Difference between revisions of "Mobile Driver's License"
From MgmtWiki
(→State Wallets) |
(→References) |
||
| Line 37: | Line 37: | ||
==References== | ==References== | ||
* [https://wiki.idesg.org/wiki/index.php/Mobile_Driver%27s_License#References IDESG / Kantara wiki on mDL] | * [https://wiki.idesg.org/wiki/index.php/Mobile_Driver%27s_License#References IDESG / Kantara wiki on mDL] | ||
| + | * [[Mobile Driver's License Presentation]] maps ISO 18013-5 wallet presentation to [https://identity.foundation/presentation-exchange/spec/v1.0.0/ DIF Presentation Exchange]. | ||
* [https://www.securityinformed.com/news/get-group-north-america-mobile-administrator-co-9039-ga-co-1563270353-ga-npr.1565961407.html Get Group] works with Scytáles AB (see link above under apple). | * [https://www.securityinformed.com/news/get-group-north-america-mobile-administrator-co-9039-ga-co-1563270353-ga-npr.1565961407.html Get Group] works with Scytáles AB (see link above under apple). | ||
* [https://getgroupna.com/solutions/mobileid/ GET Group Mobile Driver's License] | * [https://getgroupna.com/solutions/mobileid/ GET Group Mobile Driver's License] | ||
Revision as of 17:03, 14 January 2021
Contents
Full Title
User in control of a Mobile Driver's License and other apps that require high assurance control of credentials.
Context
- iPhone and Android solutions also have NFC, QR, Bluetooth, Wifi Aware and Barcode readers technology thoroughly functional
- The wiki page Smartphone Wireless contains information about the various radio bands used by mDL.
Problems
State issued driver's licenses in North America have morphed into the default identity credential for residents whether by design or by circumstance. While it might seem to be helpful to try to break the problem down into the original purpose first, that is no longer an option. Even states that seek to create mobile versions of their own driver's licenses need to address the other purposes that existing legislation requires, such as control of alcohol and prescription medicines among many other existing purposes. So this section takes the practical view about what must be supported on day one of the availability of mobile state issued identification documents, aka driver's licenses.
Privacy
- States are sovereign, which means that they are not liable for any action where they have not accepted liability. Current practice indicates that mobile driver's licenses will only be available on smart phone apps that are supplied by the state and typically written under contract by in-state vendors. Any impact on these apps can only be enforced if the state's choose to do so. Still the states are wont to accept standards written to address these apps and so it would be good to see such standards approved for use.
- Organizations that accept user private information (aka PII) from the apps may be under state or federal regulations which require meaningful user consent for release. Standards should be written to define what "meaningful user consent" really means.
Authenticity
- Apps can be created that mimic Mobile Driver's Licenses that either fool the user, or are intended to allow the user to fool the acceptor of the data. Where legal obligation exist to check the authenticity of user provided data, it is likely that apps will need to prove their authenticity to the reader. Specifications for proving authenticity should be written. Kantara currently has an implementer's draft of such an assurance statement.
- States are likely to require that smartphone apps meet certain criteria and a wont to accept existing specifications rather than write their own.
- Readers of Mobile Driver's Licenses were imagined in the ISO 18013-5 standard to be certified. Specifications for the certifications of reader that meet privacy and identity requirements are needed.
- In an ideal world the Mobile Driver's License would not even respond to requests for data from readers that were not certified.
Solutions
Android
- Android JetPack support for Identity Credential Security with example code.
Apple iOS
Testing
- Interoperability of a Mobile Driver License (mDL) application UL conformance tests
Security
State Wallets
- Award-winning myColorado™ App Offers Residents a Contactless Digital ID Colorado is the first state in the nation to offer residents the option to electronically transmit digital identification, vehicle registration and proof of insurance to law enforcement. They require the state trooper to show you a QR code first. Interestingly the feature has been extended to allow the phone's camera to scan the QR code, which indicates that the URL just sends the data from the DMV to the trooper's computer. After that the user has the option to give the cop what she wants, or dig out the paper version of all 3 documents. The business use of the mDL is a simple display of the back of the physical DL on the screen of the phone so the merchants can scan the 2d barcode in the same way as with the physical DL. It appears that Colorado was involved in app development at some level. Users add their identification in the myColorado app by taking a selfie with the in-app camera as well as a photo of their physical driver’s license or state ID. Several authentication points, including the selfie, the physical card’s bar code and the resident’s phone number are then verified against Division of Motor Vehicles records. The state government is using an identity verification and management platform from Ping Identity Holding Corp., which is based in Denver. The development of Colorado’s digital-ID application started in early 2019 and has cost about $800,000. Much of the effort has involved interacting with state agencies and merchants on features and adoption. Theresa Szczurek has been Colorado’s chief information officer since January 2020. “We discovered that proof of identification without carrying the wallet was really the killer app,” said Ms. Szczurek, who was chief executive of Radish Systems LLC for nine years before becoming state CIO in January. Radish, based in Boulder, Colo., sells software that integrates visuals into phone calls.
- Identity Services for myColorado™ Mobile App Powered by Ping Identity report from PING dated 2019-11-12.
- NBC News reports that Calvin Fabre, president of Envoc, a software firm in Baton Rouge, Louisiana, that helped develop a mobile app to display digital driver's licenses in Louisiana, said most drivers under 40 won't go back home if they forget their plastic license — "but if they forget their phone, they always turn around." It looks like Envoc programs in .NET and Xamarin.
- [https://www.govtech.com/news/Digital-Drivers-License-Pilot-Comes-to-Wyoming.html Wyoming is piloting a digital driver's license} base on Gemalto technology. (2017-10-05) for only 100 people. The app isn’t connected to the Internet, so there’s virtually no risk of someone tracking a user’s whereabouts or personal information based on when they open the license, said Steve Purdy, Gemalto’s vice president of state government programs. In order to enter the app, people have to enter a five-digit password or use fingerprint identification. “All it does is show your photo and whether or not you’re 21,” Purdy said. Gemalto provides the existing card license to WY.
- Ontario program with potential to eliminate our need to carry around physical health cards, driver's licenses and other forms of provincially-issued ID. blogTO (2020-11)
References
- IDESG / Kantara wiki on mDL
- Mobile Driver's License Presentation maps ISO 18013-5 wallet presentation to DIF Presentation Exchange.
- Get Group works with Scytáles AB (see link above under apple).
- GET Group Mobile Driver's License
