AADHAR OPERATING MODEL , ITS FUTURE APPLICATIONS AND THWARTING AGENTS AADHAAR is a 12 digit individual identification number.

.it is being issued by the Unique Identification Authority of India to all residents of India on a voluntary basis. AADHAR card consist of the biometric detail of individual like IRIS scan, finger prints and photo. A core development team was composed largely of non-resident Indians returning to India solely for this project. The team is being headed by NandanNielkeni since 2010.

Service Definition Aadhaar Authentication is defined as the process wherein, Aadhaar number along with the Aadhaar holders personal identity information is submitted to the Central Identities Data Repository (CIDR) for matching following which the CIDR verifies the correctness thereof on the basis of the match with the Aadhaar holders identity information available with it.

Prima facie, authentication qualifies as a service to be performed by UIDAI, as and when the National Identification Authority is setup under the Act of parliament. UIDAI shall offer Aadhaar-based authentication as a service that can be availed by government /public and private entities/agencies that wish to authenticate the identity of their customers / employees / other associates (based on the match of personal identity information) before providing them access to their services / business functions /premises, etc.

Service Description Aadhaar-based authentication refers to the sequence of events during which the personal identity information / data of an Aadhaar-holder is matched with their personal identity information / data that is stored in the CIDR. An Aadhaar holders Personal Identity Data (henceforth referred to as PID) includes his or her demographic details, one-time password (OTP with a limited validity period) sent to the Aadhaarholders cell phone (stored in the CIDR) and the Aadhaar holders biometric information (fingerprint and iris scan).

UIDAI, in its Aadhaar Authentication Framework document has listed the various authentication types that it offers. For each service that they wish to enable by Aadhaarauthentication, user agencies choose an authentication type depending on their business requirements. The PID collected by the user entity for authentication is determined by the authentication type chosen. This document addresses itself to the operating model for online authentication of an Aadhaar holders identity, i.e., where an Aadhaar holders PID that is fed into the authentication device at the time of authentication are compared with the corresponding PID stored in UIDAIs Central Identity Data Repository (CIDR).

The above figure identifies the key actors in the Aadhaar authentication model and depicts six possible scenarios in which the key actors could engage with each other. 1. Unique Identification Authority of India (UIDAI): UIDAI is the overall regulator and overseer of the Aadhaar authentication system. It also owns and manages,either by itself or through an agency, the Central Identities Data Repository (CIDR) that contains the personal identity information / data of all Aadhaar-holders. Presently UIDAI will manage the CIDR through a Managed Service Provider (MSP). 2. Authentication Service Provider (AuSP): AuSP is the entity that offers Aadhaarbased authentication services on behalf of UIDAI. To start with, the role of AuSP will be played by the entity that is the MSP. In the future, as authentication volumes go up, it is possible that more AuSPs are added to the authentication ecosystem. 3. Authentication Service Agency (ASA): ASAs are agencies that have established secure leased line connectivity with the CIDR compliant with UIDAIs standards and specifications. ASAs offer their UIDAI-compliant network connectivity as a service to Authentication User Agencies (see below for description of AUA) and transmit AUAs authentication requests to CIDR. Only agencies contracted with UIDAI as ASAs shall send authentication requests to the CIDR; no other entity can directly communicatewith CIDR. An ASA could serve several AUAs; and may also offer value added services such as multi-party authentication, authorization and MIS reports to AUAs. Such value added services (over and beyond the basic Aadhaar authentication service) are not covered in this operating model. An ASA is bound to UIDAI through a formal contract.

4. Authentication User Agency (AUA): AUAs are agencies that uses Aadhaarauthentication to enable its services and connects to the CIDR by itself (as an ASA) or through an existing third party ASA. It is also possible that an AUA engages more than one ASA. In order to directly connect to the CIDR, an AUA needs UIDAIs approval to become an ASA. An AUA could also transmit authentication requests from other entities that are Sub AUAs under it (see details on Sub AUA below). AUAs can also act as an aggregator offering authentication services to Sub-AUAs below them and may also offer value added services such as multi-party authentication, MIS reports and authorization to their Sub AUAs. An AUA enters into a formal contract with UIDAI in order to access Aadhaar authentication. 5. Sub AUA: An agency / entity (any legal entity registered in India) desiring to use Aadhaar authentication to enable its services could become an AUA or it could access Aadhaar authentication services through an existing AUA. In the latter case, it becomes a Sub AUA of the existing AUA which it engages. The following are some possible examples: (i) Government of any State/Union Territory could become an AUA and several ministries/departments in the State could access Aadhaarauthentication services through the State government as its Sub AUAs. (ii) A smallentity or business (e.g. a small scale bank) which does not want to directly engage in a formal contract with UIDAI but still wants to use Aadhaar Authentication, may choose to access Aadhaar services as a Sub AUA of an existing AUA (e.g. a large bank or any aggregator AUA offering AUA services). (iii) Several entities could combine under a single AUA for business reasons. Ex. Several hotels could access Aadhaarauthentication as Sub AUAs of an Hoteliers Association that becomes an AUA. In all such cases UIDAI has no direct contractual relationship with the Sub AUA. Only the AUA is contracted to UIDAI and shall be responsible for all authentication requests flowing through it, including those originating from its Sub AUAs. 6. Authentication Devices: These are electronic actors that form a critical link in the Aadhaar authentication service. These are the devices that collect personal identity data (PID) from Aadhaar holders, prepare the information for transmission, transmit the authentication packets for authentication and receive the authentication results. They could be operator-assisted devices or selfoperated devices. Examples of authentication devices include desktop PCs, laptops, kiosks,handheld mobile devices, etc. They could be operated by the AUA (or the Sub AUA) or agents of AUA / Sub AUA. 7. Aadhaar holders: These are holders of valid Aadhaar numbers who seek to authenticate their identity towards gaining access to the services offered by the AUA or their Sub-AUAs.

The above figure also depicts six possible scenarios in which key actors in the Aadhaarauthentication ecosystem could engage with each other (numbered 1-5 in the figure): 1. Scenario-1: In this scenario, entities that become an AUA choose to connect to the CIDR through any of the existing ASAs. Examples: (i) A government department (say Department of Civil Supplies) becomes an AUA and chooses to connect to the CIDR through an existing ASA, possibly a telecom carrier that has already established secure leased line connectivity to the CIDR. (ii) A bank becomes an AUA and chooses to connect to the CIDR through an existing ASA, possibly an organization such as National Payments Corporation of India (NPCI). 2. Scenario-2: This scenario refers to the case where an AUA chooses to engage multiple ASAs to connect to the CIDR. Possible reasons why AUAs may choose to do so include business continuity planning (to ensure continuous availability of Aadhaar authentications service even if one ASAs services fail) and accessing different value added services from different ASAs. 3. Scenario-3:An entity such as a large bank becomes an AUA and chooses to directly connect to the CIDR by establishing secure leased line connectivity to CIDR. In this case it is an AUA and is also its own ASA. Such entities can also offer ASA services to other AUAs (this case is as in Scenario-2). 4. Scenario-4: This is an extension of the earlier scenario. In this case, the ASA-AUA (such as a large bank) that establishes its own secure leased line connectivity to the CIDR serves other AUAs / Sub AUAs (such as other smaller banks that choose to engage an ASA rather than establish their own leased line connectivity to the CIDR). The latter entity could connect to the ASA-AUA as an AUA (in which case it is directly contracted to UIDAI) or as a Sub AUA of the ASA-AUA. 5. Scenario-5: Some entities desiring to use Aadhaar authentication may choose to route their requests through an existing AUA rather than becomes AUAs themselves. In such cases, they become Sub AUAs of existing AUAs. Possible examples have been provided earlier in this section. 6. Scenario-6: Some AUAs may choose to transmit some of their Aadhaarauthentication requests through an ASA and the remaining through another AUA. This could happen when the latter AUA provides value added services that the former AUA desires to access (such as providing reconciliation services to banks in funds transfer transactions). A possible example: a bank could go through its ASA for services such as balance inquiry and go through a large bank for services such as funds transfer. In such cases, the bank plays the role of an AUA when going through an ASA and at the same time is a Sub AUA of another AUA (the larger bank) when going through the larger bank.

Future applicationsAADHAR card has a very wide scope for citizen of India as well as for the government of India. Removing corruption and effective implementation of social welfare programs: Benefit of AADHAR is that it will help to reduce corruption. Aadhar card has digitalize whole information regarding a human being. Now govt. will have better tracking system for the person who are living below poverty line. The bank account of these person will be connected through 12 digit Aadhar no. Since whole process will be digitalize, so Govt. can transfer money related to social benefit schemes directly to beneficiarys account. Thus middle men will be bypassed who are responsible for corruption and eat large amounts of funds given to social benefit schemes. Poor/rural people in India who did not have any proof of identification can now get unique Aadhar number. Due to unique identity number citizens will be in better position to demand all fundamental facilities they are entitled to. Since all people do not have necessary ID proofs especially in rural areas, so they suffer in the hands of middlemen, specially the farmers. Not only citizen government will also be benefits as they have great access of all individual. Aadhar card will certainly facilitate online interaction between the citizens and government. Problem of illegal immigration can be solved: The AADHAR card will be helpful to stop the illegal immigration in India. Once the project will be completed then each citizen of India have unique id. After that govt. can easily identify the immigrants and take required action. This unique ID will ensure that all residents (temporary or permanent) can be lawfully identified at any point of time. Since this unique ID is universal so Govt can sign MOU with different country in terms of access of data if there will be any emergency. This will increase the faith of other country to our resident and lower the time to generate visa. Hassle free transportation will increase the trade and will help India to grow. Indian citizens can use this card as their national identity at universal level to avoid any identification problems in India or abroad. Fighting Terrorism and Crime, Improving Security: Aadhar card number will also remove fake Identity proofs, which in fact is a greater threat to National security. Thus it will also help in tracing terrorists and criminals coming from outside the country who are using fake ID proofs to stay here and spread violence. Since their information will be available on single click. Removing hassles of Mobility and keeping different proofs for different purpose: It will serve as one Proof for all purposes, so no need to keep different proofs for address verification, Age verification or Identity. Thus solving lot of problems of moving into another place, where you have to show address proof for availing any service. Aadhar a must for scholarships: Aadhar card can be used for the distribution of scholarship to the students. Students from backward classes, economically backward classes, minorities and physically challenged categories with annual family income of less than `1 lakh are eligible to apply for scholarships and fee reimbursement. In the case of students from scheduled castes and scheduled tribes, the income limit has been fixed at `2 lakh per annum. Students who are yet to receive Aadhaar cards or enroll for them are naturally upset at this sudden decision.

Cash at your fingerprints: With Aadhaar utilizing biometric fingerprint recognition to build a database on the nations citizens, Visa plans to utilize the same technology to facilitate payments. In this concept visa has said it will remove the use of cards and telephone for getting the cash through ATM. They will tie up with UID and use their data for the transaction Computerization of PDS gaining: Biometric devices were installed in ration shops to ensure that PDS commodities were delivered only to genuine cardholders. This left no scope for bogus ration card holders to obtain essential commodities and checked dealers from diverting the undelivered commodities to other purposes. UID number can be used by oil companies: The Unique ID can be used by the oil companies for new LPG connection. Civil supplies department hopes that this move would effectively reduce illegal connections in the future. It will also decrease the misuse of subsidized gas cylinder. AADHAR card number and PAN number: In future aadhar card number can be clubbed with PAN card. In India PAN number is very much necessary for the payment of taxes. For the better tax recovery system government can give instruction to banks that they must use aadhar card number and pan card number for opening of account. Once account of each person will be linked by the biometric detail of respective citizen then banks and government can monitor each and every transaction done by individual. After that tax recovery will be more effective and transaction of black money can be stopped. Self-service puts residents in control: Using Aadhaar as an authentication mechanism, residents should be able to access up-to-date information about their entitlements, demand services and redress their grievances directly from their mobile phone, kiosks or other means. In the case of self-service on the resident's mobile, security is assured using two-factor authentication (i.e. by proving possession of the resident's registered Mobile Number and knowledge of the resident's Aadhaar PIN). These standards are compliant with the Reserve Bank of India's approved standards for Mobile Banking and Payments.

Concerns & Loopholes in UIDAI (Aadhar)

Aadhar has invoked mixed reactions from the academicians , eminent personalities , business fraternity , etc . UIDs biometric data collection process has some major flaws . Labourers and poor people, the primary targets of the Aadhar process, often do not have clearly defined fingerprints because of excessive manual labour. Even old people with dry hands have faced difficulties. Weak iris scans of people with cataract have also posed problems. In several cases, agencies have refused to register them, defeating the very aim of inclusion of poor and marginalised people. Aadhar is not restricted to the citizens of India . The Clause 6 of National Identification Authority Of India bill, 2010 states that , "The aadhaar number or the authentication thereof shall not, by itself, confer any right of or be proof of citizenship or domicile in respect of an aadhaar number holder". It is a identification card for all the residents of the country . The need to identify groups and segments of population which have since long been ignored, is felt now more than ever. As the nation moves ahead, the rift between those living on the fringe of existence and those in the mainstream has only widened. Strategically, separatist powers across Indian states tend to target outsider groups which concurrently have no right to vote. Homeless members of the migrant North Indian population living and working in Maharashtra, Punjab, Orissa and West Bengal or those of the Banjara community who travel far and wide and live on Mumbais streets selling toys, gajras but not at periods long enough to generate documentation to support their claims to caste, franchise or domicile are usually targeted by local separatist groups to appease their in-house resident vote banks. The documentation required for Aadhar the 12-digit individual identification number issued enables identification for every resident threatening to legitimise illegal immigrants across the nation. And, that is a serious issue . India has chosen to collate and accumulate the data without putting the prerequisite checks in legislation and practice in place. If the UIDAI database is leaked or simply sold to insurance companies who stand to gain immensely by assimilating and utilising the data for which they usually shell out fortunes through market surveys and online reviews, millions across the nation risk losing a lot at stake here. India, with its colossal consumer base and without protective legislation in place, is a sitting duck when it comes to tackling powerful insurance companies. UIDAI openly says it's 'in the identity business. The responsibility of tracking beneficiaries and... service delivery will continue to remain with the respective agencies. The UID number will only guarantee identity, not rights, benefits or entitlements.' The Aadhaar project has grave civil liberty implications. It will enable the government to profile citizens and track their movements and transactions.

There is no guarantee that intimately personal details -- pre-existing illnesses, romantic relationships, anonymous donations -- won't be shared with other agencies. The designated registrars include private operators as well as state governments, the Life Insurance Corporation and banks. Also involved are multinational firms like Ernst and Young and Accenture. Already, Apollo Hospital has applied for managing the health records in the Aadhaar database. That is not all. The draft NIAI Bill says the authority will maintain details of every request for identity authentication and that identity information may be disclosed in the interests of 'national security'. These clauses permit the tracking of citizens. Experience shows that whenever the government gets excessive authority, it is misused. That is what happened with our anti-terrorism acts and is happening with the Armed Forces Special Powers Act and Public Safety Act in numerous states. Excessive reliance on technology, especially to tackle special problems like corruption, can be disastrous. Technologies can fail. Biometric readings can go wrong if power supply fails -- as happens virtually daily in most of India. Biometric readings may produce misleading results, as the authority admits, 'in Indian environmental conditions (extremely hot and humid climate and facilities without air-conditioning).' People with low-quality fingerprints (construction workers) and with cataract/corneal problems can pose problems for fingerprints and iris scans. Between 10 and 60 million people could be excluded from UID due to such errors. Aadhaar poses serious data security problems. ID card schemes, says a London School of Economics study, are 'too complex', technically unproven and 'unsafe'. All kinds of supposedly secure databases/Web sites, including those of India's defence ministry and the Pentagon , have been hacked. Data theft and transfer to intelligence agencies or corporations have potentially horrendous consequences. That is one reason why many countries including the UK, US and Australia have abandoned national ID cards. Another is the high cost. According to reports, UID's per person cost is estimated to have jumped from Rs 31 to between Rs 450 and Rs 500. Aadhaar will therefore probably cost something like Rs 150,000 crore (Rs 1.5 trillion). The threat to identity of legal citizenry, the risk of authenticating the status of illegal immigrants and endorsing the so-very-dubious credentials of biometrics such as fingerprint scanning and iris enrolment is real. It indicates that were heading for a disaster. Thought should precede action . The issue needs to be addressed.