Front End, User Management and Role management:

a Who can generate Initiation vectors

b Who can initiate and approve key change activity

-VAULT
c What kind of reference key to use
d The i-VAULT would also provide a web service and a front end which can be
used in Branches or any other Bank's offices to validate stored Aadhaar
Number against the given customer details
Aadhaar Data Vault
Data in i-VAULT:
Need for Aadhaar Data Vault:
a The secure web service would take Aadhaar Number as the input and encrypt it
In order to enhance security level by reducing footprints for storing Aadhaar
with key stored in HSM and encrypted Aadhaar Number would be securely
numbers with the dealing organizations, it has been mandated that all AUAs /
stored in i-VAULT
KUAs / Sub-AUAs and other entities that are collecting and storing Aadhaar
b Deletion / Updation of Aadhaar number and corresponding data if required,
number for specific purposes under Aadhaar Act 2016, shall start displaying a
can be done through secured process
substitute value called “Reference Key”. The Reference Key will be generated
c UID Token assigned to each Aadhaar no will be mapped and stored in the vault
and mapped to Aadhaar number through tokenization process and both values
d Any other customer details as required can be mapped and stored in the vault
will be stored in a separate database, “Aadhaar Data Vault” (i-VAULT)
Access Controls:
To further strengthen privacy and security of Aadhaar number holders, UIDAI has
a Provides access controls (for eg white-listing of IPs, user id and password, etc)
introduced use of Virtual ID (16 digit temporary revocable value), implementation
b Only trusted communications will be permitted in and out of the vault.
of limited KYC (wherever applicable) and UID Token (72 digit unique irrevocable
value). Virtual id (VID) can be generated by Aadhaar number holder only and can
Customer Tables:
be used as substitute value for Aadhaar number. Since VID is a temporary value,
a Any new Aadhaar number captured and authenticated will pass through
each entity (AUA / KUA) would maintain unique UID token mapped to the
i-VAULT for fetching / generation of Reference key.
Aadhaar numbers of the entity's customers in the Vault.
b The reference key will replace the Aadhaar values stored in all customer tables.
c Bulk request facility for Reference Key Generation supported for all existing
Introduction of i-VAULT:
Aadhaar number in CBS / customer tables.
i-VAULT solution developed by IDBI Intech is a complete solution which meets the
UIDAI guidelines as per circular no. 11020/205/2017 dated on 25.07.2017. It
Transactions:
further enhances the scope to include Aadhaar based authentication / eKYC /
a During transaction process, the Aadhaar number will pass through i-VAULT to
OTP request transactions through VID / UID Token values via an optional
fetch reference key. This Reference key will replace the Aadhaar number / UID
Middleware system. The middleware system is flexible and robust enough to
Token / VID in the transaction details and transaction logs
accommodate any changes in NPCI / UIDAI specifications for Aadhaar eKYC /
b The solution would expose a secure web service for the application connecting
OTP Request / authentication transactions.
UIDAI / NPCI / any other ASA directly or through any middleware.
Objective

To address and comply with the guidelines laid down by UIDAI for
An interface between different applications and i-VAULT.
Aadhaar Data Vault
To accommodate the centralized changes in Aadhaar based transactions Will accept the Aadhaar Data, transmit it to i-VAULT, fetch Reference Key for
Aadhaar Number and transmit the reference keys to respective applications
Features of Middleware

without making alternate changes in respective applications

Use of Middleware will eliminate the need to make changes in backend
To provide desired output with effective access controls in place processes for different applications

Features of i-VAULT: Highly Scalable and Robust

Reference Key Generation: Validation of any XML / ISO message format for eKYC / Auth / OTP based
a Any 12 Digit unique reference number transactions through Middleware as per latest requirements of UIDAI / NPCI /
b User defined alpha numeric / numeric values of any length any other ASA
c Mapping of reference key and Aadhaar number maintained in i-VAULT
The middleware will support the API specifications released periodically by
d If reference key already exists for the input value (Aadhaar Value), the Vault
UIDAI / NPCI / Any other ASA and incorporate the same within defined
returns the existing mapped reference key
timelines

Key Generation: No data will be stored in Middleware after processing the transactions
a Key Changing based on N level Approvals in the system
b Immediate or Scheduler based
c Auto key generation
Customer App UIDAI
Request
d Real time based zero down time approach with check (eKYC/Auth/OTP)
Aadhaar No./VID
sum and renaming of table Application Response
(eKYC/Auth/OTP)

Application Authentication based on initial Vector: Transaction input with Transaction output /
Aadhaar No./VID/UID Token Sends mapped Reference Key
a Initial vector is sent by SMS based on approvals
b Vector is stored in encrypted form Middleware
c Vector can be bound to IP
Request: Reference Key Response: Reference Key
Generation/Fetching
Logging and Log reading:
a Middleware will log all activities i-VAULT
b Logs will be maintained in XML format daywise
c Logs will be encrypted using standard encryption algorithm Encryption of
Aadhaar values
HSM Tokenisation Aadhaar number’s
tokenized values
d Log Reading during investigation will have a front end
access for user to check logs
Manager stored in data vault

For enquiries on our offerings,

Please get in touch with our Business Development Team
Email: business.solutions@idbiintech.com IDBI Intech Ltd., IDBI Bldg., Plot No. 39-41, Sector 11,
Tel: +91-22 39148000 | Mobile: +91 9152 781 613 CBD Belapur, Navi Mumbai 400614. | www.idbiintech.com