<Final Specs> Registered Devices 2.0 and Auth API 2.0

727 views
Skip to first unread message

Sanjith Sundaram

unread,
Feb 22, 2017, 1:26:53 PM2/22/17
to Aadhaar Registered Devices Discussion Group

<Attaching the Revised Auth API 2.0 Document>


Dear All,

 

Please find attached the final specs for the Registered Devices 2.0 and Authentication API 2.0. The specs are final, however if you want to give any feedback, or ask any queries please use this thread. 

 

The same documents are getting uploaded to  UIDAI website today. The direct links will be shared shortly. 

 

Regards,

Sanjith Sundaram

aadhaar_authentication_api_2_0_1.pdf
aadhaar_registered_devices_2_0_1.pdf

Ken Zhang

unread,
Feb 22, 2017, 5:50:28 PM2/22/17
to Aadhaar Registered Devices Discussion Group

Queries :

1. Cannot access https://authportal.uidai.gov.in/devices/rdservice_registry.xml, how to get the access?

2. Will there be a new sample app on PC?

3. Will there be a test app on Android?

4. In doc.registered_device_2_0_1.

  Management service should trigger key rotation under 2 scenarios:

          i. based on the trigger from management server during "init" (ideally done at least once a day);

  Does that mean we need rotate key every day?

5. A new attribute dih is added

Within PID block, for the “Bios” element, attribute “dih” should be computed as: SHA-256(dpId+rdsId+rdsVer+dc+mi+idHash)

Are dpId, rdsId... all in binary format or string?

6. A highlight delta between 2.0 and 2.01 will be helpful.


Thanks,

Ken

Pramod Varma

unread,
Feb 22, 2017, 9:14:18 PM2/22/17
to aadha...@googlegroups.com
Will provide sample registry XML. Why do you need it though? It's only required for validation at AUA/UIDAI level.

You can write sample apps based on OS you are working on. Will try to create a default sample app from our side too. But, you can go ahead with quick sample apps. Since app interface is simple (just one capture call), should be easy to even do simple browser test!

Key rotation is not mandated daily. For L0, it is better that keys are rotated frequently to avoid compromised keys (device private key for signing) from getting reused. L1 this is less of a concern. Management server should configure this policy (aligned to UIDAI policy) and ensure keys are rotated.

dih is computed using "String" concatenation and then doing SHA-256.

Regards, Pramod.
linkedin.com/in/pramodkvarma  |  @pramodkvarma


--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
 To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/c8e5aa58-b296-474c-94e2-882e9c4ca6c6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

mantra.an...@gmail.com

unread,
Feb 23, 2017, 3:17:43 AM2/23/17
to Aadhaar Registered Devices Discussion Group
  1. Can you please send me sample staging values of “dpId” and “rdsId” for MANTRA?
  2. “rdsVer” format should like *.* (Major.Minor) or *.*.*.* (Major.Minor.Build.Revision)?
  3. SHA-256(dpId+rdsId+rdsVer+dc+mi+idHash) is string concatenation or byte concatenation?
  4. “idHash” – SHA-256 of any internal physical ID that is used to recognize physical device (such as serial number). This should be read automatically without any user input. This ID is not expected to change during the life of that physical device. idHash MUST match what was sent during registration (see Register API call later).
    1. In request where you are taking original internal physical ID of device? If you are not taking this in request then how you can verified it?
  5. However; “wadh” value is not concern of RD service but can you send me some brief detail about this element? Because we need to know about this for our test application.

6. In revised authentication document meta element does not contains fpmi, fpmc etc. attributes. Is it true?
<Meta udc="" rdsId="" rdsVer="" dpId="" dc="" mi="" mc="" />


      7. can you explain md5 logic in case of multiple files are available in RD Service?

Dzung Pham

unread,
Feb 24, 2017, 2:42:36 AM2/24/17
to Aadhaar Registered Devices Discussion Group
My suggestion is that we should use a more consistent naming for HTTP request (URL, http version) to make it easier for user & implementor of webservice.

RD-SERVICE * HTTP/1.1
Become:
RD-SERVICE http://127.0.0.1:<rd_service_port>/* HTTP/1.1

CAPTURE http://127.0.0.1:<rd_service_port>/<CAPTURE_path>
Become:
CAPTURE http://127.0.0.1:<rd_service_port>/<CAPTURE_path> HTTP/1.1

DEVICEINFO http://127.0.0.1:<rd_service_port>/<INFO_path>
Become:
DEVICEINFO http://127.0.0.1:<rd_service_port>/<INFO_path> HTTP/1.1

Best,
Pham
Message has been deleted
Message has been deleted
Message has been deleted

Ketan Upadhyay

unread,
Feb 24, 2017, 11:26:33 PM2/24/17
to Aadhaar Registered Devices Discussion Group
Dear All

Mr Mahesh has given good documented suggestion, But I suggest to make only info and capture two calls as documented by Mr. Mahesh. Success or failure of Info call can help determine status of service. The info call should return almost immediately and timeout setting for info call should be aprx 1 sec as application needs to scan all other ports to identify available devices.

More critical parameter is port numbers, UIDAI is assigning port range as fixed range. This will be in public domain. Any virus blocking this port range can pull down entire authentication system. Being system of national importance it is more likely to be attacked. Most security audits discourage use of Ports available in public domain. I suugest to keep the port(s) no can be optionally assigned by user. This will help critical application to use custom port(s)

Regards
ketan Upadhyay

Dzung Pham

unread,
Feb 27, 2017, 4:50:29 AM2/27/17
to Aadhaar Registered Devices Discussion Group
About error codes of registered device service.

1/ Page 18 of "aadhaar_registered_devices_2_0_1.pdf":
"In case a app calls capture when the RD service is in between the capture then it should return appropriate error code as per spec."

Where are the description/enumeration/format of XML result for thoses error codes?

2/ Page 11 of "aadhaar_registered_devices_2_0_1.pdf":

<PidData>
<Resp errCode="" errInfo="" fCount="" fType="" iCount="" pCount=""/>
...
</PidData>

Int errCode (mandatory) 0 if no error, else standard error codes

Where are those error codes defined?

Best,
Pham



On Thursday, February 23, 2017 at 1:26:53 AM UTC+7, Sanjith Sundaram wrote:
Message has been deleted

Netaji Rao

unread,
Feb 27, 2017, 4:58:11 AM2/27/17
to aadha...@googlegroups.com
Applications will get RDService xml from rdservice_registry

Certified RD services and devices details are made available at the following URL:
https://authportal.uidai.gov.in/devices/rdservice_registry.xml  



Thanks,
Netaji Rao D

On Mon, Feb 27, 2017 at 3:26 PM, Mahesh Patel <mahesh...@mantratec.com> wrote:

If only “info” and “capture” implemented then how can application get RDService xml?

 

Regards,
Mahesh Patel

Mantra Softech India Pvt Ltd
ISO 9001:2008 Certified Company

 

Line1 : 079-6450-6243 (ext.: 33)

Line2 : 079-4906-8000 (ext: 111)

E-mail : mahesh...@mantratec.com
Skype: mahesh.mantra

B/203, Shapath Hexa,

Near Gujarat High Court,

S.G. Highway, Ahmedabad-380060

Website : www.mantratec.com

Network: AHMEDABAD–BANGALORE–HYDERABAD–CHENNAI-DELHI–PUNE–MUMBAI–JAIPUR

 

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.


For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/009701d290df%24b36f7aa0%241a4e6fe0%24%40mantratec.com.

Mahesh Patel

unread,
Feb 27, 2017, 6:11:24 AM2/27/17
to aadha...@googlegroups.com

Then what is the role of below xml at vendor sdk.

 

<RDService status="READY|USED|NOTREADY|..." info="provider info for display purposes">

<Interface id="CAPTURE" path="/rd/capture" />

<Interface id="DEVICEINFO" path="/rd/info" />

</RDService>

 

Regards,
Mahesh Patel



 

 

Thanks,

Netaji Rao D

 

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.


To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

 

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.


To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

Mahesh Patel

unread,
Feb 27, 2017, 6:53:46 AM2/27/17
to aadha...@googlegroups.com

Attached image is containing the diagram of RD Service Call Sequence as per my understanding.

 

Please correct me if I am wrong.

 

Regards,
Mahesh Patel


From: Mahesh Patel [mailto:mahesh...@mantratec.com]
Sent: Monday, February 27, 2017 4:44 PM
To: 'aadha...@googlegroups.com' <aadha...@googlegroups.com>
Subject: RE: [aadhaar_rd] Re: <Final Specs> Registered Devices 2.0 and Auth API 2.0

 

Then what is the role of below xml at vendor sdk.

 

<RDService status="READY|USED|NOTREADY|..." info="provider info for display purposes">

<Interface id="CAPTURE" path="/rd/capture" />

<Interface id="DEVICEINFO" path="/rd/info" />

</RDService>

 

Regards,
Mahesh Patel

 


Sent: Monday, February 27, 2017 3:28 PM
To: aadha...@googlegroups.com


 

 

Thanks,

Netaji Rao D

 

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.


To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

 

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.


To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

RDService Call Sequence.png

PACHNANDA Saurabh (SAFRAN IDENTITY AND SECURITY)

unread,
Feb 28, 2017, 8:00:42 AM2/28/17
to aadha...@googlegroups.com

Dear UIDAI Team,

As we understand from earlier communication & yesterday’s meeting, specifications released on Feb 22nd 2017 – for Registered Devices stands FINAL for both, Level 0 and Level 1 devices.

Is there any plan of further revision of these specifications?

 

We need clear visibility on solidification of released specifications and also that no further changes will be brought upon.

 

Regards,

Saurabh


For more options, visit https://groups.google.com/d/optout.

#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite.Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#

Royston Mascarenhas

unread,
Mar 1, 2017, 6:15:59 AM3/1/17
to Aadhaar Registered Devices Discussion Group
Dear Sanjith,

Thanks for the links to the specs. I believe there have been multiple updates to the docs since the original 2.0 spec. It would be good if you
can add version details since its difficult to distinguish between the various releases and could cause confusion.

I believe all documents just state 'revision 1' for now.

regards,
Roy.

PACHNANDA Saurabh (SAFRAN IDENTITY AND SECURITY)

unread,
Mar 1, 2017, 7:50:38 AM3/1/17
to aadha...@googlegroups.com

Hello Sanjith,

I agree. It’ll be good to include version history and change notes in the document.

 

From: aadha...@googlegroups.com [mailto:aadha...@googlegroups.com] On Behalf Of Royston Mascarenhas
Sent: Wednesday, March 01, 2017 4:46 PM
To: Aadhaar Registered Devices Discussion Group
Subject: [aadhaar_rd] Re: <Final Specs> Registered Devices 2.0 and Auth API 2.0

 

Dear Sanjith,

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.


For more options, visit https://groups.google.com/d/optout.

Sanjith Sundaram

unread,
Mar 1, 2017, 1:13:12 PM3/1/17
to Aadhaar Registered Devices Discussion Group

Dear Royston/Saurabh,

Point noted and will pass this input internally. Following two links will always contain the latest version of the document, unless there is an API upgrade. 
 

Regards,
Sanjith Sundaram

On Wednesday, March 1, 2017 at 6:20:38 PM UTC+5:30, PACHNANDA Saurabh (SAFRAN IDENTITY AND SECURITY) wrote:

Hello Sanjith,

I agree. It’ll be good to include version history and change notes in the document.

 

From: aadha...@googlegroups.com [mailto:aadhaar_rd@googlegroups.com] On Behalf Of Royston Mascarenhas
Sent: Wednesday, March 01, 2017 4:46 PM
To: Aadhaar Registered Devices Discussion Group
Subject: [aadhaar_rd] Re: <Final Specs> Registered Devices 2.0 and Auth API 2.0

 

Dear Sanjith,

 

Thanks for the links to the specs. I believe there have been multiple updates to the docs since the original 2.0 spec. It would be good if you

can add version details since its difficult to distinguish between the various releases and could cause confusion.

 

I believe all documents just state 'revision 1' for now.

 

regards,

Roy.

 


On Wednesday, February 22, 2017 at 11:56:53 PM UTC+5:30, Sanjith Sundaram wrote:

<Attaching the Revised Auth API 2.0 Document>

 

Dear All,

 

Please find attached the final specs for the Registered Devices 2.0 and Authentication API 2.0. The specs are final, however if you want to give any feedback, or ask any queries please use this thread. 

 

The same documents are getting uploaded to  UIDAI website today. The direct links will be shared shortly. 

 

Regards,

Sanjith Sundaram

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.

Netaji Rao

unread,
May 27, 2017, 7:37:49 AM5/27/17
to aadha...@googlegroups.com
Dear Srinivas,

Can you please share updated specification documents?


Thanks,
Netaji Rao D

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/8a378ebc-c2f1-412a-ac41-65dad5ebe682%40googlegroups.com.

Netaji Rao

unread,
May 30, 2017, 4:32:56 AM5/30/17
to aadha...@googlegroups.com
Dear Srinivas,

Reason for askin the updated docs was that the previous links are not working and also there were many updates and guidelines received in group that were not added to doc.

So expecting a consolidated doc.

Thanks,
Netaji Rao D
Reply all
Reply to author
Forward
0 new messages