technology_on_aadhaar.pdf

7/27/2019 Technology_on_Aadhaar.pdf

1/59

Technology behind Aadhaar

Unique Identification Authority of

Indiawww.uidai.gov.in

Tampa, 20 th September 2012
http://www.uidai.gov.in/http://www.uidai.gov.in/


2/59

Agenda

Aadhaar at a Glance Technology Strategy Architecture

Enrollment Process Status

Authentication Fingerprint PoC Iris Poc

Conclusions


3/59


4/59

India

1.2 billion residents 640,000 villages, ~60% lives under $2/day ~75% literacy,


5/59

Vision

Create a common national identity for everyresident Biometric backed identity to eliminate duplicates

Verifiable online identity for portability

Applications ecosystem using open APIs Aadhaar enabled bank account and payment

platform Aadhaar enabled electronic, paperless KYC

5


6/59

Issue unique IDs

Property of UIDAI - Highly confidential6

UID = 1568 3647 4958 6218

UID Unique number Random number

Basic demographic data andbiometrics stored centrally

Central UID database

Standardized identity attributes

No duplicates(1:N check)

Flexibility to partners on KnowYour Resident (KYR)+

Name

Parents

Gender

DoB

PoB

Address


7/59

and authenticate IDs online, real -time

7

UID = 1568 3647 4958 6218

Central UID database1:1 check, no ID fraud

Only YES/NO response, no details no invasion of privacy

Person can see self-details, no one else can

Authentication - Are youwho you claim to be?


8/59

Context of UIDs in India Technology Strategy Architecture Enrollment

Process Status


Conclusions


9/59

Consultation & Standards

Biometric Standards Demographic data standards and verification

procedure

Process (90 days) Representation from agencies, academic and

industry

Standardization on modalities and data formats


10/59

PoC to Determine Enrollment Process

Three states, 10s of villages Rural areas emphasized

Data collected in 2 sessions from 75K people Capture time is 4 min. Spread is 50% Social customs are not a major problem

Zero FTE is possible De-duplication of 1.2 B possible through 10

finger prints and dual irises


11/59


12/59

Overall Strategy Best of breed through standards & open source Sourcing from multiple suppliers Leverage market forces for technology improvement Create national standards wherever necessary

through extensive consultation Build eco-system

Device certification Operator certification Empanelment of enrollment agencies IT and other suppliers training for state level reengineering

apps Conduct field test to validate assumptions


13/59


14/59


15/59


Process Status


Conclusions


16/59

Architecture Principles Design for scale

Every component needs to scale to large volumes Millions of transactions and billions of records Accommodate failure and design for recovery

Open architecture Use of open standards to ensure interoperability Allow the ecosystem to build libraries to standard APIs

Use of open-source technologies wherever prudent Security

End to end security of resident data Use of open source Data privacy handling (API and data anonymization )16


17/59

Designed for Scale

Horizontal scalability for all components Open Scale -out is the key Distributed computing on commodity hardware Distributed data store and data partitioning

Horizontal scaling of data store a must! Use of right data store for right purpose

No single point of bottleneck for scaling

Asynchronous processing throughout the system Allows loose coupling various components Allows independent component level scaling

17


18/59

Open Architecture

Aadhaar Services Core Authentication API and supporting Best

Finger Detection, OTP Request APIs

New services being built on top Aadhaar Open Standards for Plug-n-play

Biometric Device API

Biometric SDK API Biometric Identification System API Transliteration API for Indian Languages

18


19/59

Open Standards & specs

Open Source Biometric Standards UID Specifications

Hadoop ISO 19794-X Enrolment Device

HBase CBEFF Authentication Device

MySQL MINEX

Mongo DB IREX

RabbitMQ PIV - FP

BI: Hive


20/59

Security & Data Privacy

Encryption of Enrollment Packet

Decrypted packet never stored on disk

Biometric images archived logically offline

Data anonymized from ABIS vendors Only store templates and not raw images

Data Centre Security DMZ, firewalls, IDS, IPS


21/59


Process Status


Conclusions


22/59

Enrollment Process


23/59


24/59

NOC for Enrolment Monitoring


25/59

UID Middleware

Standardization of the ABIS interface Highly distributed, concurrent, fault tolerant

architecture Continuous unit and accuracy testing on the

production system Test using real data (probes representative) No information is provided to ABISs to distinguish

probes from real data Continuous testing of data integrity

System management, monitoring and diagnostics


26/59


27/59

99.943%


28/59

E l V l


29/59

Enrolment Volume 600 to 800 million UIDs in 4 years

1 million a day

200+ trillion matches every day!!! ~5MB per resident

Maps to about 10-15 PB of raw data (2048-bit PKIencrypted!)

About 30 TB I/O daily Replication and backup across DCs of about 5+ TB of

incremental data every day Lifecycle updates & new enrolments will continue for ever

Additional process data Several million events on an average moving through async

channels (some persistent and some transient) Needing complete update and insert guarantees across

data stores29

E l h i ll h


30/59

60+ registrars - StateGovernments, Banks, IndiaPost, Financial Institutionsetc

60,000+ activeEnrolment stations

Represents geographieswith registered stations

Enrolments happening all over the country


31/59


32/59

Enrollment Quality - Definitions

Methodology Quality metrics embedded in enrollment packet Face: ICAO-- (slightly relaxed)

FP: Poor quality when there is at least one fingerwith NFIQ >3 in each of three slaps (4, 4, 2)

Iris: Poor quality when Irisness score < 50(proprietary)


33/59

Enrolment Quality - Results

Govt. Policy - everyone must be enrolled ieFTE=0%

Biometric FTE: 0.14% (no FP & Iris captured) Poor Quality FP & Iris: 0.23% Poor Quality

FP: 2.9% , Iris: 3.0%


34/59


35/59

Multi ABIS Multimodal Results FPIR

Probe size: 4M False rejects: 2,309 FNIR

Probe size: 32,000 False accept: 11

FPIR:0.057% FNIR:0.035%

NIST 7112 Ten FP Results FPIR: 0.035% @ Gallery= 1 Million

@ Gallery = 84 Million

Multiple modality provides similar accuracyfor 100X larger gallery


36/59

De-duplication Conclusion

Competitive advantage of using 3 ABIS & SDKs

Continuous FPIR/FNIR measurements

Possible to maintain low FPIR/FNIR over wide

range of gallery size


37/59


Process Status


Conclusions


38/59

38

Name, gender, DoB, Age,Address, Mobile, Email,

YESOR

NO

Authentication


39/59

Why is Biometric Authenticationchallenging?

Inclusiveness Cant deny benefits.

Diverse subjects Manual labor Senior and children benefit programs

Interoperability under open architecture Enrollment done using 11 different devices 30+ single FP scanners & extractors

8+ iris mobile cameras Mobile GPRS network Variety of applications 1st in the world to operate on-line Auth.


40/59

Thumb: Enrollment & Verification

Slap Scanner for enrolmentSingle Finger Auth Device


41/59


42/59


43/59

Throughput Performance

10 million authentications in 10 hours Average response time around 200

milliseconds or 295 concurrent requests/sec. Performance test environment consisted of

15 blade servers including database servers,biometric matching servers, messaging server,

caching servers, and audit logging servers. Configuration: x86 Linux dual CPU 6-core.


44/59

FP Conclusions

Achievable Accuracy (for 98.2% of population) FRR < 1% with two best finger fusion FRR < 2.5% with one best finger

Device Certification More selective devices improve FRR by 2X Placement guide can also improve FRR materially PIV compliance insufficient indicator FAP 20 very useful

Field accuracy test should be part of device certification Throughput of 1M/hr is easily achievable


45/59


Process Status


Conclusions

P f f C i i


46/59

Proof of Concept- iris Objective- the feasibility of using iris modality for on-

line authentication Coverage/ Accuracy/Readiness Set-up

4 single eye, 4 dual-eye cameras Every resident verifies on ALL devices Production system & network 5,000 subjects semi-rural location

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

India

Mysore

Poc

18

18

9

78

77

83

4

5

8

6-15 years

16-65 years

66 and above

2X Seniors


47/59

Coverage

Over 99.5% population coverage is possiblefor on-line iris authentication

95.89

3.32 0.79Single-eye cameras

Authenticatedin first try

Authenticatedin multipletriesFailed(FTC+FRR) 99.29

0.11 0.6Dual-eye cameras


48/59

50% of Failures (FRR, FTC) due to

Intra CapsularCataract Extraction(ICCE) &

Other types of surgery

Special eyeconditions


49/59

Accuracy

High accuracy is possible using both single eyeand dual eye cameras Use of second IRIS improves accuracy by 3%

Auth mode Single eye camera Dual eye camera

Single eye 96.21% N/A

Two eye 99.54% 99.73%


50/59

Flat Error Curve (DET)

Uniquely suitable for high security application

0.46%

0.34% 0.33% 0.31%

0.27% 0.23% 0.22% 0.21%

0.00%

0.20%

0.40%

0.60%

0.80%

1.00%

1.00E-06 1.00E-05 1.00E-04 1.00E-03

F

R R

FAR

Iris DET (2 Iris, 2 Attempts)

Single IRIS Camera Dual IRIS Camera


51/59


52/59

Observations

Two irises authentications provide significantimprovement in accuracy and coverage overone iris.

Second attempt only marginally improvesaccuracy.

Focus, motion blur or gaze not a major sourceof false rejects (Matcher 2 seemed tocompensate for it)


53/59

Device Observations Device ergonomics affects Better capture aid for operator and residents

can significantly improve image capture Actionable feedback

visual aid (LCD on camera, slit for operator forfocus)

Appropriate visible light source cameras that blockambient light .

Improved capture algorithm for special eyeconditions

KIND 7 image formats


54/59


55/59

Feasibility of FP or Iris authentication

Clearly viable in Indian context High (> 98%) coverage and >99% accuracy

achievable with 2 fingers or irises.

Variety of devices available Iris suitable for children and high security (low

FAR) apps. Median Transaction time < 60 secs. 1M/ hour sustained rate easy to achieve Capture can be improved through capture aids.


56/59

Context of UIDs in India Technology Strategy

Architecture Enrollment

Process Status


Conclusions


57/59


58/59

Conclusions

Standardize for vendor and technology neutrality Process standards Technology standards (APIs) and certification

Multi-vendor , multi-modal approach Use of open source

Ecosystem approach to scaling Security and privacy by design Data driven analytics for transparency and

continuous improvement

58


59/59

Thank You

technology_on_aadhaar.pdf

Documents