How AADHAAR - the largest biometric system in the world

general description
Aadhaar is an Indian online authentication service provided by UIDAI government agency . Organizations (banks, government agencies, etc.) transmit the Aadhaar number and read biometric data of the user (one or more fingerprint or iris patterns). In response, the service gives a yes / no response. Additionally (Aadhaar e-KYC service), with the obligatory consent, the user's personal data can be verified.
In total, more than 1.1 billion users are logged in, for each account there are: 10 biometric fingerprint templates, 2 iris templates, a photo and personal data (address, gender, date of birth). In total, the database takes ~ 25 Pb.
The current load on the system is up to 20 million requests per day (an average of 100 requests per second with a peak value of 500 requests - at the beginning and end of the working day of civil servants), the system is designed for 40 million requests. It is planned to upgrade equipment with the calculation of up to 100 million requests per day.
Adding Users

At the initial stage, when the database was “only” for 84 million people, UIDAI analyzed the operation of the system. I'll start with the numbers:
Failure to Enroll Rate (FTE) - 0% . Error adding to system. Aadhaar get everything.
Biometric Failure to Enroll Rate (B-FTE) - 0.14% . This is the number of users who cannot be uniquely identified using biometric data, they must be checked manually. According to preliminary calculations, the system would be operational with a B-FTE <15%.
False Positive Identification Rate (FPIR) - 0.057% . The percentage of mistakenly found duplicates. This means that with a maximum load of 1 million new users per day, 570 people must be checked manually.
False Negative Identification Rate (FNIR) - 0.0352%. Percentage of missed duplicates.
Poor quality fingerprints - 2.9% . Percentage of users with low print quality. For user data, it is preferable to use iris identification.
Poor quality fingerprint and poor quality irises: 0.23% - Percentage of users who are subject to authentication errors due to poor quality biometric templates (both fingerprint and iris).
In the diagram below, the new user data processing process:


The collection of user biometric and personal data is carried out by certified organizations (Enrollment Center) at workstations of specially trained operators, where an offline application is installed. From the data received from the user, an Enrollment package is formed, which is supplemented with data about the operator, data collection time and is encrypted. The size of one package is up to 5 MB (mainly 2-3), the maximum load was 1 million new users per day.
All packets are transferred to CIDR (Central Identities Data Repository). Synchronization with CIDR should be done at least once every two days. All data from workstations is deleted after a response is received from CIDR about the successful creation of Aadhaar. Upon completion of the verification, the original images of the fingerprint and iris are stored in CIDR and stored separately.


CIDR first checks for duplication, falsification and malware, then the data goes into processing: personal data is verified, and then biometric data. To do this, use 3 automatic biometric systems (ABIS - Automatic Biometric Identification System) from different developers, combined into one Multi-ABIS. ABIS work in parallel, but suspicious registrations or low quality data is additionally passed through all ABIS. When a duplicate is found, it is processed first by a special SDK for errors during scanning, and then transmitted for manual verification. For 97% of users, the process of adding to the database takes less than 5 minutes.
It was revealed that 20% of correctly identified duplicates are the result of mixed identification caused by operator errors. Another 20% of the duplicates were due to matching patterns from different people. To reduce these indicators, UIDAI adjusted the client software to reduce the role of operators.
Authentication process

In order to receive the service, the user enters his Aadhaar number or local identifier and is identified on the biometric terminal. From the received data (biometric template + number), an XML request is generated, which is sent to the server of the organization providing the service (AUA - Authentication User Agency). On the server, the request is supplemented by the data of the AUA itself and is sent to the CIDR through the ASA (Authentication Service Agency) server. Here biometric data is verified (in a 1 to 1 mode) and a yes / no response is issued, which is returned to the AUA server and confirms / denies the service. Verification in 98% of cases takes less than 1 second. With a large number of false Aadhaar operations, the number will be blocked. The number of authentication attempts is not fixed and depends on a number of factors.
Aadhaar e-kyc

A separate API describes the operation of Aadhaar e-KYC. With its help, with successful user authentication, you can check the personal data stored in the CIDR - address, date of birth, get a photo of the user and an electronic copy of the letter about the issuance of Aadhaar. Thus, the bank, mobile operator, etc. can quickly and accurately fill out and verify customer data.
Access to this service is limited: you must first register as an AUA, complete 300,000 transactions in 3 months and obtain a separate UIDAI permission. Access to CIDR is via the KYC Service Agency (KSA) server.
Security
The issue of security is one of the most painful when discussing such projects. UIDAI criticized for it almost from the first day. Below is a diagram of the system security levels:

Data security to ASA servers is in the area of responsibility of the AUA and is described in a separate document. Of the required items:
- The entered data should be encrypted already on the device and should be stored only while the transaction is being completed;
- Inside AUA systems, users must use local identifiers (driver’s license, one-time password, student card, etc.), which are compared with the Aadhaar number.
- If the operation is carried out by the operator, he must be identified, for example, using his Aadhaar number;
- The obtained biometric data for authentication is generally forbidden to be stored anywhere;
- A dedicated and secure communication channel or SSL must be used to communicate with the ASA.
Only ASAs have direct access to CIDRs. Large AUAs can afford their own ASAs, but smaller AUAs must connect through someone else.
ASAs are required to meet the following requirements:
- Connect to CIDR only through a dedicated and secure channel,
- Transaction data must be stored for at least 6 months,
- User identifiers, encryption keys used during authentication, are generally not allowed to be stored anywhere. News
appeared at the beginning of the yearthat criminal cases were instituted against several organizations that allowed illegal authentications based on stored biometric data. The violation was discovered when it turned out that one person committed 397 biometric transactions between July 14, 2016 and February 19, 2017. And in March, UIDAI announced the update of encryption keys on all devices by June 1.
Human factor

At the very beginning, you could add to the system again, or under an assumed name. So his Aadhaar number appeared among several Hindu Gods: Brahma, Hanuman. UIDAI has closed this loophole and now for similar jokes, as in the example with the owner of the dog, you can go to court. There are also precedents when they were sent to court for re-registration.
The collection of biometric data and the issuance of Aadhaar numbers - the procedure is free. Sometimes operators selflessly struggle with this injustice, refusing to work with users without a bribe. They either do not exist at all in the workplace, or "sorry, we do not have a connection to the server." Ostap Bender would be pleased.
But UIDAI is not. Over the past 3 months, about 1,000 dishonest operators were identified and then fired and fined. And one of the Aadhaar centers was blocked for 10 years because the personal data of a popular cricket player leaked from there.
PS That's all for now, and a small bonus to those who read to the end. A little national humor that Aadhaar will soon begin to appropriate and cows))