Showing posts from September, 2017

Data leakage possibilities with Aadhaar based e-KYC systems

A recent incident in July 2017  that involved alleged data theft through a KYC app has added to the confusion and concerns in the minds of users about security and confidentiality of their biometrics and other PII data that are maintained by UIDAI . I am a bit skeptical about how PII is handled by various agencies who collect and transact with such data in our country. The concern about having my biometrics and other data lifted was at back of my mind when I was giving my fingerprint at a mobile phone shop for taking a new data connection last week. It was not until a friend asked me for some clarifications about internals of biometrics based authentication systems that I paid close attention to various possible leakage points in Aadhaar based eKYC/authentication  applications.  The overall architecture and process steps involved when using Aadhaar APIs for performing, say, authentication of an Aadhaar card holder are explained in its API documentation . For the sake of und