July 26, 2022
Around the world, physical forms of identification are quickly giving way to digital ID credentials on mobile phones (also called electronic identification or eID). For example, in the U.S. and some Canadian provinces, legislation regarding the mobile driver’s license (mDL) and test pilots are well under way.
The mDL aims to make sharing select personal information between license holders and verifying parties (e.g., merchants or law enforcement officers) safer, more convenient and more secure than when using a plastic driver’s license. Physical licenses can more easily become damaged, replicated by counterfeiters or contain outdated information. Also, in many cases, they offer more of the owner’s personally identifiable information than the situation requires. The mDL owner has control over the data they share or keep private. For instance, instead of having to reveal the owner’s name, home address and full birthdate to gain entry to a nightclub or purchase alcohol, the owner can select to share only their photo and a confirmation that they are of legal age.
ISO/IEC 18013-5:2021, published in September 2021, sets the minimum technical and functional requirements for mDL interoperability, security and privacy. Many jurisdictions in the U.S., Canada and even worldwide are introducing mobile driver’s licenses based on this standard.
Like physical driver’s licenses, mDLs are issued by a government authority, such as a Department of Motor Vehicles (DMV) in the U.S. The DMV provisions information to an mDL app on the license holder’s mobile device. The verifying party needs an mDL reader to communicate with the mDL app and authenticate the data. Available mDL readers range from apps that work on smartphones to solutions that integrate with point-of-sale terminals or electronic cash register systems.
Data privacy and protection
In addition to the increased data privacy and convenience, mDLs provide to license owners, verifying parties also benefit.
mDL testing and certification
UL Solutions offers testing and certification services to determine if mDL applications and mDL readers comply with ISO/IEC 18013-5 requirements for interoperability, security and privacy. We also offer off-the-shelf tools you can use to test your mDL app or reader for ISO/IEC compliance prior to certification. In addition, we assess mDL cybersecurity, focusing on protection against cloning, forgery or theft by malicious applications, compromised smartphones and data leakage.