The architecture has been structured to ensure clear data verification, authentication and de-duplication,while ensuring a high level of privacy and information security. The Central ID Data Repository will be the central database of all residents, containing the minimal set of fields sufficient to confirm identity. The federated set of databases belonging to the Registrars may contain additional information about the resident, and can use the resident's UID as the key.
The key technology components of the UID system are:
- The UID Server which provides the enrolment and the authentication service. These services will be available over the network for the various Registrars and their authenticating agencies to use. The backend servers need to be architected for the high demands of the 1:N biometric de-duplication as well as the large peak loads from authentication requests.
- The Biometric sub-system is central to the UID system for enrolling as well as authenticating residents. It is likely that a multi-modal biometric solution will be used to achieve a high level of assurance. The 1:N de-duplication envisioned will be by far the most computing-intensive operation of the UID system. Innovative techniques of hashing, indexing, distributed processing, and in-memory databases using multiple-biometric- modes need to be employed to get acceptable performance.
- The Enrolment client application will capture and validate demographic and biometric data. This client needs to work in an offline mode in the village setting when there is no internet connectivity, and upload batch files to the server for processing. Alternatively the batch files can be physically transported to the CIDR for uploading The client application will be deployed on a standard enrolment workstation.
- The Network is a critical aspect of the system, since all UID enrolment and authentication services will be available online. UID services could work over secure WAN networks, the vanilla internet or over mobile SMS channels. It could also potentially work over existing networks such as credit-card POS (point-of-service) devices.
- The Security design secures all the above components from logical/physical attack. This includes:
- Server Security – firewall, intrusion prevention and detection systems (IPS, IDS)
- Network, Client Security –Encryption, PKI etc
- The Administration system will help administer the UIDAI's operations. This includes
§ Account setup – creation/modification of Registrar, enrolling and authenticating agency accounts.
§ Role based access control –Assign rights over UID resources based on role.
§ Audit trailing – track every access to the UID system.
§ Fraud detection–detect identity theft and cyber crimes using audit trails
§ Reporting and Analytics –Visual decision support tools –GIS, Charting etc
No comments:
Post a Comment