Is UIDAI moving towards multi-finger authentication?

Through it’s circular on Face Authentication (Face Auth) dated 15th Jan, 2018, UIDAI has mandated all AUAs / KUAs to integrate the Face Auth feature in their e-KYC platforms on or before 1st August, 2018.

As we saw in our earlier blog post, and as mentioned in UIDAI’s circular, UIDAI has clearly stated that Face Auth will be allowed only with one more authentication factor – Fingerprint or Iris. Simply put, Face Auth can be initiated only through a two-factor authentication (2FA) mechanism under which e-KYC can be done through Face + Fingerprint authentication or Face + Iris authentication.

As of now, UIDAI has proposed that only one fingerprint scan (i.e. of any one finger / thumb) + Face Auth will be sufficient to meet the two-factor authentication criteria.

However, according to reliable sources, UIDAI plans to enhance the role of Fingerprint scan in the two-factor authentication process by introducing Fusion Auth i.e. Fingerprint scan of any 2 fingers, w.e.f. 1st August, 2018. This means, that starting 1st August, Face Auth-based e-KYC transactions would involve Face + Any 2 Fingerprints’ authentication or Face + Iris authentication.

Sounds complex? Allow us to simplify this for you.

While the current APIs provided by UIDAI supports Fusion Finger Auth (i.e. acceptance of fingerprint scans of all 10 fingers), as on date UIDAI has kept it as an optional feature. However w.e.f. 1st August, 2018, Fusion Authentication would be pushed as a default / mandatory feature by UIDAI from their backend and therefore 2-Finger Authentication would become a mandatory feature.

A pertinent question that remains to be answered is whether UIDAI plans to make 2-Finger Authentication mandatory just for Face Auth or will they make it mandatory for regular Fingerprint-based e-KYC transactions too? And if 2-Finger Auth is made mandatory for regular Fingerprint-based e-KYC transactions, will this entail any changes in the backend / front-ending interfaces of AUAs / KUAs?

Well, yes it will.

Once UIDAI makes 2-Finger Auth mandatory, AUAs / KUAs will need to incorporate the below 3 changes in their systems:

1. Modify the front-ending applications to enable capturing of 2-Finger biometrics.

2. Integrate with the new RD services’ SDKs that will be released by the biometric vendors (UIDAI had asked RD device vendors to be ready with the same by 10.07.2018).

3. Flag the transaction in the backend while sending it to UIDAI to indicate that the same is a 2-Finger Auth transaction.

Apart from this, we believe that AUAs / KUAs may not be required to make any additional infrastructural changes in their existing setup.

We believe that this ecosystem shall be further optimized by UIDAI at a later stage by the introduction of Challenge Response Auth i.e. capture specific fingerprint scans e.g. only 2 index fingerprints, only 2 thumbprints, etc.

If 2-Finger Auth / Challenge Response Auth is made mandatory for regular fingerprint-based e-KYC transactions too, the actual last-mile customer acquisition transaction will be slightly elongated as compared to the current one.

Until UIDAI doesn’t come up with a formal announcement, let’s keep our fingers crossed hoping that the AUAs / KUAs will not be required to re-haul their existing setup.

Regards

Team ECS.

Leave a Reply

Your email address will not be published. Required fields are marked *