Originally published October 03 2019, last updated April 13 2022
The Indian government is bullish about the Aadhaar system for a complete digital identity. The best way to see this in action is the various methods implemented for the verification of a cardholder.
There are two primary methods: the online method which involves scanning the Aadhaar QR code on the Aadhaar card with the specified authentication devices. The process is fast, secure, and centrally regulated. It uses UIDAI infrastructure to process the authentication. It works fine except for minor instances where the network becomes an issue reached during an authentication.
Hence there’s another offline method, the Aadhaar XML Paperless e-KYC Process. It involves the use of a downloadable zipped XML file from the UIDAI website. The file includes the information selected by the individual for sharing during a verification process. The file can contain information like the photo, date of birth, etc. to be shared with a service provider, apart from the mandatory name and address.
It does not disclose your Aadhaar number, even in a masked form. Also, email id and password are hashed using an algorithm specified by UIDAI.
The selected fields become a part of the XML file and are digitally signed with UIDAI’s private key. In order to verify the digital signature, the public key is also included in the XML file.
In its document UIDAI says: “… the XML file generated by the Aadhaar number holder using Offline Aadhaar Data Verification Service is a digitally signed document using UIDAI digital signature. Thus, the service provider can verify the demographic contents of the file and certify it to be authentic when doing the offline verification.”
Here is the process to download the XML file:
- Step 1: Go to URL www.uidai.gov.in
- Step 2: Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in the screen, then click on ‘Send OTP’
- Step 3: Enter the OTP received by registered Mobile Number for the given Aadhaar Number
- Step 4: Enter a Share Code which will be the password for the ZIP file and click on the ‘Download’ button
- Step 5: The Zip file containing the digitally signed XML will be downloaded
The offline verification comes in handy when the process cannot happen online or when you have to share the document. The advantage is in the ability to share only the selected information that one wants to share.
Security is a concern though
Offline Aadhaar Download, at a very optimistic level, has been tricky to perform. UIDAI does not specify the exact process of sharing the downloaded file along with the password to any institution. Couple it with the fact that UIDAI steps off from the centralized authentication.
The Aadhaar XML Download, once shared with the password, can be sent forward to be used again. There is no control over who could open the file. Strict data retention policies are governing the use of these documents, but a leak could see the data getting exposed as we have seen in the past with Aadhaar.
The use of such a document is a future, we would need it till we have significant people with online connectivity in our country. The process by UIDAI in itself would evolve to accommodate these concerns and will improve in the future.
How should it be used
The Aadhaar XML download of anyone is a piece of sensitive information that should be processed and handled with care. It should never be saved without proper security and encryption to any server. The processing of the information should, as much as possible, be done on the client and never pushed to the server.
Most Background Verification Companies in India offer this source of employee verification in their services.
We, at SpringVerify, an employee verification company, have built BGV verification processes using XML files and we always process it in an encrypted environment on the client device. Never on a server.
FAQs
What details does the Aadhaar XML file contain?
- Reference number
- Resident’s name
- Gender
- Photo
- Date of Birth
- Mobile number in hashed form
- Email in hashed form
What is XML format?
XML format is a digitally signed, shareable, and protected document. Visible data includes only the name and address while other details are optional. Once your Aadhaar Card XML File Download is complete, you can use it for verification purposes.
Benefits of e-KYC:
- E-KYC background verification services can only be used by verified agents and institutions. Hence, your credentials stay in safe hands.
- The biometric scanners need to be verified as well. Hence, offering better security.
- It is free of cost.
That was all about Aadhaar Card XML Download, there are plenty of other documents you can use for verification purposes. If you’re searching for more details around it, here’s what can help you:
- How can Pan Card be misused? And ways to prevent them
- Importance of Identity Check and How It Works
- Aadhaar masking: Here’s what you need to know about
- Passport Verification Using MRZ – SpringVerify India Blog
- A Unified Driving Licence format in India: why was it important?
- Passport Verification Using MRZ
Originally published October 03 2019, last updated April 13 2022