Interoperability of a Mobile Driver License (mDL) application
Written by Yaejin Lee in collaboration with Navaneeth Gaddam.
In October 2018, the first mobile driver license (mDL) test event was held in Okayama, Japan. The event was a great success and attracted excited participants, including representatives from various vendors, and observers from governments.
UL not only called for and successfully coordinated the event, but also participated in it with a prototype. This prototype was developed by UL for the Department of Road Transport from The Netherlands (RDW) in collaboration with American Association of Motor Vehicle Administrators (AAMVA).
What exactly is the mDL?
The ISO/IEC 18013-5 mDL standard defines an mDL as a driver license which resides on a mobile device or requires a mobile device as part of the process to gain access to the driving license. It is being developed by the members of the mDL International Organization for Standardization (ISO/IEC JTC1/SC17/WG10).
What happened at the event?
Participants were invited to showcase their implementations of mDLs and/or mDL readers; these were expected to be according to the draft of the ISO standard. The aim of the event was to test interoperability between the various implementations and also to serve as a test for the ISO standard itself. It was organized by members of the ISO/IEC JTC1/SC17/WG10. There were eight vendors with mDL/mDL reader implementations. Observers from governments (AAMVA, RDW and Association of European Vehicle and Driver Registration Authorities) were also present.
Why is interoperability important?
Showing a mobile driver license on your own device does not prove that the mDL is genuine. An mDL can only be trusted when a verifier gets the holder’s mDL data on their device. A verifier may get this data either by retrieving it from the issuing authority or through a direct transfer from the mDL. Thereafter, the mDL reader can perform several security checks which provide a high level of confidence in the data.
Considering various use cases, it is evident that an mDL and an mDL reader will likely not only run on different operating systems but also be designed and developed by different vendors. In addition, cross-state and/or cross-border transactions are certainly expected to gain prominence; especially for certain use cases e.g. car rentals, hotel check-ins, etc.
This indicates that it is important for an mDL reader to be able to read and verify mDL data regardless of the concerned issuing authority. Issuing authorities should make sure that an mDL and an mDL reader have smooth transactions whether domestic or international, and whether the mDL and mDL reader are produced by the same vendor or not. Therefore it is imperative that interoperability is one of the key factors in achieving a functioning mDL ecosystem.
How can interoperability be ensured?
Interoperability can be achieved by following ISO/IEC 18013-5. The ISO standard standardizes interface specifications for the implementation of a mobile driver license
- Transfer methods: there are different transmission methods and message structures available for each interface. The mDL data can be transferred by using either offline or online data transfer methods. If an mDL and an mDL reader are implemented according to the standard, the mDL reader can always get the mDL data using one of the offline transfer methods even when it is not connected to the internet.
- Security mechanisms: the standard mandates the implementation of a set of security mechanisms. These mechanisms protect the mDL data on the holder’s device from being modified, and ensure a binding of the said data to the device. That also enables the communication channel to be secured, with the result that only the mDL and mDL reader communicate with each other, and no attackers can interrupt the transaction.
How can UL help you with an interoperable mDL solution?
UL supports mDL issuers throughout the design, implementation and deployment lifecycle, safeguarding interoperability, security and privacy. Throughout the design, requirement and roll out, UL has mDL experts that can support you. UL can provide a workshop that helps you make strategic decisions for getting ready for your mDL implementation. UL also offers a suite of verification services for mDL. As an independent testing party, we can ensure compliance of the mDL solution with the standards and specifications. Moreover, UL provides security assurance through systematic identification and categorization of threats and risks, and verifies that these are mitigated with appropriate security controls and risk management strategies.
In August, later this year, UL is coordinating the second mDL test event in Omaha, NE, USA. For more information on mDL or the test event, please contact one of our experts.