Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
07 June 2010  
Untitled Document
Sections

E-Governance Special

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
Express Pharma
Express Healthcare
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 

A unique ID for the masses

UID–GOI’s technology leap

The UIDAI project is expected to touch every adult citizen. A voluminous database and the sheer magnitude of this task requires robust security with no room for vulnerabilities writes Subhankar Kundu

In this vast country of ours where the population has crossed the billion mark, common citizens face the problem of identifying themselves as this inability acts as a barrier preventing the deprived from accessing basic benefits and subsidies offered by the government. The requirement to prove one’s citizenship is felt while interacting with both private as well as public sector agencies before you can avail of a service. Till date, however, there is no nationally accepted, verified identity number that both residents and agencies can use with ease and confidence.

As a result, every time an individual tries to access a benefit or service, he or she must undergo a full cycle of identity verification. Different service providers also often have different requirements in terms of the documents that they demand, the forms that are required to be filled out for the information that they collect about an individual.

The Unique Identification (UID) project is undoubtedly among the biggest e-governance projects that the Government of India has taken up. Its mandate is nothing less than to issue a unique identification number to every resident in the country.

It’s not an easy task for largely unorganized state administrative departments to gather such an exhaustive volume of data but that is exactly what UID calls for. The project aims at creating a platform that will collect the identity details of every resident of India and subsequently perform identity authentication so that the UIC created can be used by government and commercial service providers. A key requirement of the UID system will be to reduce or eliminate duplicate identities to ensure effectiveness of service delivery. Today citizen use multiple ID proof documents including ration card, voter’s id, driving license, BSNL/MTNL telephones bills or utility bills.

This is probably the first time that the Government of India is implementing such a humongous e-governance project of such a magnitude with different contemporary technology standards for various e-governance applications in the areas of biometrics, personal identification and location codification standards. Committees have been set-up in respective categories to carry out the apt application of these mission-critical e-governance standards.

With the first set of UIDs slated to be issued between August 2010 and February 2011, UIDAI seems to be speeding up the process of roll-outs. Nandan Nilekani, the head of this project, said, “I expect the first set of UIDs will be rolled out between August 2010 and February 2011 but no word of mine can be taken as a final announcement as it is all at the PowerPoint presentation stage now.”

UIDAI has selected biometrics as the primary mechanism to check for duplicate identities that have plagued India for a long time now. In order to ensure that an individual is uniquely identified in an easy and cost-effective manner, it has become necessary to ensure that the captured biometric information can be used to weed out duplicates. As a result, for the government and for commercial providers to validate a person’s identity at the time of service delivery, it is necessary that biometric information be captured and transmitted in a standardized fashion across partners and users of the UID system.

As the UIDAI proposes to use biometrics for weeding out duplicates and verification or authentication, it becomes necessary to review the applicability and sufficiency of these standards in UID applications. It may also be necessary to enhance or clarify these standards, and frame the methodology for the implementation of biometrics to ensure that it serves the specific requirements of the Authority.

The UID project is believed to open up a revenue stream of Rs. 15,000-20,000 crores for the major IT companies dealing with technologies like biometrics, databases, smart cards, hardware and software, logistics, IT services, storage and system integration.

Biometric technologies to be used in UID

Nilekani had earlier pointed out that it is tough to go through innumerable computing challenges in creating the largest biometric database to date. He added, “There will be a thousand challenges to the research community as it will be the biggest biometric data base that has ever been made.”

The UIDAI’s aim of providing assurance of uniqueness across the world’s second largest population of over 1.2 billion definitely commands the biometrics goal of minimizing the False Acceptance Rate (FAR) within technological and economic constraints.

The basic difference here is that similar technologies used in similar e-governance projects in some developed countries have had to address a population much smaller than that of India’s. In other countries, the size of the population requires a database of tens of millions. The True Acceptance Rate or TAR of 99% is reported in the test of a commercial system’s performance. Two factors however raise uncertainty on the extent of accuracy achievable through fingerprints—first, the scaling of database size from fifty million to a billion has not been adequately analyzed. Secondly, the fingerprint quality, the most important variable for determining accuracy, has not been studied in depth in the Indian context.

The UIDAI biometrics committee has been constituted to provide the UIDAI with direction on biometrics standards, best practices and recommendations on the biometric modalities for the UID system.

The objective of these biometrics specifications is to ensure consistent, good quality biometric images and reliable interoperability across biometric capture devices, capture software and UID service delivery.

The success of UID system implementation is largely based on its capability to identify and do away with duplicate identities during the enrollment process itself. The primary method for detecting duplicates will be through the comparison of the biometric feature set, which requires consistent and high quality images.

The biometrics will be captured for authentication by government departments and commercial organizations at the time of service delivery. They will customarily use capture devices and biometric software vendors different from the devices and software used by UIDAI. Therefore, there is a need for these biometric standards in order to ensure reliable interoperability at a reasonable cost during the authentication phase which will help UIDAI achieve its objective.

Nevertheless, there is a growing concern here, one that is addressable though. The question here is, ‘What set of standards will actually ensure a robust interoperability between devices and IT systems?’ There are some prominent agencies that publish biometrics standards like ANSI, INCITS, CEN, Oasis and ISO. The question was never whether a standard is to be followed or not. The question was always about which standard would align with the requirements and complications of multi-body functioning and the present state of biometrics in India. Finally, the committee zeroed in on the ISO standard as it aligns with the charter of each body. Within the ISO body of biometrics standards, the UIDAI will use data format standards which are believed to be supported by vendors as it is extensively used across industries.

There are technical groups assigned to collect fingerprints and analyze quality. Based on extensive empirical results compiled and a first cut of Indian data analyzed, some categorization has been made. Firstly, UIDAI claims that it can obtain fingerprint quality comparable to that seen in developed countries. Also, there is sufficient evidence to suggest that fingerprint data from rural India may be as good as elsewhere when proper operational procedures are followed and high quality devices are used. There is also data to suggest that quality drops precipitously unless sufficient attention is paid to operational processes.

Improving the process or identifying and removing duplicates will definitely depend on the use of demographic data and biometric information. For example, when a duplicate is suspected, there would be a manual review of all available information about the person as well as a review of the relevant demographic data.

Face, fingerprint and iris recognition are commonly used in various types of ID cards and public acceptance for such biometric identifiers is widespread.

Face recognition systems are the least intrusive among biometric sampling systems, requiring no contact or even awareness of the subject. Fingerprints are easily sampled with low-cost fingerprint scanners. They can also be sampled by traditional low-tech means and then cheaply and easily converted into digital images.

The iris is the annular region of the eye which is widely believed to be the most accurate biometric, especially when it comes to FAR. The iris sample acquisition is done without physical contact and without too much inconvenience to the person whose iris image is being acquired.

A recently published committee report said that in the data analyzed, 2-5% of subjects did not have biometric records. Missing biometrics is a license to commit fraud. It is believed that the failure is due to poorly designed processes. The enrollment process when examined had loopholes which prevented it from detecting such omissions.

The biometric software needs to be tuned to local data. Un-tuned software can generate additional errors in the range of 2-3%.

Technology architecture

The technological architecture is critical to the success of the UID system. The architecture is primarily based on high-level assumptions as it has been structured to ensure clear data verification, authentication and removal of duplicates without compromising the privacy and information security aspects.

The basics of the system architecture lies in the Central ID Data Repository (CIDR) which will be the central database for all residents, containing the minimal set of fields sufficient to confirm identity. The amalgamated set of databases belonging to the registrars may contain additional information about the resident, and can use the resident’s UID as the key.

Some of the key technology components of the UID system are the UID server, biometric sub-system, enrollment client application, network, security design and the administrative system.

The UID server will take care of enrollment and the authentication services will be available over the network for the various registrars and their authenticating agencies to use. The backend servers have to be configured for the high demands of the 1:N biometric weeding out as well as the large peak loads from authentication requests.

The biometric sub-system is also critical for enrolling as well as authenticating residents. The 1:N reduction and elimination of duplicates foreseen will be by far the most computing-intensive operation. Innovative techniques of hashing, indexing, distributed processing and in-memory databases using multiple biometric modes need to be employed to get acceptable levels of performance.

The enrollment client application will capture and validate demographic and biometric data. The client needs to work in an offline mode in the village setting when there is no Internet connectivity, and upload batch files to the server for processing. The client application will be deployed on a standard enrollment workstation.

The network is a critical aspect of the system, since all UID enrollment and authentication services will be available online. UID services could work over a secure WAN, the Internet or over mobile SMS channels. It could also potentially work over existing networks such as credit-card POS (point-of-service) devices.

UIDAI has taken a hard look at the security design. Even as the resident information is stored and identity confirmed to authenticating agencies, it will have to ensure the security and privacy of the information.

By linking an individual’s personal, identifying information to a UID, the UIDAI will be creating a transaction identity for each resident that is both verified and reliable. This means that the resident’s identity will possess value, and help transfer money and other resources etc.

Such information will have to be protected. The loss of this information will put the resident’s financial and other assets, as well as reputation, when the resident is a victim of identity theft, at risk.

To avoid this eventuality, UIDAI has charted out a robust security design that will secure all the technology components from logical or physical attack. Firstly, it is server security which includes a firewall, along with intrusion prevention and detection systems (IPS, IDS). On top of this, there will be network and client security that includes encryption, PKI that ensures complete encryption of information transmitted over the network and stored in the database or on the card.

Lastly, one more key technology component is the administration system which will help administer the UIDAI’s operations including account set-up for creating or modifying the registrar’s details, enrolling and authenticating agency accounts; role-based access control to assign rights over UID resources based on role; audit trails to track every access to the UID system; fraud detection to detect identity theft and cyber crimes using audit trails; and reporting and analytics as well as visual decision support tools for activities like GIS and charting.

Partnership with private players

There is a government-private partnership model that UIDAI is leveraging. The existing infrastructure of government and private agencies across India will work together to execute the process covering all the key technology components of issuing and maintaining UIDs. The UIDAI will also partner with service providers for authentication.

UIDAI plans to issue 600 million UIDs over the next five years with an allocated sum of Rs. 120 crores in the previous year’s budget and Rs. 1,900 crores in this year’s.

About 25-30 companies had participated in the pre-bid conference at Bangalore earlier this year.

IT companies such as TCS, Wipro, MindTree, Accenture IBM, Mahindra Satyam, HCL Technologies and Infosys Technologies are expected to get some piece of the UID cake as most of these players have expertise and experience of working in e-governance. For example, Wipro has bagged the Employees’ State Insurance Corporation project which has been valued at over Rs. 2,000 crores. TCS has also bagged the ePassport Project valued at Rs. 1,000 crores.

MindTree has reportedly won the Application Development Services (ADM) contract for UID. This is the first of the many IT projects that have come up for bidding. MindTree will team up with the technology team of UIDAI in building the UID application. The company is also expected to carry out the ongoing services of developing and enhancing the core UIDAI application.

The ADM multi-crore project will cover the end-to-end application lifecycle—from design, development, testing, maintenance to support and help desk services from the UIDAI’s Bangalore Technology Centre.

In January 2010, UIDAI invited bids floating the request for proposal for design, development, testing, integration, support and maintenance of UID application software.

Training players like NIIT and Aptech are in the race to win the training tender announced by the authority to train over one lakh enrolling agents. The UIDAI plans to train about 1.04 lakh agents across major cities in the country over the next four years.

During a recent visit to Bangalore at Microsoft Research India's annual research symposium, Nilekani hinted on Microsoft Research’s participation in the research and development activities of UID.

Nilekani said “I am looking forward to work with researchers on technologies like multi-lingual computing and biometrics. Microsoft, having such a strong commitment on research, can definitely help in the UIDAI project.”

He indicated that Microsoft Research would be taking active part in implementing this project.

Nilekani also pointed out that there would be a thousand challenges for the research community as this will be the biggest biometric database ever.

subhankar.kundu@expressindia.com

 


Untitled Document
Untitled Document

FEEDBACK: We would love to hear from you -- what you like about our content, what you dont, and even how you think we can improve. Please send your feedback to: prashant.rao@expressindia.com

© Copyright 2001: The Indian Express Limited. All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of The Indian Express Limited. Site managed by BPD.