Use cases

Device registration

The device must be connected to the management server, over a network. Also, at least one client app must have activated the license key. For information on license activation, refer to the To activate the license section. If the device is connected to the management server and client app has activated the license, then management client calls the "init" method to check if the device is registered. If device is not registered, management client auto initiates registration by authenticating the device to ensure it belongs to the device provider using combinations of serial numbers, internal identifiers, signatures, and so on. For more information about device registration, see Aadhaar Registered Devices Specification – Version 2.0.1.

Device deregistration

Device deregistration is an offline activity. To deregister any device, contact Samsung support. Please note that device deregistration is done only during exceptional events such device theft, loss, and so on.

Key rotation

Key rotation is an automatic and periodic activity. Once the device is registered, the device auto initiates the key rotation based on the policy period that is set at management server. In case of exceptional scenarios such as certification expiration, attestation failure, and so on, you must perform manual key rotation/manual reregistration.

To perform the manual key rotation/manual reregistration:

1. On your registered device, go to Settings > Applications > Application Manager > ALL > IndiaIdentityClient.

2. Click CLEAR DATA.

Required certificates

Aadhaar authentication requires the identity data of the resident within the XML (PID block) to be encrypted. AES-256 session key is encrypted using UIDAI's 2048- public key certificate.

UIDAI support three environments:

  • Staging
  • Pre-production
  • Production

For each environment, testing the encryption of the PID should be done with the corresponding UIDAI certificate. Application can select the environment to be used and thereby the certificate to be used for encryption by setting the “env” attribute in the PidOptions XML. For selecting staging, set “env=S”, for pre-production, set “env=PP”, and for production, set “env=P” attribute in the <Opts> tag of the PidOptions XML.

You can find all the certificates in the UIDAI site.