Aadhaar Paperless Offline e-KYC

UIDAI provides a mechanism to verify identity of an Aadhaar number holder through an online electronic KYC service. The e-KYC service provides an authenticated instant verification of identity and significantly lowers the cost of paper based verification and KYC. However, this method of online e-KYC is not available to all agencies and may not be suitable due to some of the following reasons;

• 
  Online e-KYC requires reliable connectivity
• 
  Agency needs to have technical infrastructure to call online e-KYC service and deploy devices (as necessary)
• 
  The Aadhaar number holder may need to provide biometrics for the online e-KYC
• 
  UIDAI maintains a record of the KYC request for audit purposes

• 
  KYC data may be shared by the Aadhaar number holder directly without the knowledge of UIDAI.
• 
  Aadhaar number of the Aadhaar number holder is not revealed, instead only a reference ID is shared.
• 
  No core biometrics (fingerprints or iris) required for such verification
• 
  Aadhaar number holder gets a choice of the data (among the demographics data and photo) to be shared.

• 
  Aadhaar KYC data downloadable by Aadhaar number holder is digitally signed by UIDAI to verify authenticity and detect any tampering.
• 
  Agency can validate the data through their own OTP/Face Authentication.
• 
  KYC data is encrypted with the phrase provided by Aadhaar number holder allowing Aadhaar number holders control of their data.

• 
  Aadhaar Paperless Offline e-KYC is voluntary and Aadhaar number holder driven.
• 
  Any agency working with people can use it with consent of the Aadhaar number holder allowing wide usage.

Aadhaar number holders can obtain Aadhaar Paperless Offline e-KYC data through the following channels:

• 
  Download Aadhaar Paperless Offline e-KYC from mAadhaar portal https://myaadhaar.uidai.gov.in/en_IN
• 
  mAadhaar mobile application on a registered phone number
• 
  Inbound SMS using registered phone number
• 
  Aadhaar Seva Kendra using Biometric Authentication

While downloading/obtaining offline e-KYC data, following fields are included in the XML.

• 
  Aadhaar number holder Name
• 
  Download Reference Number
• 
  Address
• 
  Photo
• 
  Gender
• 
  DoB/YoB
• 
  Mobile Number (in hashed form)
• 
  Email (in hashed form)

Aadhaar Paperless Offline e-KYC data is encrypted using a “Share Phrase” provided by the Aadhaar number holder at the time of downloading which is required to be shared with agencies to read KYC data.

Aadhaar Paperless Offline e-KYC data may be provided to the verifying agency by the Aadhaar number holder in digital or physical format along with share phrase:

• 
  Digital Format: XML/PDF

  • This format is preferred when high quality photo is required
• 
  Printed Format: QR code

  • When Aadhaar number holder is more comfortable with a physically printed format
  • Low resolution photo for visual inspection only

The following will help Aadhaar number holders in getting a better understanding about the technical facets of Aadhaar Paperless Offline e-KYC.

Offline Paperless e-KYC when downloaded has the following XML :

Offline Paperless e-KYC when downloaded has the following XML :

Element:

OfflinePaperlessKyc : Container for keeping the Aadhaar number holder kyc data.

Attributes:

version - Version: 

Now value will be 1.0.

referenceId - Reference Number:

This is a composition of last 4 digits of Aadhaar number followed bytimestamp in YYYYMMDDHHMMSSmmm format.

Example:

Aadhaar Number: XXXX XXXX 3632


Time Stamp : 20181001134543123

Reference Number : r=”363220181001134543123”

Pht - Photo:

Is present in JP2000 format with low resolution. Standard JP2 renderers can be used to show the photo.

e - EmailID:

This is represented as a hash with following logic.

Hashing logic for Email ID :

Sha256(Sha256(Email+SharePhrase))*number of times last digit of Aadhaar number
(Ref ID field contains last 4 digits).

Example :

Email: abc@gm.com
Aadhaar Number:XXXX XXXX 3632


Passcode : Lock@487


Hash : Sha256(Sha256(abc@gm.comLock @487))*2


In case of Aadhaar number ends with Zero we will hashed one time.

m - Mobile Number:

This is represented as a hash with following logic.

Hashing logic for Mobile Number :

Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
(Ref ID field contains last 4 digits).

Hashing logic for Mobile Number :

Mobile: 1234567890


Aadhaar Number:XXXX XXXX 3632


Passcode : Lock@487


Hash: Sha256(Sha256(1234567890Lock@487))*2


In case of Aadhaar number ends with Zero we will hashed one time.

gender - Gender: 

This is either “M”(Male) or “F”(Female) or “T” (TransGender).

Poa - Address: 

Address will come in below tag


Care Of- Care of like "s/o"


Country- Country name like "India"


Dist- Will contains District name


House- will contains House number


loc- Locality


pc-Pincode


po- Post office name


state- State Name


street-Street Name


subdist- Sub District Name


vtc - VTC Name

signature - Signature:

This will a 344 character long digital signature of the data present in the downloaded XML. This can be validated using the public key of UIDAI which will be present in standard signed xml.

1. Read the entire XML.
2. Get signature from xml
3. Get Certificate from here.
4. If you have downloaded Offline XML before 7 June 2020. then get Certificate from here
5. If you have downloaded Offline XML before 18 Jun 2019. then get Certificate from here
6. If you have downloaded the client before 28 March, then get Certificate from here.
7. Convert certificate to base64 string.
8. Sample code snippets provided here.

1. Aadhaar Paperless Offline e-KYC XML is zipped and protected with the “Share Phrase”. It can be unzipped using any standard unzipping utility (like WinZip, WinRaR, 7Zip etc.). While unzipping, a prompt will show for password where “Share Phrase” should be entered.

2. Parse the XML and use the logic mentioned earlier to validate the digital signature.

3. Optionally do OTP validation against the mobile number (Aadhaar number holder needs to provide mobile number which can be hashed and verified against the KYC data) and/or do face validation by capturing face and matching against the photo within the e-KYC XML.