A mobile driver’s license (mDL) that is secure, accurate, interoperable, and that protects privacy is coming, and such a mobile ID could well change the identity landscape in the near future.[1] A draft international standard is available — ISO/IEC 18013-5, “Personal Identification – ISO-Compliant Driving Licence – Part 5: Mobile Driving Licence Application” — and a number of states are piloting or implementing mDLs that comply with this standard.[2] AAMVA Guidance for mDLs[3] starts with this standard as a baseline capability.
An mDL can provide secure, convenient identity verification capable of eliminating billions of dollars in fraud. The person who holds the mDL controls what information is shared and with whom. The mDL is a new way of cryptographically verifying identity.
In addition, mDLs support more efficient and secure transactions. For in-person transactions, electronic authentication can give the mDL Verifier confidence in the presented ID without requiring specialized knowledge of the hundreds of card design and security features applicable to the driver’s licenses (and their variants[4]) that are issued by 56 states and territories. The mDL can also eventually be used to increase security for online purchases and interactions.
This white paper focuses solely on the mDLs being implemented in the United States that comply with the draft ISO/IEC standard 18013-5. The white paper provides an overview of how ISO/IEC 18013-5compliant mDLs will work, what to expect, and what challenges are in building an mDL ecosystem, addressing questions such as: What are the features, challenges, and uses of an mDL? Why should someone decide to get a mDL? How will the mDL meet expectations of trustworthiness?
Utilizing the Cloud for Mission-Critical Operations is not New
States are the primary issuing authorities for IDs in the United States. Through a process called identity proofing, a state’s Department of Motor Vehicles (DMV) or an equivalent agency establishes identity for most residents by receiving, reviewing, verifying, and authenticating key documents related to citizenship, residency, and the accuracy of biographic data. A DMV issues a physical document, such as a driver’s license (DL) or non-driver identification card (ID), directly to the individual. This document allows other entities to verify the individual’s identity and biographical information (such as age or birthdate). DMVs take their role as identity proofers very seriously, resulting in near-universal acceptance of the DMV-issued ID as a valid ID.
The mDL is a secure digital representation of DL data that is provisioned onto a smart mobile device, such as a smart phone or tablet, for use by the proper, intended mDL Holder. It can also contain information relevant to additional state privileges or national context.
