L0 and L1 Biometric Device

L0 and L1 Biometric Device

Understanding L0 and L1 Biometric Devices: Ensuring Security Compliance

Biometric devices are used for various authentication processes, particularly in systems like Aadhaar Authentication, AEPS Financial transactions, and eKYC processes. However, ensuring the security of biometric data is important to prevent unauthorized access and potential breaches. To address this concern, UIDAI has established security compliance standards, notably L0 and L1 compliance levels, to regulate the implementation of biometric device security.

Level 0 Compliance:

Level 0 compliance signifies that the signing and encryption of biometric data occur within the software zone at the host OS level. This necessitates careful management of private keys to prevent unauthorized access. It is imperative for all device providers to obtain at least Level 0 compliance, ensuring that mechanisms to easily obtain private keys or inject biometrics are absent.

Level 1 Compliance:

On the other hand, Level 1 compliance indicates a higher level of security where the signing and encryption of biometric data are implemented within the Trusted Execution Environment (TEE). In this scenario, host OS processes or users do not possess any mechanism to access private keys or inject biometrics. Private key management is exclusively within the TEE, enhancing security measures. All processes related to creating a biometric PID block must occur within the TEE, including biometric processing/extraction, signing, and encryption.

Key Differences Between L0 and L1 Biometric Devices:

To better understand the distinction between L0 and L1 biometric devices, it’s essential to examine key parameters:

  • Security Level: L0 devices encrypt biometric data on the host machine, while L1 devices encrypt data within the biometric device itself, offering higher security.
  • Device Feature: L0 devices adhere to UIDAI’s L0 security specifications, while L1 devices capture and encrypt data according to L1 security specifications.
  • RD Service: Both L0 and L1 devices capture biometric data, but L1 devices encrypt it as per UIDAI’s L1 security specifications.
  • Device Models: Certified devices include MSO1300E, MSO1300E2, MSO1300E3, MFS100, MSO1300E3 RD, and MFS110.
  • Device Whitelisting, Registration, and Renewal: Both L0 and L1 devices require whitelisting, registration, and RD service renewal.


Ensuring compliance with L0 and L1 security standards is paramount in the deployment of biometric devices, especially in sensitive applications like Aadhaar Authentication. While L0 compliance offers a basic level of security, L1 compliance enhances security measures by encrypting biometric data within the device itself. Understanding these compliance levels is essential for organizations and developers involved in implementing biometric authentication solutions, as it ensures data integrity and protects against potential security threats.

Written by

Nandeshwar Katenga

Nandeshwar Katenga is a dynamic figure in the digital world, combining a foundation in Computer Programming with a passion for Digital Marketing, Web/App development, Personal finance, and blogging. His diverse skill set creates a unique blend of expertise that sets him apart in the tech world.

Leave a Comment

We would like to keep you updated with special notifications. Optionally you can also enter your phone number to receive SMS updates.