India is one of the fastest-growing digital markets in the world, with a large and diverse population of internet users, online content creators, digital service providers, and tech start-ups. According to a report by Bain & Company and Google, India had 622 million internet users and 342 million smartphone users in 2020, and these numbers are expected to reach 970 million and 650 million respectively by 2025.
Aadhaar has served as a unique digital identifier and formed the base for the digital ecosystem for the citizen-centric government that achieved phenomenal financial inclusion of the last mile. The digital ecosystem was challenged by the breach of Aadhaar data. In the recent past, there have been numerous instances of Aadhaar data being exposed online by various agencies. Centre for Internet and Society, a Bengaluru-based organisation (CIS) found that data of over 130 million Aadhaar card holders has been leaked from just four government websites. The World Economic Forum's (WEF's) Global Risks Report 2019, says, "The largest (data breach) was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens." More than 200 central and state government websites publicly displayed details such as names and addresses of some Aadhaar beneficiaries, as identified by the Unique Identification Authority of India (UIDAI). In Jharkhand, a programming error on a website maintained by the Jharkhand Directorate of Social Security revealed the names, addresses, Aadhaar numbers, and bank account details of over 1.4 million pensioners.
Such a breach of data privacy called for immediate data security and protection mandate. With an objective to ensure privacy of Aadhaar Numbers and its related data, the Unique Identification Authority of India (UIDAI), vide its circular of 2017, which made it compulsory to store all Aadhaar Numbers collected by authentication user Agency (AUA)/e-KYC user Agency (KUA)/Sub-AUAs/ or any other agency in a Centralized Dedicated storage in encrypted form identified as “Aadhaar Data Vault” (ADV). Aadhaar Data Vault enables e-Governance applications in eliminating Aadhaar footprint in the IT eco-system and builds an abstraction layer (Reference Key) to safeguard Aadhaar Numbers and their related data. This will eventually result in a low risk of unauthorized access to Aadhaar Cards within the organisation's systems. This is like building a high-security wall around a castle, with multiple layers of defense that will keep out unwelcome intruders. By having a secure data layer, it ensures that the sensitive information stored within is safe and sound.
All the agencies which store Aadhaar Numbers in a structured and electronic form for internal identification purposes such as attendance management, ration delivery, scholarship delivery, financial transactions (PFMS) etc. may use Aadhaar Data Vault Service which eventually results in low risk of unauthorized access of Aadhaar Numbers and its related data within organization systems.
Aadhaar number is used as a primary identity for the residents by various user organizations like banks, telecom operators, government departments, private sectors etc. which has increased the footprint of Aadhaar and reduce the risk of leakage. Hence it is important to reduce the footprint of Aadhaar number as a security measure.
Since Aadhaar number is being used across different organizations and departments for service delivery, there are chances of 360-degree profiling of a resident . Hence, the use of reference key will prevent such threats and make the Aadhaar ecosystem more secure and robust.
For better decoupling and independent evolution of various systems, it is necessary that Aadhaar number never be used as a domain-specific identifier. In addition, domain-specific identifiers need to be revoked and/or re-issued and hence the usage of Aadhaar number as the identifier does not work as Aadhaar number is a permanent lifetime number. - Audit and compliance checklist on UIDAI website, A1 (Security Framework Policies for AUA-Mandatory), point 1. An identifier is a name or code that uniquely identifies an object within a system. In this context, the term "domain-specific" means that the identifier is only used within a specific system or application, and is not meant to be universally unique.
Aadhaar Data Vault is a centralized storage for all the Aadhaar numbers collected by the AUAs/KUAs/Sub-AUAs/ or any other agency for specific purposes under Aadhaar Act and Regulations, 2016. It is a secure system inside the respective agency’s infrastructure accessible only on need to know basis Similar to the tokenisation strategy, the Aadhaar data vault consists of reference key, which is a unique token to represent the Aadhaar number in the entire internal ecosystem of the agency. Mapping of reference key and Aadhaar number is maintained in the Aadhaar Data Vault. This is similar to a lock and key system, where the reference key is the key that unlocks the Aadhaar data vault, and the Aadhaar number is the lock that needs to be opened.
Aadhaar Vault is a great step to vault the digital economy, as it reassures the faith of the citizens. The digital transaction needs data privacy and security which can only be possible if there are stringent mandates of the usage with strong tech support. Vaulting ensures a secure digital ecosystem opening new avenues of possibilities and innovation and promoting the nation’s growth.
Case Study download link has been sent to your email address.
If you do not receive any email, please check your spam folder.
Please enter the OTP sent to your mobile number
Our executive will get in touch with you shortly. If you have any queries feel free to contact us at firstname.lastname@example.org
Please enter the OTP sent to your mobile number
We welcome to the opportunity to discuss a possible business opportunity between us. For further information will contact you shortly.