On 30 September 2021 the American Association of Motor Vehicles released the following news bulletin, announcing a critical benchmark in the deployment of mDLs around the world.
The eagerly anticipated ISO/IEC 18013-5 International standard: Personal Identification – Mobile Driver’s License (mDL) is now available at https://www.iso.org/standard/69084.html. Publication clears the way for global ID and driver’s license issuers to confidently deploy mDL solutions, and for verifiers around the world to implement or adopt mDL readers.
This global mDL standard is the result of more than 6 years of open collaboration of issuers, technology providers, regional authorities (such as AAMVA, EReg, AustRoads, and the African Tripartite), and businesses that accept identity documents to approve transactions.
ISO/IEC 18013-5 for mobile driver’s licenses, which can also be used for mobile IDs, overcomes the insecurity of showing a card on a mobile device screen and offers a host of benefits for cardholders and the verifiers who accept ID cards and driver’s licenses including:
- A comprehensive global standard for sharing identity document information, matured during several test events held on nearly every continent during the last two years.
- Multiple ways to interact. A secure device-to-device protocol for sharing identity information that supports multiple transmission technologies, so that mDL holders can tap or allow a scan to share their information and verifiers can accept mDLs quickly according to their customer flows.
- Increased privacy for mDL users:
- Share only relevant data. Support for data minimization (e.g., to share only the fact that one is older than 21 rather than one’s full date of birth) built into the standard.
- Consent to share. Controls that allow the mDL holder to release only some of the data elements requested by a relying party and only after explicit consent.
- Phone stays in your control. The phone never leaves your hand, unlike ID cards.
- Know when your data is stored. Explicit notification to an mDL holder if a verifier intends to retain their information. Verifiers can avoid the liability of retaining data.
- Resistant to tracking. The design includes mechanisms to prevent tracking.
- Difficult to forge. Stored and shared documents are cryptographically protected against counterfeit, adding resistance to the creation of fake IDs. Verifiers can easily check authenticity.
- Works for any mobile ID document. The mechanisms in the standard can be used for any type of mobile identification document or for documents such as vehicle registration certificates.
- Works when devices do not have connection. When either the mDL device or the verifier device does NOT have a network connection, data can be shared between devices (offline).
- Provides privacy best practices for issuing authorities and verifiers in the accompanying privacy annex with requirements for maximizing mDL holder privacy.
Credit: Courtesy of American Association of Motor Vehicle Administrators.
Following today’s release of the ISO Standard, the AAMVA mDL Working Group is updating the AAMVA mDL Implementation Guidelines to compliment the Standard and provide members additional guidance on privacy, mDL app management, and provisioning. They plan to complete this work by the end of October