Figure 2: Authentication Service























            data, which was provided by the person during      photograph information using KUA public key and
            enrolment/update process. Alternatively, authentica-  forwards the encrypted response to KUA. On receiv-
            tion can also be carried out based on the OTP.     ing the encrypted response, the KUA decrypts the
               The Aadhaar e-KYC service allows UIDAI to share   data using their own private key and returns an XML
            electronic version of Aadhaar information (demo-   with 7 pieces of data:- Name, Address, DOB, Gender,
            graphic information and photo ONLY) with the       Phone number, email address and photograph, this
            explicit consent of the person. During the e-KYC   eliminates collecting photocopy of Aadhaar letter
            process, UIDAI encrypts the e-KYC response data    from resident. All biometric or OTP authentication
            containing the person's latest demographic and     schemes are valid for e-KYC service.

            2�5  Technical process of Authentication & e-KYC services
            Authentication devices used by Authentication user   XML as per UIDAI authentication API. Further, upon
            agency/e-KYC user agency initiate the authentica-  receiving  the  auth  XML  from  AUA,  Authentication
            tion request (Figure 2) and create encrypted PID   Service Agency (ASA) forwards it to CIDR. To ensure
            (Personal Identity Data) block before forwarding it   the integrity and non-repudiation, Authentication
            to authentication server of AUA/KUA for processing   Server at CIDR, as a mandatory requirement, accepts
            of domain specific transaction and creation of auth   only digitally signed auth XML through ASA.

            Figure 3: Aadhaar e-KYC





























           16    e-KYC use cases in digital financial services