mDL: The Digital Future of Identity Verification
Why should we be able to have our credit cards stored on our phones and not our Drivers License? Well fortunately, we can and about 30% of the states in the US have already thought about it! This digital Drivers License that fulfills the same functions as a standard issued DL is what we are calling mDL (mobile Drivers License). The mDL is stored and accessed on a mobile device in a mobile application.
We can see the many benefits of creating more digital-friendly products. The most obvious benefit being the reduction of the number of things we must carry around, as many of our everyday activities can be accessed or controlled from our mobile device. Apart from the consumer benefit of implementing mDL, this technology can improve agency operations and efficiency. Think about how streamlined the local DMV offices would be if the agents and users had more remote access to their information. As mDL is a new technology being introduced into the market, it is important to create a smooth transition. Interoperability should be considered when implementing mDL; the new mDL interfaces must work seamlessly with the existing infrastructure. Making consumers aware of the option to use mDL, but also still issuing plastic IDs is an important concept to consider. The mDL is a mobile application that can be downloaded onto the user’s mobile device. After the initial application process, the user then has access to their mDL and it can be used wherever accepted. All the while, the issuing authority has access to verify and revoke privileges without the user needing to come into the DMV office.
One of the more traditional uses of the mDL is confirming one's identity. To access the mDL the verifying party will need an mDL reader to communicate with the mDL application and read the correct data. This is similar to how a payment wallet app communicates to a payment terminal using near-field communication (NFC). A few examples of mDL usage include: going through airport security and showing an updated form of identification, purchasing an age-restricted item in a physical store or via an online store, or a driver showing their DL to law enforcement at a traffic stop. These examples are everyday use cases that can benefit from the implementation of mDL.
Trusted Data Management
An ID contains your home address, your full name, and other private information. By storing this private information on a mobile device, this raises a concern of data management. Users want to know who is going to have access to their data and where will it be stored. Also, as an issuer or verifier, you want to ensure that the mDL being presented to you isn’t a counterfeit. So how does one prevent this from happening?
There are several risk mitigation methods to consider when ensuring the security of the data for the user, issuing authority and verifier. Some of these methods include:
- Digitally signing the data and linking it to the issuing authority and regularly updating these signatures
- Setting up encryption keys between the mDL and the reader to prevent against unauthorized access
- Supporting offline verification to prevent undesired tracking by issuing authority
- Selective data sharing, i.e. a retailer needing to verify the age of the individual purchasing an age-restricted item and the user selecting to only share their photo and birthdate
There is a lot to consider when thinking of implementing mDL and you don’t have to do it alone. Our Identity Management and Security experts are dedicated to contributing to the implementation.
To learn how UL can help reach out to our Identity Management and Security experts here.