technology_on_aadhaar.pdf
TRANSCRIPT
-
7/27/2019 Technology_on_Aadhaar.pdf
1/59
Technology behind Aadhaar
Unique Identification Authority of
Indiawww.uidai.gov.in
Tampa, 20 th September 2012
http://www.uidai.gov.in/http://www.uidai.gov.in/ -
7/27/2019 Technology_on_Aadhaar.pdf
2/59
Agenda
Aadhaar at a Glance Technology Strategy Architecture
Enrollment Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
3/59
-
7/27/2019 Technology_on_Aadhaar.pdf
4/59
India
1.2 billion residents 640,000 villages, ~60% lives under $2/day ~75% literacy,
-
7/27/2019 Technology_on_Aadhaar.pdf
5/59
Vision
Create a common national identity for everyresident Biometric backed identity to eliminate duplicates
Verifiable online identity for portability
Applications ecosystem using open APIs Aadhaar enabled bank account and payment
platform Aadhaar enabled electronic, paperless KYC
5
-
7/27/2019 Technology_on_Aadhaar.pdf
6/59
Issue unique IDs
Property of UIDAI - Highly confidential6
UID = 1568 3647 4958 6218
UID Unique number Random number
Basic demographic data andbiometrics stored centrally
Central UID database
Standardized identity attributes
No duplicates(1:N check)
Flexibility to partners on KnowYour Resident (KYR)+
Name
Parents
Gender
DoB
PoB
Address
-
7/27/2019 Technology_on_Aadhaar.pdf
7/59
and authenticate IDs online, real -time
7
UID = 1568 3647 4958 6218
Central UID database1:1 check, no ID fraud
Only YES/NO response, no details no invasion of privacy
Person can see self-details, no one else can
Authentication - Are youwho you claim to be?
-
7/27/2019 Technology_on_Aadhaar.pdf
8/59
Context of UIDs in India Technology Strategy Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
9/59
Consultation & Standards
Biometric Standards Demographic data standards and verification
procedure
Process (90 days) Representation from agencies, academic and
industry
Standardization on modalities and data formats
-
7/27/2019 Technology_on_Aadhaar.pdf
10/59
PoC to Determine Enrollment Process
Three states, 10s of villages Rural areas emphasized
Data collected in 2 sessions from 75K people Capture time is 4 min. Spread is 50% Social customs are not a major problem
Zero FTE is possible De-duplication of 1.2 B possible through 10
finger prints and dual irises
-
7/27/2019 Technology_on_Aadhaar.pdf
11/59
-
7/27/2019 Technology_on_Aadhaar.pdf
12/59
Overall Strategy Best of breed through standards & open source Sourcing from multiple suppliers Leverage market forces for technology improvement Create national standards wherever necessary
through extensive consultation Build eco-system
Device certification Operator certification Empanelment of enrollment agencies IT and other suppliers training for state level reengineering
apps Conduct field test to validate assumptions
-
7/27/2019 Technology_on_Aadhaar.pdf
13/59
-
7/27/2019 Technology_on_Aadhaar.pdf
14/59
-
7/27/2019 Technology_on_Aadhaar.pdf
15/59
Context of UIDs in India Technology Strategy Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
16/59
Architecture Principles Design for scale
Every component needs to scale to large volumes Millions of transactions and billions of records Accommodate failure and design for recovery
Open architecture Use of open standards to ensure interoperability Allow the ecosystem to build libraries to standard APIs
Use of open-source technologies wherever prudent Security
End to end security of resident data Use of open source Data privacy handling (API and data anonymization )16
-
7/27/2019 Technology_on_Aadhaar.pdf
17/59
Designed for Scale
Horizontal scalability for all components Open Scale -out is the key Distributed computing on commodity hardware Distributed data store and data partitioning
Horizontal scaling of data store a must! Use of right data store for right purpose
No single point of bottleneck for scaling
Asynchronous processing throughout the system Allows loose coupling various components Allows independent component level scaling
17
-
7/27/2019 Technology_on_Aadhaar.pdf
18/59
Open Architecture
Aadhaar Services Core Authentication API and supporting Best
Finger Detection, OTP Request APIs
New services being built on top Aadhaar Open Standards for Plug-n-play
Biometric Device API
Biometric SDK API Biometric Identification System API Transliteration API for Indian Languages
18
-
7/27/2019 Technology_on_Aadhaar.pdf
19/59
Open Standards & specs
Open Source Biometric Standards UID Specifications
Hadoop ISO 19794-X Enrolment Device
HBase CBEFF Authentication Device
MySQL MINEX
Mongo DB IREX
RabbitMQ PIV - FP
BI: Hive
-
7/27/2019 Technology_on_Aadhaar.pdf
20/59
Security & Data Privacy
Encryption of Enrollment Packet
Decrypted packet never stored on disk
Biometric images archived logically offline
Data anonymized from ABIS vendors Only store templates and not raw images
Data Centre Security DMZ, firewalls, IDS, IPS
-
7/27/2019 Technology_on_Aadhaar.pdf
21/59
Context of UIDs in India Technology Strategy Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
22/59
Enrollment Process
-
7/27/2019 Technology_on_Aadhaar.pdf
23/59
-
7/27/2019 Technology_on_Aadhaar.pdf
24/59
NOC for Enrolment Monitoring
-
7/27/2019 Technology_on_Aadhaar.pdf
25/59
UID Middleware
Standardization of the ABIS interface Highly distributed, concurrent, fault tolerant
architecture Continuous unit and accuracy testing on the
production system Test using real data (probes representative) No information is provided to ABISs to distinguish
probes from real data Continuous testing of data integrity
System management, monitoring and diagnostics
-
7/27/2019 Technology_on_Aadhaar.pdf
26/59
-
7/27/2019 Technology_on_Aadhaar.pdf
27/59
99.943%
-
7/27/2019 Technology_on_Aadhaar.pdf
28/59
E l V l
-
7/27/2019 Technology_on_Aadhaar.pdf
29/59
Enrolment Volume 600 to 800 million UIDs in 4 years
1 million a day
200+ trillion matches every day!!! ~5MB per resident
Maps to about 10-15 PB of raw data (2048-bit PKIencrypted!)
About 30 TB I/O daily Replication and backup across DCs of about 5+ TB of
incremental data every day Lifecycle updates & new enrolments will continue for ever
Additional process data Several million events on an average moving through async
channels (some persistent and some transient) Needing complete update and insert guarantees across
data stores29
E l h i ll h
-
7/27/2019 Technology_on_Aadhaar.pdf
30/59
60+ registrars - StateGovernments, Banks, IndiaPost, Financial Institutionsetc
60,000+ activeEnrolment stations
Represents geographieswith registered stations
Enrolments happening all over the country
-
7/27/2019 Technology_on_Aadhaar.pdf
31/59
-
7/27/2019 Technology_on_Aadhaar.pdf
32/59
Enrollment Quality - Definitions
Methodology Quality metrics embedded in enrollment packet Face: ICAO-- (slightly relaxed)
FP: Poor quality when there is at least one fingerwith NFIQ >3 in each of three slaps (4, 4, 2)
Iris: Poor quality when Irisness score < 50(proprietary)
-
7/27/2019 Technology_on_Aadhaar.pdf
33/59
Enrolment Quality - Results
Govt. Policy - everyone must be enrolled ieFTE=0%
Biometric FTE: 0.14% (no FP & Iris captured) Poor Quality FP & Iris: 0.23% Poor Quality
FP: 2.9% , Iris: 3.0%
-
7/27/2019 Technology_on_Aadhaar.pdf
34/59
-
7/27/2019 Technology_on_Aadhaar.pdf
35/59
Multi ABIS Multimodal Results FPIR
Probe size: 4M False rejects: 2,309 FNIR
Probe size: 32,000 False accept: 11
FPIR:0.057% FNIR:0.035%
NIST 7112 Ten FP Results FPIR: 0.035% @ Gallery= 1 Million
@ Gallery = 84 Million
Multiple modality provides similar accuracyfor 100X larger gallery
-
7/27/2019 Technology_on_Aadhaar.pdf
36/59
De-duplication Conclusion
Competitive advantage of using 3 ABIS & SDKs
Continuous FPIR/FNIR measurements
Possible to maintain low FPIR/FNIR over wide
range of gallery size
-
7/27/2019 Technology_on_Aadhaar.pdf
37/59
Context of UIDs in India Technology Strategy Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
38/59
38
Name, gender, DoB, Age,Address, Mobile, Email,
YESOR
NO
Authentication
-
7/27/2019 Technology_on_Aadhaar.pdf
39/59
Why is Biometric Authenticationchallenging?
Inclusiveness Cant deny benefits.
Diverse subjects Manual labor Senior and children benefit programs
Interoperability under open architecture Enrollment done using 11 different devices 30+ single FP scanners & extractors
8+ iris mobile cameras Mobile GPRS network Variety of applications 1st in the world to operate on-line Auth.
-
7/27/2019 Technology_on_Aadhaar.pdf
40/59
Thumb: Enrollment & Verification
Slap Scanner for enrolmentSingle Finger Auth Device
-
7/27/2019 Technology_on_Aadhaar.pdf
41/59
-
7/27/2019 Technology_on_Aadhaar.pdf
42/59
-
7/27/2019 Technology_on_Aadhaar.pdf
43/59
Throughput Performance
10 million authentications in 10 hours Average response time around 200
milliseconds or 295 concurrent requests/sec. Performance test environment consisted of
15 blade servers including database servers,biometric matching servers, messaging server,
caching servers, and audit logging servers. Configuration: x86 Linux dual CPU 6-core.
-
7/27/2019 Technology_on_Aadhaar.pdf
44/59
FP Conclusions
Achievable Accuracy (for 98.2% of population) FRR < 1% with two best finger fusion FRR < 2.5% with one best finger
Device Certification More selective devices improve FRR by 2X Placement guide can also improve FRR materially PIV compliance insufficient indicator FAP 20 very useful
Field accuracy test should be part of device certification Throughput of 1M/hr is easily achievable
-
7/27/2019 Technology_on_Aadhaar.pdf
45/59
Context of UIDs in India Technology Strategy Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
P f f C i i
-
7/27/2019 Technology_on_Aadhaar.pdf
46/59
Proof of Concept- iris Objective- the feasibility of using iris modality for on-
line authentication Coverage/ Accuracy/Readiness Set-up
4 single eye, 4 dual-eye cameras Every resident verifies on ALL devices Production system & network 5,000 subjects semi-rural location
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
India
Mysore
Poc
18
18
9
78
77
83
4
5
8
6-15 years
16-65 years
66 and above
2X Seniors
-
7/27/2019 Technology_on_Aadhaar.pdf
47/59
Coverage
Over 99.5% population coverage is possiblefor on-line iris authentication
95.89
3.32 0.79Single-eye cameras
Authenticatedin first try
Authenticatedin multipletriesFailed(FTC+FRR) 99.29
0.11 0.6Dual-eye cameras
-
7/27/2019 Technology_on_Aadhaar.pdf
48/59
50% of Failures (FRR, FTC) due to
Intra CapsularCataract Extraction(ICCE) &
Other types of surgery
Special eyeconditions
-
7/27/2019 Technology_on_Aadhaar.pdf
49/59
Accuracy
High accuracy is possible using both single eyeand dual eye cameras Use of second IRIS improves accuracy by 3%
Auth mode Single eye camera Dual eye camera
Single eye 96.21% N/A
Two eye 99.54% 99.73%
-
7/27/2019 Technology_on_Aadhaar.pdf
50/59
Flat Error Curve (DET)
Uniquely suitable for high security application
0.46%
0.34% 0.33% 0.31%
0.27% 0.23% 0.22% 0.21%
0.00%
0.20%
0.40%
0.60%
0.80%
1.00%
1.00E-06 1.00E-05 1.00E-04 1.00E-03
F
R R
FAR
Iris DET (2 Iris, 2 Attempts)
Single IRIS Camera Dual IRIS Camera
-
7/27/2019 Technology_on_Aadhaar.pdf
51/59
-
7/27/2019 Technology_on_Aadhaar.pdf
52/59
Observations
Two irises authentications provide significantimprovement in accuracy and coverage overone iris.
Second attempt only marginally improvesaccuracy.
Focus, motion blur or gaze not a major sourceof false rejects (Matcher 2 seemed tocompensate for it)
-
7/27/2019 Technology_on_Aadhaar.pdf
53/59
Device Observations Device ergonomics affects Better capture aid for operator and residents
can significantly improve image capture Actionable feedback
visual aid (LCD on camera, slit for operator forfocus)
Appropriate visible light source cameras that blockambient light .
Improved capture algorithm for special eyeconditions
KIND 7 image formats
-
7/27/2019 Technology_on_Aadhaar.pdf
54/59
-
7/27/2019 Technology_on_Aadhaar.pdf
55/59
Feasibility of FP or Iris authentication
Clearly viable in Indian context High (> 98%) coverage and >99% accuracy
achievable with 2 fingers or irises.
Variety of devices available Iris suitable for children and high security (low
FAR) apps. Median Transaction time < 60 secs. 1M/ hour sustained rate easy to achieve Capture can be improved through capture aids.
-
7/27/2019 Technology_on_Aadhaar.pdf
56/59
Context of UIDs in India Technology Strategy
Architecture Enrollment
Process Status
Authentication Fingerprint PoC Iris Poc
Conclusions
-
7/27/2019 Technology_on_Aadhaar.pdf
57/59
-
7/27/2019 Technology_on_Aadhaar.pdf
58/59
Conclusions
Standardize for vendor and technology neutrality Process standards Technology standards (APIs) and certification
Multi-vendor , multi-modal approach Use of open source
Ecosystem approach to scaling Security and privacy by design Data driven analytics for transparency and
continuous improvement
58
-
7/27/2019 Technology_on_Aadhaar.pdf
59/59
Thank You