity numbers, allowing residents of India to participate more fully in society.

The Computerworld Honors Program was established in 1998 with the aim to bring together the men, women, organizations and institutions around the world whose visionary applications of information technology promote positive social, economic and educational change.

The 2013 Awards are the 25th in the annual series.

The other finalists in the race were:

  1. Engro Milk Automation Network (EMAN),
  2. Solar Sister Program,
  3. African Cashew Initiative (ACi),
  4. Empowering Rural Women and Providing Sustainable Access to Market