UIDAI Authentication Registered Devices Application

Aadhaar authentication provides several ways in which a resident can authenticate themselves using the system

Authentication server performs the following processing on each authentication request generated for each registered devices:

1. Decode and Decrypt the Pid from Data element. Based on type attribute of the “Data” element, the value of Data is either interpreted as XML or Protobuf bytes.

2. Re-compute the SHA-256 Hash of Pid.

3. Decode and decrypt the value of Hmac element.

4. Compare the re-computed SHA-256 hash with Hmac value received in authentication request.

a. If both values match, then, integrity of authentication request is preserved and server will proceed with further processing of the request.

b. If values do not match, reject the authentication request with error code representing “HMAC Validation failed”.

Registered devices application is developed to fulfil Aadhaar authentication requirements. The application can be used as below

  • On main page click on Capture finger Get PID button and put finger on scanner to capture finger

  • After successful capture and processing data it will looks like as below.

  1. In pid xml block the actual generated pid xml is shown which will be encrypted to send to Aadhaar server for authentication. The block is shown below

  2. fpmi – Finger Print Manufacturer ID. If fingerprint device is a registered device then certified manufacturer should get an ID from UIDAI. That id given as below.

  3. fpmc – For registered finger print device, this attribute holds signed public key certificate of the manufacturer. AUA application should call “getManufacturerCert” function of the registered device.

  4. PID Timestamp - It is the time of capture of authentication input. This is in format “YYYY-MM-DDThh:mm:ss” (derived from ISO 8601). Time zone should not be specified and is automatically defaulted to IST (UTC +5.30).

  5. Encrypted session key - Value of this element is base-64 encoded value of encrypted 256-bit AES session key. Session key must be dynamically generated for every transaction(session key must not be reused) and must not be stored anywhere except in memory.

  6. Hmac block contains hash encoded value.

  7. Encrypted PID block contains the encrypted data of PID XML data.

  • After this enter your Aadhaar number in given text box

  • Then click on Create send auth xml to send the encrypted data for verification from Aadhaar server

  • If the authentication succeeds the it will shown on window as below

  • Please find below link to get sample

  • The sample works with UIDAI's Staging Server

  • User needs to change the URL & Public key for Production Server to test with Aadhaar's Production environment

Registered devices POC.zip