OVSE stands for Offline Verification Seeking Entity — the role an organisation plays when it verifies a person's Aadhaar identity offline, using UIDAI's offline verification framework rather than a live authentication call. If you need to confirm who someone is at a factory gate, a remote site or a busy reception — and you can't always rely on connectivity or an OTP — offline verification is the route designed for exactly that situation.
This guide explains what offline Aadhaar verification is, the two artefacts it relies on, how a verification actually runs, why it is privacy-preserving, and how it compares with online verification — so you can decide where it fits in your entry process.
What “offline” actually means
Online Aadhaar verification (through a licensed AUA/KUA) sends a request to UIDAI in real time and gets a fresh response back, usually confirmed by an OTP to the resident's registered mobile. Offline verification flips that around: instead of contacting UIDAI at the moment of the check, you verify a document that UIDAI has already digitally signed and that the resident chooses to share with you. No live call to UIDAI, no OTP — the trust comes from UIDAI's digital signature on the artefact itself.
That distinction matters operationally. An OTP needs the resident to have their registered phone, signal, and a few free minutes; a live API call needs the verifying device to reach UIDAI. At a plant gate during a shift change, or a field location with patchy data, those assumptions break. Offline verification removes both dependencies.
The two offline artefacts
UIDAI's offline framework provides two consent-based, digitally signed artefacts a resident can present:
- Secure QR code — the QR printed on the Aadhaar letter and the PVC Aadhaar card. It contains UIDAI-signed demographic details (name, masked Aadhaar, address, gender, date of birth) and the resident's photo.
- Aadhaar Paperless Offline e-KYC — a digitally signed XML the resident downloads from the UIDAI portal, protected by a share code (a passcode the resident sets) so only someone they share it with can open it.
Both are issued and signed by UIDAI. Neither requires the verifier to know or store the full 12-digit Aadhaar number — it stays masked. The resident is in control: they decide to scan the QR or hand over the XML and its share code.
How a verification runs, step by step
- Capture: the visitor presents the secure QR (scanned at the kiosk or reception device) or uploads their Paperless Offline e-KYC XML with its share code.
- Signature check: the system verifies UIDAI's digital signature on the artefact to confirm the data is authentic and has not been tampered with.
- Read attributes: the verified name and photo (and other demographics) are read from the signed record.
- Match: the name is checked against your expected record with name-match scoring, and the photo can be matched to a live selfie (Live Face).
- Decide and log: the visitor is admitted, flagged, or sent for manual review, and a consent-based record of the verification is kept.
Why it is privacy-preserving
Offline verification is built around data minimisation and consent, which lines up well with the expectations of India's DPDP Act:
- No Aadhaar number stored — the number stays masked throughout.
- Consent-led — the resident actively chooses to share the QR or XML; nothing is pulled without them.
- Purpose-limited — the verified attributes are used to admit and account for the visit, not retained beyond that need.
- Tamper-evident — the UIDAI signature means a forged or edited document fails the check.
Online (AUA/KUA) vs offline (OVSE): when to use which
Neither route is universally “better” — they suit different conditions. Use online AUA/KUA verification when you have reliable connectivity and the resident has their registered mobile to hand; it gives the most authoritative, real-time answer from UIDAI. Use offline OVSE verification for gates, plants, remote sites and high-throughput entrances where connectivity or OTP delivery is unreliable, or where you simply prefer not to make a live lookup. Many organisations use both — offline as the default at the gate, online where the situation calls for a live check. For a fuller side-by-side, see Aadhaar verification: online vs offline.
Pairing OVSE with Live Face and name-match
Verifying that a document is genuine is only half the job — you also want to know the person presenting it is its rightful holder. Because the signed artefact includes the resident's photo, you can match it to a live selfie captured at check-in (Live Face), and score the name against your expected visitor or contractor record. Together, signature verification plus face and name matching turn a quick scan into a strong, auditable identity check.
Where OVSE fits — typical use cases
- Manufacturing plants and warehouses verifying contractors and labour at the gate.
- Construction and field sites with limited connectivity.
- High-volume receptions where OTP waits would create queues.
- Any site that wants government-backed identity assurance without an online dependency.
OVSE in Certopact Entry
Certopact Entry offers offline verification built on UIDAI's OVSE framework alongside online AUA/KUA verification. You can choose the right mode per location, run name-match scoring, add Live Face, and screen against a blacklist — all from the same identity engine that also powers identity checks inside Certopact Access for India deployments. Configuration is per-site, so a single organisation can run offline at the plant and online at the corporate office from one console.
This is an explainer, not legal advice. UIDAI rules and the DPDP Act set the boundaries for how Aadhaar data may be used; confirm your specific obligations before deploying offline verification.