Offline Aadhaar Data Verification Service

Offline Aadhaar Data Verification Service
Definition: It is a secure sharable document which can be used by any Aadhaar number holder for offline verification of Identification.

A resident desirous of using this facility shall generate his/her digitally signed Aadhaar details by accessing UIDAI resident portal. These details will be generated by the Aadhaar number holder which will contain Name, Address, Photo, Gender, DOB, registered Phone Number (hashed) and registered Email Address (hashed). Apart from Name and Address as mandatory details in digitally signed XML, Aadhaar number holder will always have the option to choose from other five demographic details which he/she may want to share with any service provider using the XML. It will provide Offline Aadhaar Verification facility to service providers without the need to collect or store Aadhaar number.

Generation of Offline Aadhaar
The process of generating Offline Aadhaar is explained below:
  1. Go to URL →
  2. Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in screen, then click on ‘Send OTP’. The OTP will be sent to the registered Mobile number for the given Aadhaar number or VID. Enter the OTP received and click on ‘Submit’ button
  3. On the next screen, enter the ‘Name’, ‘Pin Code’ as registered in Aadhaar and mentioned ‘Security Code’ in screen and click on ‘Verify’ button. This will validate the ‘Name’ and ‘Pin Code’ for the given Aadhaar number or VID. Upon successful validation, it will redirect to next screen, else it will redirect to page mentioned in step ‘b’ with error message as “Please re-check your details, data does not match our records”.
  4. In next step, after successful validation,
    1. Select the required details which you want to download by clicking the radio button.
    2. Enter the desired ‘Share Code’ for the ZIP file in the provided field with required parameters as indicated in screen iii. Enter the ‘Security Code’ and press ‘Submit’ button
  5. The Zip file containing the digitally signed XML will be downloaded to device wherein the above mentioned steps have been performed. Extract the zip file using the password as specified in previous step and save the XML file in the desired location

Users of this Offline Aadhaar Data Verification Service
In order to protect your privacy, Scrabble has adopted the following principles:Any Aadhaar number holder who desires to establish his/her identity to any service provider using digitally signed XML downloaded from UIDAI website can be a user of this service. The service provider should have provisions of providing this Offline Aadhaar Data Verification Service at their facility and do the offline verification (as described below)

Sharing of Aadhaar XML file with the service provider

Residents are free to share this ZIP file along with the Password (Share Code) to the service provider as per their mutual convenience

Use of Offline Aadhaar Data Verification Service by Service Providers
The process of Offline Aadhaar Data Verification by Service Provider is:
  1. Once service provider obtains the ZIP file, it extracts the XML file using the password (share code) provided by the resident
  2. The XML file will contain the demographic details such as Name, DOB, Gender and Address in plain text. Photo is base 64 encoded which can be rendered directly using any utility or plane HTML page. Email Address and Mobile number are one-way hashed.
  3. Service Provider has to collect Email Address and Mobile number from residents and perform below operations in order to validate the hash:

Mobile Number:

Hashing logic: Sha256(Sha256(Mobile+ShareCode))*number of times of last digit of mobile number
Mobile number: 9800000002
Share Code: Abc@123 Sha256(Sha256(9800000002+ Abc@123))*2
In case of mobile number ends with Zero (9800000000) it will be hashed one time.
Sha256(Sha256(9800000000+ Abc@123))*1

Email Address:
Hashing Logic: This is a simple SHA256 hash of the email without any salt

  1. Entire XML is digitally signed and Service Provider can validate the XML file using the signature and public key attached in the XML

Sharing of Aadhaar XML file to other entities by the Service Provider
Service Providers shall not share, publish or display either Share Code or XML file or its contents with anyone else. Any non-compliance of these actions shall invite actions under Sections 17 and 25 of The Aadhaar (Authentication) Regulation, 2016, Sections 4 and 6 of The Aadhaar (Sharing of Information) Regulation, 2016 and Sections 29(2), 29 (3) and 37 of The Aadhaar Act, 2016.

Difference between other identification documents produced offline by residents and Aadhaar XML document
Identity verification can simply be accomplished by providing an identity document like PAN card, Passport etc to the service provider. However, all these documents, which may be used for identification can still be forged and faked which may or may not be possible to verify offline instantaneously. The document verifier has no technological means to verify the authenticity of the document or the information it contains and has to trust the document producer. Whereas, the XML file generated by the Aadhaar number holder using Offline Aadhaar Data Verification Service is digitally signed document using UIDAI digital signature. Thus, the service provider can verify the demographic contents of the file and certify it to be authentic when doing the offline verification

What is eSign?

eSign service is an online electronic signature service that can facilitate an Aadhaar holder to digitally sign a document. A licensed eSign Service Provider (ESP), empanelled by Controller of Certifying Authorities (CCA) can provide eSign Services to Application Service Providers (ASPs)
eSign is an online electronic signature service that can facilitate an Aadhaar holder to digitally sign a document. An Aadhaar holder can now sign a document after Biometric/One Time Password authentication thus requiring no paper based application form or documents. Authentication of the signer will be carried out by the e-KYC services of UIDAI and on successful authentication i.e., on receiving the consent from the signer, electronic signature on the document/data will be ascribed by eSign services of ESP. eSign will make the process of digital signature very simple and hence, end-users may adopt it at much faster pace than the traditional DSC. Online service providers can use Open API and easily integrate eSign facility, making the feature of non-repudiation much robust in their existing service.

Features of eSign
  • Easy and secure way to digitally sign document anywhere, anytime
  • Facilitates legally valid signatures
  • Flexible and easy to implement
  • Privacy of the signer is maintained
  • Secure online service is used
  • Immediate destruction of keys after usage

Benefits of eSign
  • Promotes paperless environment
  • No hassles of key storage and key protection concerns
  • User Convenience
  • Integrity with complete Audit trail
  • Saves cost and time

Who can avail eSign services?

Following category of entities can obtain eSign services through registered ESP:
  • A Central/ State Government Ministry / Department or an undertaking owned and managed by Central / State Government
  • An Authority constituted under the Central / State Act
  • A Not-for-profit company / Special Purpose organization of national importance
  • A bank / financial institution / telecom company
  • A legal entity registered in India

What is KRA (KYC Registration Agency)?

Earlier, the investors could easily complete their KYC process by simply opening an account with any of the SEBI intermediaries and submitting relevant documents. Later, this process caused very high duplication of KYC records as the customer had to undergo the process of KYC with each entity separately. Therefore, in order to bring uniformity in the KYC process and eliminate such duplications, SEBI introduced the concept of KRA (KYC Registration Agency). Now, there are 5 KYC Registration Agencies(KRAs) in India.
These include:

  1. CVL KRA
  3. Karvy KRA

As per the SEBI guidelines of 2011, the investors who wish to invest in Mutual Funds or become KYC complaint have to register with any one of the above-mentioned agencies.

What is CVL KRA?

CVL KRA is one of the KYC registration agencies (KRA) in the country. CVLKRA offers KYC and KYC related services for all the fund houses, stockbrokers and other agencies that are compliant with SEBI. Know Your Customer – KYC – is a one-time process to authenticate the identity of the investor and this process is compulsory for all financial institutions.

CDSL Ventures Limited - CVL - is a completely owned subsidiary of the central depository Services of India (CDSL). CVL relies on its expertise in the securities market domain and maintaining the data confidentiality. CVLKRA was the first central-KYC (cKYC) Registration Agency for the securities market. CVL KRA keeps the records of the investor in a centralized manner on behalf of the securities market intermediaries that are compliant with SEBI.

What is NDML KRA?

NSDL Database Management Limited which is a fully owned subsidiary of National Securities Depository Ltd. (NSDL). NSDL Data Management Ltd (NDML) is one of the leaders in the country in providing business and knowledge process services. It focuses mainly on delivering best possible services with the help of an innovative framework. NDML aims to maintain its top position by making most of the current retail sector boom in the Indian market. NDML KRA functions as an independent entity backed by a strong team of professionals with great experience. NDML KRA uses the latest technology for data management which keeps the records of the information of its clients centralised. It does this on behalf of the SEBI compliant securities market entities.

NSDL KRA is one of the registered KRA among the other four that provide KYC related services to the investors. NSDL KRA allows you to check your KYC Status, download the KYC Form and complete the KYC KRA verification.