Aadhaar Data Vault

Overview

UIDAI has mandated the use of tokenization – replacing sensitive data with a token that can be securely stored, processed and transmitted.

Aadhaar vault solution that will help AUAs/KUAs/Sub-AUAs/ or any other agency for specific purposes under Aadhaar Act to easily implement an encrypted Aadhaar Data Vault to securely store Aadhaar number and eKYC data. SigningAPI’sexposes REST API to store Aadhaar Number and associated eKYC Data.

Aadhar Data Vault

As specified in the UIDAI Circular No. K-11020/205/2017, Aadhaar Data Vault is a secure encrypted centralized storage for all the Aadhaar numbers and related data collected by the AUAs/KUAs/Sub-AUAs/ or any other agency for specific purposes under Aadhaar Act and Regulations, 2016. It should be inside the respective agency’s infrastructure accessible only on a need to know basis. The Aadhaar data vault should provide a reference key, which is a unique token to represent the Aadhaar number in the entire internal ecosystem of the agency. The mapping of reference key and Aadhaar number should only be maintained in the Aadhaar Data Vault.

All business use-cases of entities shall use this Reference Key instead of Aadhaar number in all systems where such reference key need to be stored/mapped, i.e. all tables/systems requiring storage of Aadhaar numbers for their business transactions should from now onwards maintain only the reference key. Actual Aadhaar number should not be stored in any business databases other than Aadhaar Data Vault.

SigningAPI’s Aadhaar Data Vault

SigningAPI’s Aadhaar Data Vault solution is the complete software package that is needed to implement Aadhaar Data Vault within your organization. The software exposes REST APIs that can be used to easily integrate with existing software services. The package supports database encryption for data protection with HSM integration.

  • Allow applications to tokenise and replace sensitive data with token values
  • Encrypts the Aadhaar number and connected data in a Secure Vault
  • Keys for encryption are stored in HSM
  • Flexible policies allow tokens to preserve the format of the input data
  • Application integration using either a SOAP or RESTfulwebservice
  • Allows System users to create policies, set client access and allowed operations, view audit data and configure other parts of the system
  • All operations can be single or bulk requests
  • Full auditing of all user access and client application operations
  • Unauthorised Access  alerts

Below is the process flow diagram for Tokenization and de-tokenization of Aadhaar number

Figure 1: Tokenization

Figure 2: De-Tokenization

Advantages

Secure REST APIs

SigningAPI’s Aadhaar Data Vault exposes simple and secure REST API that enables easy integration of Aadhaar Data Vault with the existing applications

Secure And Encrypted Solution

SigningAPI’s Aadhaar Data Vault supports database encryption to ensure data security even if the database as a whole is compromised.

HSM Integration

SigningAPI’s Aadhaar Data Vault provides integration with leading HSM models to enable encryption using HSM as mandated by UIDAI.

UUID Based Reference Keys

Reference keys to map Aadhaar number are generated using UUID (Universally Unique Identifier represented via hex string) scheme in order to ensure that the recovery of the original Aadhaar number from the reference key is computationally infeasible.

Administration Console

SigningAPI’s Aadhaar Data Vault comes with an administration console with role-based user access to allow viewing of Aadhaar number reference key mapping and access logs.

Access Logs

SigningAPI’s Aadhaar Data Vault logs all API access activities. The log can be viewed via web user interface that supports search functionality as well

Alerts

SigningAPI’s Aadhaar Data Vault Authenticates each transaction and alerts unauthorized Transaction