New ISO/IEC Standard for Electronic Credentials
The new standard for electronic credentials
Electronic credentials, such as a mobile driver’s license (mDL), have become widely accepted in recent years as a more secure form of identification. Electronic forms of ID are harder to forge, more difficult to lose, easier to use and provide the holder of a credential with more control over their own personal data.
Globally interoperable protocols for the identification of the credential holder and authentication of their data have been lacking. However, a task force that includes UL’s Lead Principal Advisor for Identity Management and Security, Arjan Geluk, has develop a standard for mobile documents (mdocs). Over the last five years, the task force under ISO/IEC JTC1/SC17 (security devices for personal identification) developed ISO/IEC 18013-5 providing a generic data model and protocols for mobile credentials, enabling:
- Secure wireless communication
- User control over what data is released
- Electronic authentication of that data
The standard was originally developed for the mobile driver’s licenses (mDLs) document type but it can be applied to many other credentials that involve complex security and privacy issues. An example of a credential that can be digitized are the vaccination certificates that have been proposed to help society open up during the COVID-19 pandemic. Currently multiple proprietary technologies and approaches are being proposed to enable vaccination certificates, but most lack globally interoperable protocols for presentation and authentication of the credentials in a secure privacy preserving manner.
Why is this standard important?
According to Geluk, “Technology enabling the operational use of mdocs should facilitate both verification of the identity of the holder of the credential and authentication of the credential data. The technology should also be interoperable — it should work everywhere — and be always available regardless of internet connectivity. Most importantly, since sensitive personal data is involved, the technology should be privacy-preserving.”
While the protocols in the standard were originally developed for mDLs, they have been explicitly designed to be usable for other types of documents. Geluk said, “The standard is close to publication and has gone through several rounds of the rigorous international commenting and balloting process that ISO/IEC demands. Moreover, we have received feedback from multiple rounds of international interoperability testing on several continents.”
UL’s input on critical vaccination credential white paper
The flexibility of the ISO/IEC 18013-5 standard was demonstrated in a recent whitepaper on vaccination credentials. This paper has been developed in response to requests about how the internationally standardized protocols for mdocs can support vaccination credentials such as the World Health Organization’s (WHO) Smart Vaccination Certificate and the Digital Green Certificate proposed in Europe.
“From the beginning of the process, the work group focused on empowering trust in mobile credentials, including privacy-by-design and achieving international interoperability,” said Geluk. The white paper introduces the ISO/IEC 18013-5 mdoc concept and demonstrates how the standard is ready for other uses, such as vaccination certificates, without any adaptation.
“When technologies as powerful as those standardized for mDL can be adapted to meet an emerging and critical need that society faces unexpectedly, we are reminded how important it is to keep broader uses in mind at the beginning. That is what we tried to do with the mDL technology, and our white paper discusses this effort,” he said.
To learn more about the white paper that Arjan helped develop and how your document could be transitioned to a digital credential leveraging the ISO/IEC 18013-5 specifications, contact us now.