Difference between revisions of "Mobile Driver's License with Reader"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
 
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
* Data elements are signed by the issuing authority (IA).  
 
* Data elements are signed by the issuing authority (IA).  
 
* The mDL produces a signature or message authentication code over session data. The private key used to authenticate the session data is stored only in the mDL. The corresponding public key in turn is signed by the IA.  
 
* The mDL produces a signature or message authentication code over session data. The private key used to authenticate the session data is stored only in the mDL. The corresponding public key in turn is signed by the IA.  
* Communications between mDL and mDL reader are encrypted and authenticated. The method is not defined.
+
* Communications between mDL and mDL reader are encrypted and authenticated. The method is selected by the various parties.
  
  
Line 33: Line 33:
 
* Activation of the mDL is not defined in the standard and there are two access methods: NFC and QR. Other access methods available to the wallet MUST not be used for activation.
 
* Activation of the mDL is not defined in the standard and there are two access methods: NFC and QR. Other access methods available to the wallet MUST not be used for activation.
 
** Oddly the issuing authority is responsible to avoid unauthorized access by an mDL reader when mDL activation is triggered by NFC or QR.
 
** Oddly the issuing authority is responsible to avoid unauthorized access by an mDL reader when mDL activation is triggered by NFC or QR.
** Nothing is said about the holder's role in activation.
+
** Nothing is said about the holder's role in activation even though they should be the only ones to [[Consent]] to access the data.
 
** The reader must support both NFC and QR according to the standard.
 
** The reader must support both NFC and QR according to the standard.
 
* Protected storage of holder data in the wallet is not defined in the standard. Again, the issuing authority is given responsibility for storage in the wallet.
 
* Protected storage of holder data in the wallet is not defined in the standard. Again, the issuing authority is given responsibility for storage in the wallet.
Line 49: Line 49:
 
[[Category: Profile]]
 
[[Category: Profile]]
 
[[Category: Identifier]]
 
[[Category: Identifier]]
 +
[[Category: Mobile]]

Latest revision as of 13:56, 1 August 2022

Full Title

How to use any Reader with a Mobile Driver's License (mDL) compliant with ISO 18013-5,

Context

  • If the mDL reader receives the token and URL from the mDL, either during device engagement or device data retrieval,
  • For this analysis it may retrieve mDL data locally. If the reader chooses to use the internet, because it does hot have the data, that will be handled elsewhere.
  • This context discusses only reader retrieval from the doc. (It may be that Device retrieval has been attempted before server retrieval.)
  • Data elements are signed by the issuing authority (IA).
  • The mDL produces a signature or message authentication code over session data. The private key used to authenticate the session data is stored only in the mDL. The corresponding public key in turn is signed by the IA.
  • Communications between mDL and mDL reader are encrypted and authenticated. The method is selected by the various parties.


Taxonomy

Term mDL Purpose or Behavior OIDF term or concept
Holder The person that has the license to drive the subject
Wallet the device software that holds the mDL (aka mdoc) software statement
Reader the device used by the verifier to get data from the mDL client (RP)
user agent A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) Place to store Cookies
Attacker a bogus wallet that is attempting to illicitly gain access or steal data from the reader Used in FAPI
Issuing Authority typically the DMV or other state agency. used in Federation

Problems

  • If the Reader might use the internet for some transactions, but not all, then the type of access can lead information from the reader to an attacker.
  • Activation of the mDL is not defined in the standard and there are two access methods: NFC and QR. Other access methods available to the wallet MUST not be used for activation.
    • Oddly the issuing authority is responsible to avoid unauthorized access by an mDL reader when mDL activation is triggered by NFC or QR.
    • Nothing is said about the holder's role in activation even though they should be the only ones to Consent to access the data.
    • The reader must support both NFC and QR according to the standard.
  • Protected storage of holder data in the wallet is not defined in the standard. Again, the issuing authority is given responsibility for storage in the wallet.

Solutions

  • The transaction has been designed such that it is not necessary for the mDL holder to physically hand over the mobile device to the mDL verifier.
  • A wallet that wants to be activated only from local devises should never use and radios than NFC as the others can be very distant from the holder.
  • Even after reading data from the wallet, the reader can still decide to go to the Internet to retrieve data on the holder.


References