DOOT is safe and secure to use. We are taking all precautionary measures to ensure your data is protected and uncompromised. Please find the list of security measures that have been implemented till now. This list will expand as more safety features get added.
Standard Practices: DOOT follows standard software development practices of uniform coding standards, guidelines and reviews. Every release is reviewed and tested internally for security and penetration vulnerabilities before getting deployed on our servers.
256 Bit AES Encryption: DOOT uses 256 bit AES Encryption for information transmitted during any activity.
MFA based Sign Up: DOOT implements a multi-factor authentication based signup process.
iD Share: – We only ever transmit your unique DOOT 1iD and never any personal information. Your personal data is only shared when our application has established that the recipient is indeed authorised to receive your documents.
Data Redundancy: Data is backed up in a secure environment with proper redundancy.
User Consent Based System: The data from DOOT is shared only with the users explicit consent and shared to by giving a destination address (DOOT share code) that is visible and documented on every share screen in the application. We also maintain a record of each transaction to eliminate threats and mitigate actions of bad actors.
DOOT FaceCompare compares your face with a photo issued by your aadhaar. The result is in percentage ( eg: 95% comparison results means your current photo/selfie is a better match than a result of 90%)
DOOT FaceCompare will help in uploading images while registering with banks (or any other partner organization). Each organization will be allowed to set their own comparison threshold to accept the FaceCompare selfies. Please see the partner policy guidelines for more details.
Each DCC client dashboard has the following sections:
Triple Hierarchical View - DOOT Control Center dashboard views are arranged as per access rules defined by your administrator. Each account has three types, if you cannot access certain features, please contact your administrator.
Geo-Location & Time-Stamp – Each transaction has a unique geo-location and time stamp tagged
Transaction and Process iD – Each transaction has a unique transaction and process iD , which can be used to reference the transaction.
Export – The Dashboard allows users to export data from different sections of DCC in excel (.xlsx) format.
Infographics – Each dashboard comes with preloaded infographics showcasing a variety of metrics.
Each resident’s DigiLocker account has the following sections:
Dashboard – This section is the first page you see when you login and shows a summary of all your documents.
Issued Documents – This section shows the URIs (links) of the documents or certificates issued to you by the Govt. department or other agencies participating in DigiLocker.
Uploaded Documents – This section shows all the documents which are uploaded by you. You can update the document type and share these uploaded documents.
Shared Documents – This section shows the list of documents which you share with others (via email).
Activity – This section is a log of the activities you performed in your DigiLocker account. The log included the details about the activities such as file upload, download etc.
Issuers – This section lists the departments and agencies that are registered on DigiLocker as Issuers. If these departments have issued any document/certificate to you, it will appear in the form of a URI (link) in your Issued Documents section.
DigiLocker is safe and secure to use. We are taking all precautionary measures to ensure your data is protected and uncompromised. Please find the list of security measures that have been implemented till now. This list will expand as more safety features get added.
Standard Practices: DigiLocker follows standard software development practices of uniform coding standards, guidelines and reviews. Every release is reviewed and tested internally for security and penetration vulnerabilities before getting deployed on our servers.
256 Bit SSL Encryption: DigiLocker uses 256 bit secure socket layer (SSL) Encryption for information transmitted during any activity.
Mobile Authentication based Sign Up: DigiLocker uses mobile authentication based signup via OTP (one time password) for authenticating users and allowing access to the platform.
Aadhaar Authentication based Issued Document Access: To receive issued documents from registered issuers, citizens need to authenticate themselves using Aadhaar's Biometric or Mobile OTP authentication service.
ISO 27001 certified Data Centre: The application is hosted in a ISO 27001 security certified data centre.
Data Redundancy: Data is backed up in a secure environment with proper redundancy.
Timed Log Out: To protect citizen’s accounts from unauthorized access, our system is designed to terminate session automatically if extended inactivity is detected.
Security Audit: The DigiLocker application has been security audited by a recognized audit agency and the application security audit certificate has been obtained.
User Consent Based System: The data from DigiLocker is shared only with the citizen's explicit consent. All sharing and access activities are logged and conveyed to the citizen. Organizations that need access to citizens' certificates need to register on DigiLocker and seek explicit consent from the citizen.
Digital Aadhaar in DigiLocker is the same as eAadhaar issued by UIDAI (https://eaadhaar.uidai.gov.in) DigiLocker has partnered with UIDAI to make it available automatically to its users when they link their DigiLocker account with Aadhaar.
The advantage of digital Aadhaar is that it can now be used in the same way as any other DigiLocker document.
DigiLocker has partnered with the Ministry of Road Transport and Highways for making available digital driving license & vehicle registration certificates to Indian citizens. Under this partnership, DigiLocker is now directly integrated with the National Register, which is the national database of driving license and vehicle registration data across the country. Henceforth, DigiLocker users will be able to access their digital RC & DL both on desktop computers and on mobile devices.
Benefits of this integration -
Paperless Services: Digital driving license and vehicle registration will minimize the use of physical documents.
Authentic Records: Citizens can share the authentic digital certificates directly from the data source with other departments as identity and address proof resulting in reduction of administrative overhead.
Spot Verification: The digital RC and DL in a DigiLocker account can be spot verified for authenticity either by validating the Digital Signature of MoRTH on the PDF copy of the document or by scanning the QR code on digital documents by using the QR scan facility on DigiLocker mobile app.
For getting the digital RC & DL, users should ensure their Aadhaar number is linked with their DigiLocker account. Once this is done, they can go to the "Pull Partner Documents" section, select the issuer & document type and enter the document details asked for. This will allow them to fetch their document from the MoRTH database. Once the document is fetched, users can save a permanent link (URI) to this digital document in their “Issued Documents” section for later reuse.
Please see this step by step demo for the process of getting the digital RC & DL http://www.slideshare.net/digilocker_ind/how-users-can-get-their-digital-driving-license-vehicle-registration-from-digilocker-66061579 Citizens can get their Digital RC & DL on both desktop and on mobile devices (Android only at present, iOS coming soon!).
The digital RC & DL in DigiLocker is digitally signed by MoRTH. It is fetched in real-time directly from the National Register database and has a timestamp for record keeping purposes. This digital document is a legally valid document under the Indian IT Act 2000.
While fetching the MoRTH digital records in DigiLocker, your name in your Aadhaar card should match your name in the RC & DL database of the National Register. This ensures that only the rightful owner of the documents is able to fetch the digital DL & RC.
DigiLocker has integrated with the National Register, which is a central database maintained by the Ministry of Road Transport and Highways. If your DL or RC record does not exist in the National Register, DigiLocker will be unable to get it for you.
The QR code scanning facility in the DigiLocker mobile app only works with certain documents issued directly from registered issuers through DigiLocker. At present only the DigiLocker Digital RC & DL have this QR code feature working. It will not work for any other document.
This error can only be possible if your Aadhaar number is already registered with a DigiLocker account and now you have created a second DigiLocker account (using another mobile) and are trying to link the Aadhaar in this second account. We suggest you retrieve your credentials using Forgot Username/Password (using Aadhaar method) for the first account and continue using it.
DigiLocker has partnered with CBSE for issuing digital mark sheets to 2016 Class XII students. Students who have registered their mobile number with CBSE would receive their DigiLocker account credentials through SMS, while those who don’t have their mobiles registered with CBSE would need to create a DigiLocker account with their mobile number, sync with their Aadhaar number and then pull their mark sheet from the CBSE databases. For step by step instructions on how to do this, please visit watch this demo: http://www.slideshare.net/digilocker_ind/how-cbse-students-can-get-their-digital-marksheets-from-digilocker
For logging into DigiLocker with the credentials sent by CBSE via SMS, please note that the password is in lower-case characters.
Your mother's first name in (lower case) should exactly match with the name written on your admit card. E.g. If your mother's name on your admit card is A Sharma and roll number is 1234567, your password will be a4567. If your mother’s name on your admit card is Sushmita Mahajan and your roll number is 1234567, your password will be sushmita4567.
Signing up for DigiLocker is easy - all you need is your mobile number.
Your mobile number will be authenticated by sending an OTP (one-time password) followed by selecting a username & password. This will create your DigiLocker account.
After your DigiLocker account is successfully created, you can voluntarily provide your Aadhaar number (issued by UIDAI) to avail additional services.
OTP is a random one-time password generated by the UIDAI system and sent to your registered mobile number and email-id.
The OTP is valid for 30 mins only. If you enter the OTP after 30 mins, it will be rendered invalid and you will have to enter a fresh one.
For linking your DigiLocker account with Aadhaar, your mobile must be linked with your Aadhaar number. Please make sure this is actually the case.
To verify this, visit https://eaadhaar.uidai.gov.in/ and download your eAadhaar. You will be able to check the linked mobile number (last four digits) during this process.
While using DigiLocker, the OTP is sent instantaneously. Sometimes there may be temporary problems either on our servers (while generating/sending OTP) or in delivery of the SMS by your mobile service provider. We suggest you wait for a few more minutes and try again.
The information displayed in your Aadhaar profile in your DigiLocker account (like name, address, email, mobil e etc) is for display purposes. This data is only fetched from UIDAI and it is not possible to make any changes to this data from DigiLocker. To make changes to your Aadhaar data, please visit your nearest Aadhaar enrolment center.
To find more about enrolment centers, visit https://uidai.gov.in/update-your-aadhaar-data.html
Issued documents are e-documents issued by various government agencies in electronic format directly from the original data source and the URI (link) of these documents is available in the issued documents section of DigiLocker. Whereas uploaded documents are those e-documents uploaded directly by the DigiLocker user.
There are two ways issued documents show up in DigiLocker -
Push (via Aadhaar) - This method works when the issuer database is seeded with the Aadhaar number of citizens. Once a registered issuer issues an e-document for a particular Aadhaar number (and the respective DigiLocker account already exists for that Aadhaar number), the URI for that document will be pushed automatically into DigiLocker.
Pull (via search parameters) - This method is used when the issuer database does not contain the seeded Aadhaar number. For certain issuers which have a partnership with DigiLocker, citizens can log into DigiLocker and pull their record from the issuer database using some common search parameters. Once the record is fetched, a permanent link (URI) to it can be saved in the issued document section.
In both cases, the URI (link) is available in the issued documents section and this link directly fetches the document in real-time from the original data source.
Thank you for getting in touch!
We appreciate you contacting us. One of our colleagues will get back in touch with you soon!