Mobile Driver’s License Solution
Secure, convenient and more efficient
Reasons for police officers making a roadside stop include speeding and other traffic violations. Usually, the officer also checks for suspicious behavior and has to protect himself and/or his partner in such situations. Typically, roadside checks do not really allow for indepth physical document or timeconsuming back ground checks via radio.
The mobile driver’s license can help to improve verification of the driver’s credentials very fast and with 100% degree of certainty. This will give officers more time to concentrate on procedure and selfprotection. Ideally, the equipment to verify mobile driver’s licenses also enables conventional driver’s licenses to be verified, in order to minimize addi tional reading equipment for the officers. The verification procedure also needs to work in offline or remote scenarios in order for the officers to concentrate on their mis sion. Mobile driver’s licenses would not only serve the above cases, they would also save time and costs for all parties by integrating smart online services such as the renewal of driver’s licenses, address changes, etc. and allowing for automated online checks against several data bases.
Secure mobile driver’s licenses tre mendously improve identity protec tion and therefore reduce identity theft, in turn benefitting the private sector dramatically. Allin all, the
issuance of mobile driver’s licenses provides benefits for authorities and driver’s license holders alike.
Technology
The mobile driver’s license solution by veridos consists of three main components:
• Mobile driver’s license application (mDL)
• Mobile driver’s license verification application (mDLverify)
• Document Signer (DS) and Public Key Distribution System (PKD)
Mobile driver’s license application
The mobile driver’s license applica tion (mDL) incorporates a digital identity based on the International Standard for Driver’s Licenses, namely ISO 18013. This standard allows multiple data containers. Elliptic curve cryptography and hash ing methods are used to secure the digital driver’s license information. At a minimum, the following data containers can be found:
• Biographical data
– Applicant name, address – Applicant date of birth as proof
of age, isolated from other data for privacy
• Privileges
– Driving privileges and restrictions
• Biometric data
– Applicant‘ facial image
– Optional: Applicant fingerprint minutiae
• Certificate to prove rightful issue of the digital driver’s license by the issuing authority
• Signature over all containers, signed by the issuing authority to detect tampering
The mDL can be installed as a mobile application for use on a smartphone or tablet compatible with all mobile operating systems (e.g. Android / Apple iOS / Windows 10 Mobile). The following techniques are used to prevent fraud and protect privacy when the digital driver‘s license resides within the mobile device: • The mobile driver’s license data is
encrypted with the applicant’s PIN or fingerprint. If a defect is exploit ed (like rooting or jailbreaking a device) in the operating system which protects the mobile driver’s license, the data is not usable as it resides encrypted in the mobile device memory.
• All data is digitally signed (by the issuing authority). If the data is altered in any way, the digital signature is invalidated, which is detected by the verification process.
Improved identity protection through
secure mobile driver’s licenses
The introduction of a mobile driver’s license is a huge opportunity to improve
credential security, convenience, efficiency and even expand smart services to save
people’s time and money.
Mobile driver’s license verifica tion application (mDLverify)
veridos’ mobile driver’s license veri fication application (mDLverify) is the key component for verifying the mDL data presented by the driver’s license holder. The mDL data can be transmitted to the mDLverify appli cation via barcode, Bluetooth LE, WiFi or google Nearby technology.
mDLverify can be installed as a mobile application for use on a smartphone or tablet. The applica tion recalculates the data received and decrypts the signature using the issuing authority’s public key. It also verifies the rightful issue of the received driver’s license holder data.
PERSONALIzATION OF THE MDL
MOBILE DRIvER’S LICENSE vERIFICATION APPLICATION (MDLvERIFY)
Mobile DL App from store Physical DL Mobile DL on Smartphone Inspection Device Inspection Device Inspecting Officer Previously sent password and instructions via Mail / eMail Individual / Person
Presents digitally sealed ID, portrait image and credentials
using 2D barcode displayed on smartphone
or physical document
Inspecting Device with Camera (e.g. Smartphone)
Camera captures 2D barcode encodes barcode, checks data integrity, security & authenticity of transmitted electronic document Inspection Device Display Display of biographic data, credentials and biometric data (e.g. image) verifier Checks image with individual to be verified Read 2D barcode from online issuance screen,
letter with card or postissuance letter
Mobile DL ready for use
Personalization of the mDL
A mobile driver’s license can be issued using any one of several models, depending on whether the license was delivered to the appli cant during an inperson visit to a driver’s license office, by mail, or through an online process restricted to certain groups.
Document Signer (DS) & Public Key Distribution System (PKD)
The document signer (DS) is the component responsible for signing the driver’s license holders’ data digitally with the issuing authority’s private key. The result is the digital driver’s license data. The inspection device uses the public key to verify the signed data.
Implementation of ISO 18013 en courages crossjurisdiction applica tion and easeofuse in applications installed on desktop and mobile computers and handheld readers. It is a proven approach for high security and privacy and is used all over the world. The European Union applies ISO 18013 for its 300 million driver’s licenses in circulation.
A driver’s license bridge certification authority holds all public key cer tificates of the various jurisdictions and organizes their distribution. Such a setup is extremely lean and efficient.
Since the mobile inspection devices are frequently updated or even have internet access, an outofstate or outofprovince driver’s license can easily be verified in a matter of seconds. A similar setup is also used with electronic passports.
DOCUMENT SIgNER (DS) & PUBLIC KEY DISTRIBUTION SYSTEM (PKD)
verify Signed DL data Signed DL data Document Signer (DS) Document Signer (DS) Juristication 1 CA Juristication N CA PKD
Drivers License Bridge Certificate Authority (CA)
verify
• Fast processing time
• Lightweight reading/verification equipment (e.g. to be carried by law enforcement or private sector) • Reading equipment processes
document security for genuineness within milliseconds
• Physical contact between mobile driver’s license holder and reading equipment carrier is limited to minimize liability issues and to improve operational procedures • The mobile driver’s license is inde
pendent of user device, which results in ease of use if phone is broken or a new one bought • No involvement of Trusted Service
Manager (TSM) or Mobile Network Operator (MNO) needed
• Checks against certificate revoca tion lists, blacklists, driver data bases and merit point systems • Allows additional online smart
services (renewal, address change, etc.)
• Seamless integration into existing driver’s license issue and verifica tion processes
• Smart combination of mobile devices and communication channel security
• Interoperable across population’s smartphone base / BYOD (Bring your own device)
• On/Offline verification capable • Not dependent on special features
of the smartphone (e.g. Secure Element (SE), Trusted Execution Environments (TEE))
• Compliant with international driver’s license standard ISO 18013 • Dropin expansion/replacement into
existing driver’s license processes • Data minimization concept to
protect privacy
• Mobile driver’s license holder has control over information released • Attributedriven use case (e.g. age
verification in private sector) • Use by both state and federal
authorities possible thanks to PKD (crossjurisdiction use)
• New revenue stream and business models for authorities and private sector possible (e.g. additional fee for mobile driver’s license option) • Use of strong cryptography based
on recommendation of major IT security bodies like BSI, NIST, ANSSI, CSE NLNCSA
• Smart services for driver’s license holders (e.g. online renewal service)
ADvANTAgES
FEATURES AT A gLANCE
People across the world are increas ingly turning to mobile technology as their main source of news, infor mation and connecting with others. The veridos mobile driver’s license solution has picked up this trend and developed it into a secure, con venient and more efficient method of driver’s license verification and smart services.
veridos gmbH
info@veridos.com www.veridos.com © veridos gmbH, 2016