ItsScreenTime hero

May 2018

The development and standardization of mobile driver’s license technology promises a new era of security, privacy, safety and convenience

The smartphone of today is a remarkable and powerful device. As a primary gateway for online activity, the modern multi-tool’s utility derives in part from its mobility—nearly everyone has one in his or her pocket or purse. The ongoing efforts behind the development of a digital mobile driver’s license (mDL or DDL) are motivated by the global population’s reliance on these devices.

“In my 20+ years with AAMVA, I’ve never been more excited about something we’re doing as a community,” says Geoff Slagle, AAMVA director of identity management, about the development and standardization of mDL technology.

The Importance of Interoperability

AAMVA’s Joint mDL Working Group is finalizing a procurement guidance document and continues to work toward the first official technical guidance for the mDL. The initial guidance is for offline/attended use cases on smartphones as well as other devices such as tablets, laptops, and wearables. The working group also continues to monitor and promote opportunities

to study and pilot test the operational concepts for mDL.

Development of an mDL standard is being led by the International Organization for Standardization’s (ISO) JTC1/SC17/WG10. In April, 2018, the group met in Sunnyvale, Calif., to review and resolve comments on the first edition draft of the standard. Within the working group, Arjan Geluk, principal advisor with UL’s transaction security division, leads the task force specifically focused on mobile driver’s licenses. Geluk also serves as technical advisor to AAMVA’s Joint mDL Working Group.

“Over the past year, we’ve been working on using existing technology to get iOS and Android devices to communicate with each other, even when there is no internet connectivity,” Geluk says. “It is possible, we have made it work in a technical proof of concept in collaboration between AAMVA and RDW, the DMV of the Netherlands. And that’s an important gain.”

Interoperability between different devices and different systems is essential for mDL apps, as is functionality in an offline environment. Convenience and efficiency are among the many benefits mDLs offer, but those benefits can’t be fully attained unless mDLs are readable everywhere, regardless of device, or the app developer, or the jurisdiction the mDL is used in, or the country, for that matter.

“We need to think of a DDL [digital driver’s license] as more than just an app on a phone. It’s the application plus the ecosystem around it,” explains Suraj Sudhakaran, Gemalto solutions architect, Digital Identity for Americas. “Everything needs to be thought out—the needs of the DMV, the verifying party and the end user—and developed with the standards established by the ISO and AAMVA, because these are the organizations ensuring interoperability.”

Participants for the Joint mDL Working Group as well as WG10 include issuing authority representatives and technology industry providers who are important stakeholders. Though these companies are direct competitors in the mDL market, they have all come to the table as collaborators in recognition of the importance of a common interoperable standard upon which to build mDL apps.

“That’s AAMVA’s sweet spot,” Slagle says, “our ability to bring our members together around the interdependencies we have with each other, and figure out how to make something work.”

The number of companies currently working on mDL technology and the number of jurisdictions worldwide who recognize the potential of mDL motivates WG10 to work as quickly as possible to complete the first edition of the standard. Its publication is expected in late 2019.

Between now and then, industry providers will partner with more jurisdictions to pilot test mDL apps, gather feedback and refine, using the working draft of the standard.

MDL all
MDL age
Data minimization is a privacy feature of mDLs that many pilot users really like. An mDL app allows the user to select the type of transaction and minimizes the personal data displayed.

Security and Privacy

In addition to interoperability and offline capability, data security and privacy are of paramount importance in the development of mDLs.

“How do you protect the mDL holder’s data and what technologies are you using for that?” Geluk explains. “Are we going to rely on the security characteristics of Bluetooth or Wi-Fi? Or are we separating that out and doing more on the application layer?”

Security and privacy by design is the answer, says Geluk. “The way we standardize must enable protection of the license holder’s data.”

“Digital Driver’s Licenses provide multifactor authentication with something you have—your phone, something you know—your access pin, and something you are—your fingerprint or face ID,” Sudhakaran says.

The frequency, scope and scale of cyberattacks in recent years has brought online security to the forefront of many people’s concerns about their digital identities. Add to that unfolding revelations about harvesting of certain social media users’ data without their knowledge, and the threat level approaches existential proportions.

Identity theft and fraud are on the rise as well. According to the Insurance Information Institute’s 2017 Fraud Study, released by Javelin Strategy & Research, in the past six years, identity thieves have stolen over $107 billion from U.S. consumers.

Ensuring Trust

“The mDL allows for a significant leap forward in privacy,” Slagle says. Consider all the scenarios where people hand their license over to somebody. In so doing, they’re handing over their photo, their date of birth, their address. “The big question we’ve been asking for a long time is why? Why should they have to hand everything over when, if they’re just buying an age-restricted product, the only thing you need to know is that I’m really me and that I’m old enough for this transaction.”

“Mobile DLs put the users in control of their data—they decide what data they are going to share and with whom,” says Jeff Quarrington, Canadian Bank Note Director of Identification Solutions. “Data minimization allows the user to share only what needs to be shared to conduct the business transaction.”

The retail industry is excited about mDLs because the features that help fight fraud bring a great value to them, to have more confidence that the ID is authentic, says Rob Mikell, director of government mobile solutions for Idemia. “It’s pretty hard for anybody to know the driver’s licenses from all fifty states along with the security features that make them authentic. But when you can use an electronic or digital security feature on a smartphone, you can be sure that what you’re looking at is authentic.”

“It’s one thing to issue an mDL and provide benefits to the DMV and the end user, but it also needs to provide value and utility to the relying parties for them to adopt it,” Quarrington says.

Gemalto CO Lottery Claim Center DDL
At a lottery claims center, a Colorado pilot participant scans her digital driver’s license to purchase a lottery ticket.

Trust is the foundation for confidence. The mDL’s fundamental value is that it’s issued by the DMV, which has vetted the holder’s identity. “The mDL relies on the data that was electronically signed in a trusted environment, namely the system of record of an issuing authority,” Geluk explains. A digital signature binds the mDL holder’s information and privileges cryptographically on the mobile device. Using the issuing authority’s digital certificate, it can be verified any time, even in offline scenarios. And that mDL data is bound to the holder biometrically using the face image.

Compared to the traditional, physical credential of a plastic card that can be misplaced or lost, the personal information contained in an mDL resides behind layers of security on a digital device. If a physical driver’s license is lost, anyone who finds it instantly knows the holder’s full name, date of birth and address. If a phone containing an mDL is lost, anyone who finds it will first need to know or guess the passcode to unlock the device. Beyond this first layer of security, that person would then need to know or guess the separate passcode to open the mDL app itself. And in that time, the holder will have had the opportunity to contact the DMV or issuing authority to request deactivation of the mDL on that device to prevent accessibility.

The Mobility Ecosystem of the Future

The potential benefits mDLs offer are myriad and meaningful. But there is much work to do before those benefits can be fully realized and made available to the broader public.

“Until we take the time to test this functionality and learn from it, we’re not going to get to where we could already be by now,” says Delaware DMV Director Scott Vien, whose jurisdiction in March began a six-month mDL pilot test in partnership with Idemia.

“I’m glad we’re not the only ones testing this technology because it’s going to take a collective study to come up with something that will work not just in our jurisdiction but across all jurisdictions the same way the physical card is accepted everywhere today,” he says.

“Jurisdictions around the world are looking at the mDL as a catalyst for a virtual driver’s license that can be used online,” Quarrington says. Digital wallet apps already exist for credit cards. The mDL is a natural extension of this concept and could contain not only an mDL, but other licenses and permits as well, such as hunting and fishing licenses or firearms permits.

In the near future, mDLs will not be a replacement for physical cards, they will be offered as an additional convenience option when driver’s licenses are issued. But in the distant future, mDLs and the apps that manage them could become the secure electronic identification with which an individual interacts with a ubiquitous, trusted mobility ecosystem.

Imagine a future where an autonomous taxi can be reserved online for a lift to the airport and the door is unlocked by scanning an mDL to verify the rider’s identity? The implementation for such transactions and countless more are being envisioned, standardized, secured and tested today by technology companies in partnership with jurisdictions around the world.

Through the pioneering efforts of AAMVA members—issuing authorities, law enforcement officials and industry partners—working in close collaboration to develop interoperability standards and technological requirements, mobile driver’s licenses will soon be a practical and valuable part of everyone’s digital lives.


TEST PILOTS

How jurisdictions are implementing mDL technology