Guidelines reg usage of RD service with different Operating Systems

469 views
Skip to first unread message

Jyjesh Thayyil

unread,
Nov 26, 2017, 4:36:58 AM11/26/17
to Aadhaar Registered Devices Discussion Group
Dear All,

Please find the below guidelines on usage of RD Service with respect to different OS,


I. Android OS:

 

1-   For devices that are not centrally managed, the SafetyNet API check for "ctsProfileMatch: true” is compulsory on every init() call. It is recommended to ONLY support devices with Android 5.0 and above for device without an MDM.

 

2-   For host devices which are centrally managed, i.e. they have a mobile device manager (MDM) installed, It is NOT compulsory to call SafetyNet API in the RD Service, for any OS Version. But please note that it is strongly recommended to use OS versions above 5.0

 

a.   The AUA (Device Provider in case of Iris/Fingerprint Integrated Android Devices) needs to make a submission to UIDAI confirming the MDM details and taking responsibility for the integrity and security of the OS.

 

b.   An RD Service with different rdsID having no SafetyNet API implementation can be provided by device provider to AUA in all such cases, upon approval from UIDAI. This RD Service should NOT be publicly available for download.

 

3-   PCI/PTS certified Android PoS:

 

Android PoS Devices certified for PCI/PTS need not to have SafetyNet checks /Google play services, provided they are managed devices and OS integrity is secured by AUA. Liability for all transactions originated from such devices need to be accepted by the AUA in a declaration submitted to UIDAI.

 

4-   SafetyNet API implementation is NOT compulsory for host devices where the entire PID creation is occurring outside the host running the RD service.

 

II. Windows, Linux and Other OS:

 

  It is recommended that the host be centrally managed i.e. applications cannot be uploaded to the host locally. AUA must make a submission to UIDAI taking responsibility for the integrity and security of the OS.


Hope the above clarifies numerous queries asked in different forums. An official communication in this regard will follow.


Regards,

Team UIDAI.

John Simeon

unread,
Nov 29, 2017, 12:31:57 AM11/29/17
to aadha...@googlegroups.com
Dear UIDAI Team,

Can you please elaborate on the scope of the MDM.

Regards,
John Simeon.
[System Architect - Embedded Systems]
Manvish eTech Pvt Ltd.

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/64036e78-0092-4a3b-bf9d-0d00c57a5245%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Pratik | Biomatiques

unread,
Dec 1, 2017, 6:47:39 AM12/1/17
to aadha...@googlegroups.com

Dear Jyjesh Sir,

 

 

In case where we have to deploy special RD Service due to devices not passing SafetyNet checks, what are the other checking mechanism we need to deploy? Or RD service can run without any device checking mechanism?

 

Kindly clarify!

 

With much gratitude and respect,

For Biomatiques Identification Solutions (P) Ltd.

logo guidelines-12 resized 320

Pratik Patel | VP – Global System Integration

‘Rishi House’, Nr. Kargil Chowk, Piplod, Surat – 395 007, (Guj.), INDIA

Mobile: +91 990 980 4321

Phone: +91 261 2225767

Email: pra...@biomatiques.com 

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.

image002.png

Royston Mascarenhas

unread,
Dec 4, 2017, 1:27:30 AM12/4/17
to Aadhaar Registered Devices Discussion Group
Dear Jyjesh,

In addition to Pratik's query, I also have a question if the non safety net build needs to be time bound for a period
of one year as was mentioned in an earlier communication. Or can we give a permanent build now?

thanks & regards,
Roy.

sh...@shoonya.io

unread,
Mar 26, 2018, 10:53:44 PM3/26/18
to Aadhaar Registered Devices Discussion Group
Dear UIDAI Team ,

Google just Launched and Android Enterprise recommended program. While some specification does not make sense for Aadhaar enabled devices. But the below requirements such as

1. Minimum OS Version 7.0
2. 90 Day Security Update Guarantee
3. EMM/MDM Solution Integrated

Would ensure that the Aadhaar backend would not be affected by insecure devices.

https://www.android.com/enterprise/recommended/requirements/

Regards
Shiv Sundar
https://www.linkedin.com/in/sundarashiv/
Founder Shoonya - Connected Devices Platform

Amit Aggarwal

unread,
Mar 27, 2018, 12:06:20 AM3/27/18
to aadha...@googlegroups.com
Nothing to do with security.. for devices to be secure, much more is needed which is expected to be addressed in specs, so that it is oem/platform agnostic. 

 Features mentioned are already supported by dep/kme and security patch updates by some OEMs. 

Attestation, TEE, will take care of device level security.. MDM is for management/Configuration.  It does adds extra layer to management /control /Configuration of devices and less on deep device security itself. 


Best Regards
Amit

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/a18963d9-6825-4942-927d-ba94a230a084%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages