Bio Metric Devices Certification

The objective of Certification of Biometric Devices (BDCS) is to facilitate the availability of quality which is assessed by authentication/ enrolment Biometric Devices along with QR Code scanner devices used for offline authentication which is for user agencies. This certification scheme provides confidence that certified devices are reliable, safe, and secure and meet the UIDAI (Unique Identification Authority of India) requirements. This objective is achieved by ensuring that the devices comply with the UIDAI Aadhaar Specification.

The main aim is to provide confidence to the user of the biometric devices that the certified devices are reliable, safe, and secure and also meet the required documents. The scheme includes a fingerprint scanner, iris camera for enrollment and authentication devices.  

Standardization Testing and Quality Certification (STQC) Directorate is an attached office of the Department of Electronics and Information Technology (DeitY), Government of India which provides quality assurance services in the area of Electronics and IT through a country that has a network of laboratories and centers. These services include Testing, Calibration, IT & e-Governance, Training, and Certification which is for public and private organizations. STQC laboratories are having national / International accreditation and recognition are also in the area of testing and calibration.

STQC has specialized institutions such as the Indian Institute of Quality Management (IIQM) which is used for the quality related to training programs and the Centre for Reliability (CFR) for reliability-related services, with also testing and calibration.

Devices covered under the scope:

• Authentication Device (L0 and L1)

1. Finger Print Scanner
2. IRIS Authentication devices (Discrete and Integrated)
3. Registered Device Service

• Enrollment Devices

1. Finger Print Scanner
2. IRIS devices
3. Pre-Certified Hardware (PCH)
4. QR Code Scanner Devices for Offline Authentication.  

UIDAI requires that only the registered devices should be used by all the Authentication Eco-Partners.

“Registered Devices” relates to the devices which are registered with Aadhar system for encryption key management. Aadhar authentication server can individually identify and validate these devices and manage encryption keys on each registered device. 

• Devices Identification: Every sensor device has a unique identification, allowing device authentication, traceability, analytics and fraud management.
• Eliminating use of stored biometrics: Every biometric record is processed and encrypted within the secure zone eliminating transmission of unencrypted biometrics from sensor to host machine.    

The objective of the Certification of the QR code scanner is to facilitate the availability of the Quality Assessed Devices to user agencies. The objective is to ensure the device suppliers are certified based on their capability to supply QR Code Scanner which meets the technical specification of the UIDAI and the suppliers must have an adequate support system that ensures the availability of device functions/ services.

The main aim of Testing and Certification is to ensure that the Device under Testing (DUT) complies with the requirements, relevant standards, specifications, which includes specifications released by UIDAI for UID application.

The objectives verify that:

• The extent to which the requirements are prescribed in the UIDAI specifications have been fulfilled.
• The extent to which the applicable regulations, standards and specifications are set out in the applicable Quality Specification. 
• Provide opportunity for the Vendors to understand defects/ non-conformance and rectification for the same.
• To grant certification and provide assurance to users of device that the certified product meets UIDAI requirements.

Scope of Certification:

• Scope of Certification covers various types of Biometric Authentication/Enrolment Devices for Aadhaar Ecosystem.
• Certification Committee will issue the certificate after getting satisfied with the recommendation of the certificate committee. On completion of the activities and the fulfillment of the certification and evaluation criteria and receipt of the payment, the certificate gets issued along with the test report.

Lock/Unlock Biometrics:

• It will enable the Resident to lock and temporarily unlock their biometrics. This is to protect the privacy and confidentiality of Resident’s Biometric Data which includes fingerprint and iris. Locked Biometrics ensures the Aadhaar holder will not be able to use their biometric for authentication. Registered Mobile Number is essential to avail this service. 

The assurance necessary for the characteristic of the device:

• Device Portability
• Image Quality leading to data quality
• Durability for varied environmental and climatic conditions
• Safety and Electro-magnetic compatibility of the devices
• Functional Testing
• Security Testing
• Authentication accuracy management

Supplier (Services)

Supplier is that party which is responsible for providing Devices and is also able to ensure that Quality assessment is performed. The supplier can also be client, vendor, channel partner, authorized agent with a legal entity in India. For this purpose, supplier is the applicant and is also responsible for placing devices in the market after obtaining the certification.

Manufacturer (Product)

Legal Entity anywhere in the world that makes device through a process which involves raw materials, components (optical, optoelectronics, electronics, embedded software, etc.) or assemblies, usually on a large scale with different operations divided among different workers. They are also responsible for Quality Assurance of the produced devices which are including Testing of Devices as per UIDAI requirements.

Quality Assessment

The total measures carried out consistently and systematically, that ensures the devices for the UIDAI Application which conform to the requirements of the stated specifications.

Device

Device submitted for certification includes Fingerprint scanner, IRIS Scanner, Pre-certified Hardware, and QR Code Scanners.

Certification Agreement

An agreement which is part of the Certification System, and which details the mutual rights and obligations of the certificate holder and the Certification Body, and which includes the right to use the certificate.

All biometric devices which are used for authentication shall be certified as required and as per specifications issued from time to time by the Authority for this purpose.

Certification Body

This body conducts certification for compliance/conformity with respect to published standards and any supplementary documentation required under the system. All the operations and functions of the Certification body will be performed by STQC Directorate.

QR code is an image of a matrix barcode that helps to store data in two dimensions. UIDAI has developed a secure QR code for e-Aadhaar / Aadhaar letter which carries demographic information & photograph digitally signed by UIDAI. Users can read the information in Secure QR code to verify the details of the person presenting the e-Aadhaar / Aadhaar letter thus, facilitating offline identity verification.

• Test and certification charges 
• Technical construction file 
• GeM (Government e-Marketplace) Registration Number
• Certification Agreement 
• Three Nos. of QR Code Scanner Device to be tested. 
• Test environment for functional testing 
• Compliance statements and Test reports
• Arrangement to witness the specialized testing (if applicable) at manufacturer facility, in case the in-house facility for the same is not available with STQC.