The Government of India has ambitiously pursued the world’s largest biometric collection campaign – Aadhaar, in order to give its citizens and residents a taste of biometric authentication and of course, to improve access to the government services. The country has also been in the process of replacing the mode of authentication for government services with Aadhaar based biometric authentication. Some of these services even allow Aadhaar authentication done remotely, i.e. via the internet.
This development has resulted in a big relief for the Indians spread across the world (such as NRIs), who otherwise had to travel to India for physical authentication to avail services like pension scheme (Jeevan Praman) and many other government services.
To ensure that Aadhaar based authentication stays as secure as its physical counterpart and to eliminate any possibility of manipulation to (e.g. use of fake or stored biometric identity), UIDAI has introduced RD service. UIDAI (Unique Identification Authority of India) is the government agency that regulates the Aadhaar based authentication for private as well as government organizations.
SecuGen registered device (RD) service
SecuGen registered device service a.k.a. SecuGen RD service is the process to convert an Aadhaar compatible biometric hardware (e.g. newly purchased SecuGen Hamster Pro 20 / HU20 fingerprint reader) into a registered biometric device to make it usable for Aadhaar based authentication.
Aadhaar based authentication replaces manual or physical process of identity authentication with an online system, in which Aadhaar number and biometrics along with other details are submitted to Aadhaar system for authentication via the internet. RD service enables your Aadhaar compatible biometric device to perform secure transaction with Aadhaar system. According to the UIDAI, RD service has to be facilitated by the device manufacturer.
Registering your Aadhaar compatible biometric device with RD service eliminates any possibility of using a third party application to provide stored biometrics for user authentication. It is achieved by signing biometric data within the device using the provider key, and forming an encrypted PID block, which ensure it is captured live and not with stored biometrics. Registered device have a unique identifier, which allows traceability, analytics and fraud management.
RD service ensures that the biometric sample is captured from a real person and not by other means. This feature is in line with the government’s objectives to ensure that a user’s stored biometrics is not used by someone else for availing any government service.
RD service provider signs every biometric scan before sending it to the host application. These scans are time stamped and encrypted in order to ensure security. As per UIDAI guidelines, it is mandatory to use registered devices for Aadhaar based biometric authentication to avail government services such as Pension Scheme (Jeevan Praman), eKYC, Rental Agreement, Property Sale and many other services.
How to register Hamster Pro 20 (HU20) with SecuGen RD service?
SecuGen RD service is a service provided by SecuGen, in which a public (i.e. unregistered) SecuGen biometric device (read: Hamster Pro 20 – HU20) is registered with SecuGen’s RD service servers. It is aimed at making the Aadhaar authentication securer and free from manipulations.
It is a good idea to first register your Hamster Pro 20 (HU20) with SecuGen and prepare your computer in the meantime.
Steps to register Hamster Pro 20 (HU20) with SecuGen RD service
SecuGen RD service is provided by SecuGen India as Aadhaar based biometric authentication is meant for Indian residents or NRIs. If you have purchased your SecuGen biometric device outside India, it may not register with SecuGen RD service via the standard process. Process to register SecuGen biometric device purchased outside India with RD service is covered after the standard process in the subsequent sections.
- Go to http://secugenindia.com/rdsrno and provide the details required in the form. You can leave the boxes blank which are not mandatory if they are not applicable to you (such as Application type, Company, etc.).
- In the Hamster Pro 20 Sr. No. text box, you need to provide the serial number of your device, which can be found on the back of your device.
- After providing the required data, submit the form and your device registration should get accepted by the SecuGen. You can check your device registration status by clicking on the link provided on the same page.
For devices purchased outside India
The above method is suitable for devices purchased in India, however, for residents living outside of India (NRIs) who have purchased the device outside India, need to follow the process below to have their device registered for SecuGen RD service.
- SecuGen asks users to drop a mail to firstname.lastname@example.org, instead of the filling the form. Users need to submit the same details required on the form, however, they should be included in your email instead of the online form.
- It would be a good idea to send a copy of your invoice as well as a photograph of your device serial number by attaching with the email. It will enhance your chances of registering the device.
- Alternatively, you can also submit your details along with your proof of purchase and serial number photograph on WhatsApp number +91-9082495805. Please check SecuGen India website for the updated WhatsApp number, which they generally provide on the top right corner of SecuGen India website.
SecuGen device price
Aadhaar authentication compatible HU20 SecuGen device retail price is around $72, which you can purchase online from https://www.bayometric.com/secugen-hamster-pro-20-fingerprint-reader-scanner/. For the price, you get ultra-compact FBI FIPS 201 (PIV) and Mobile ID FAP 20 compliant USB fingerprint scanner which is known for its accuracy and ruggedness. Considering the set of features you get with Hamster Pro 20, SecuGen device price feels optimum.
It is important to know that only SecuGen Hamster Pro 20 (Model# HU20) works for UIDAI Aadhaar based biometric authentication as it is the only compatible device from SecuGen. If you have similar model (such as SecuGen Hamster Pro 20A), it will not work for Aadhaar based authentication. You may not be able to register it with SecuGen RD service to make it work.
SecuGen RD service price
SecuGen RD service price is a one-time fee for activating RD services. SecuGen charges approximately USD 8.8 / INR 649 (USD 7.45 / INR 550 + 18% GST) as SecuGen RD service price for 3 years. Once registered, they send a link to download the RD services application.
How to install SecuGen biometric device (Hamster Pro 20 – HU20)
Before using your SecuGen Hamster Pro 20 (HU20) for Aadhaar based biometric authentication, you would need to install it with your computer. It would be a good idea to install your SecuGen biometric device (Hamster Pro 20 – HU20) on the computer which is compatible with your device as well as with the RD service.
- Login to your PC with administrator account or a user account with administrator rights.
- Check your Windows systems type (32bit / 64bit) by right clicking on the My Computer / Computer and selecting Properties.
- The following screen should appear having your systems type. For example, the below screenshot tells the system type to be 64 bit.
- In order to successfully install your SecuGen biometric device, you need to install SecuGen WBF driver (SecuGen RD service driver) first.
- There are 2 ways to install the Drivers – When you Plug in the Hamster Pro 20 device, Windows will automatically install the drivers. Or these drivers can be downloaded by clicking on the following link: Download SecuGen Pro U20 device driver
How to manually install SecuGen device drivers
- Download and extract the zip file and disconnect the system from the local network / internet.
- Connect your SecuGen Hamster Pro 20 (HU20) with your computer and it will automatically try to update the device drivers. You need to skip this process as shown in the below screenshot.
- We will be manually installing the SecuGen WBF driver (SecuGen RD service driver). It is important to do it manually to install the correct driver.
- To install the SecuGen WBF driver manually, click on the Start Button and open the Control Panel. Select Device Manager. Alternatively open Windows Explorer and right click on Computer and select Device manger.
- Since you have already connected your SecuGen Hamster Pro 20 (HU20), the device manager should have an entry for your SecuGen biometric device by now (with a yellow icon).
- Right click on “SecuGen USB U20 device and select “Update Driver Software…” The system should show the following dialogue box.
- Select “Browse my computer for driver software” option.
- Browse the extracted SecuGen WBF driver folder. Select 32-bit folder if your system is 32-bit (x86). For 64 bit systems, select 64 bit driver folder.
- Click on the Next button and the installation begins. When the SecuGen WBF driver is installed successfully, your computer will show a “Device driver software is successfully updated” dialogue box.
Test the RD service device driver for correct driver installation
- Go to the extracted SecuGen RD service driver (SecuGen WBF driver) folder, which we used in installing SecuGen WBF driver.
- Double click sgdx.exe, the SecuGen Device Diagnostic Utility should show up.
- Identification of the device.
- Initialization of the device.
- Fingerprint capture by the device.
Identification of the device
If the selected device does now show USB – FDU05 in “Select the fingerprint device” dropdown box (while device is connected), it has not installed correctly. Follow the installation process again to install it correctly.
Initialization of the device
If the device has been installed and selected correctly, clicking on “In it” button will initialize the device. You should see a success message at the bottom status bar of the utility.
Place a finger (or thumb) on your SecuGen biometric device sensor and click “Capture” button on the Diagnostic Utility. The utility software should be able to capture your fingerprint and show it on the empty area meant for it. Showing fingerprint means that the device has been installed successfully and is ready to use.
Install SecuGen Hamster Pro 20 (HU20) with RD service
The process of registering your Hamster Pro 20 (HU20) with SecuGen RD service has already been explained in the beginning of this guide. After registering your device with SecuGen RD service and installing SecuGen RD service driver, you need to install the RD service software. The package required for the installation can be downloaded from here.
- Extract the downloaded zip folder, it should consist an .exe file, run it.
- Follow the on screen instructions; it should only take a couple of steps to successfully install your RD service application.
- Go to the folder “C:\Program Files\SecuGen\RDService” OR “C:\ ProgramFiles(X86)\SecuGen\RDService” (depending on your OS) where the application is installed.
- Run the application by double clicking sgirdclient.exe.
If the load messages section has a last message as “Device Ready” or “RD Service Ready”, it means that your device is now connected with the RD service and ready to be used.
Troubleshooting common errors in SecuGen RD service
How to fix “Timestamp value is expired”?
If RD Service Client message says “Timestamp Value is Expired” This error occurs when there is a mismatch between the system time and the server time. To fix this, Go to: Control Panel > Date and Time. The Date and Time window should appear.
Alternatively, you can also click on the task bar clock and press “Change date and time settings…” link.
- In Time Zone the location should be (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi. Click on Change time zone button to change it.
- Go to the Internet Time tab and click on Change Settings. In Server dropdown list, select “time.nist.gov” and click on Update Now button.
- Time should now synchronize with the nist.gov server.
Restart the SecuGen RD Service Client, if Load Message window is blank, it means SecuGen RD service has stopped (SecuGen RD service not ready error).
How to fix “SecuGen RD service not ready error”?
To fix “SecuGen RD service not ready” error, you need to restart the SecuGen RD service manually through “services.msc”. services.msc is an inbuilt utility in Windows, which is used for locating, starting or stopping different services.
- To start the SecuGen RD service, press Windows button + R or Press Start button and select “Run”.
- Type services.msc in the run window and press enter / OK button.
- In the Services window, locate SecuGen RD service on the left and right click on it.
- Select “Start” from the right click menu. Alternatively you can also click “Start” hyperlink that appears on the left as you click and select SecuGen RD service.
“SecuGen RD service not ready” error should be fixed now and SecuGen RD service client should show status as “RD Service Ready”.
RD service architecture
SecuGen RD service is designed in a way that it creates a secure environment to protect the user biometrics from any potential manipulation. The secure environment created by the RD service architecture ensures that the government services can only be accessed by authorized individuals. It also protects user biometrics form any potential misuse by cybercriminals.
- AUA/Sub-AUA provided application starts in host machine.
- Application does a RD Service discovery.
- When ready for the biometric capture, application connects the RD Service to initiate the PID creation (which contains digitally signed and encrypted biometrics).
- When the RD Service detects a good capture, it does necessary processing/extraction, creates the signed biometric record (FMR, FIR, IIR, FID), forms the encrypted PID block, and give the encrypted PID block back to application along with other details including the device Info.
- Application obtains the encrypted PID block along with other information from the RD Service for calling Aadhaar authentication (see Aadhaar Authentication API 2.0 specification for details).
“RD Service” refers to device provider’s registered devices service that allows capture and processing of biometrics. This RD Service then returns encrypted PID block containing signed biometrics (using device private key within the registered devices secure zone) back to the calling application.
All registered devices providers MUST provide certified RD Service for various supporting operating systems so that applications can integrate easily in a secure and standard way without needing to embed any special software within applications. Providers also must ensure that RD service can be run under separate user not needing root/admin privileges.
Registered devices securely sign the biometric data, form the encrypted PID block within the RD Service and give it back to application for use within Aadhaar authentication.
- There should be no mechanism for any external program to provide stored biometrics and get it signed and encrypted.
- There should be no mechanism for external program/probe to obtain device private key used for signing the biometrics.
It is important to note that it is in device provider’s interest to ensure the above two items are implemented securely since any compromise on these will result in fraudulent activities signed using the device provider key. As per IT Act it is essential for the key owners (device provider) to protect the signature key and take responsibility for any compromise.
Now as your SecuGen biometric device is all set to take your Aadhaar biometric authentication to the internet, next is what you want to do with it. You can use it for all the government services that allow online identity authentication with Aadhaar.
Jeevan Praman is the most common government service that people authenticated their identity for. It is extremely simple to use Jeevan Praman and with SecuGen RD service for Hamster Pro 20 (HU20), you do not have to physically go to bank or your pension disbursing office to prove your identity. Just follow this simple guide to generate your Digital Life Certificate (DLC) and allow SecuGen RD service to save you a trip.