Authentication devices are deployed by the AUA, Sub AUA or their agents. The connectivity from devices to AUA/ Sub AUA server is also provisioned by the AUA/ Sub AUA.

Some possible form factors in which biometric authentication devices may be deployed include:

• Hand-Held / PoS Device such as MicroATMs, attendance devices

• USB device connected to PC

• Mobile phone with biometric sensor

• Kiosks such as ATMs, MNREGA job request kiosks

• AUAs are expected to select form factor based on their service delivery and deployment needs.

Application Components for Authentication Devices :

Authentication application: AUAs should develop authentication application based on its business needs and UIDAI’s authentication API.

• Best Finger Detection (BFD) application: Success of biometric authentication is dependent on the quality of biometric captured in the authentication request. The quality varies across different fingers of a resident, amount of pressure applied etc. To ensure that a resident is on-boarded to the concept of biometric authentication and is aware of which fingers are best suited for biometric authentication, UIDAI has developed a protocol called BFD. If an AUA opts for biometric authentication, it should ensure that the BFD application, as per the BFD API published, is deployed on the devices.

• OTP application: If an AUA opts for Aadhaar-based OTP authentication, the AUA should build a module for initiating OTP request and integrate the same with its service delivery application. The API for developing OTP request application is available on UIDAI’s website. As a backup option, the AUA may also guide residents to generate OTP through UIDAI’s portal, UIDAI’s contact centre or USSD through resident’s registered mobile phone.

• Exception handling provisions: The device application should have provisions to service genuine residents who may be falsely rejected during biometric authentication. Also, there should be measures to continue service delivery in case of other technological limitations such as network non-availability, device breakdown etc. There should be no denial of service to residents due to technology limitations. The exception handling mechanisms should be backed up by non-repudiable features to log and track requests handled through exception handling mechanism to prevent any fraud attempts.