Testing to ISO/IEC 18013-5: The new standard for electronic credentials
Electronic credentials, such as a mobile driver’s license (mDL), have become widely accepted in recent years as a more secure form of identification. Electronic forms of ID are harder to forge, more difficult to lose, easier to use and provide the holder of a credential with more control over their own personal data.
Globally interoperable protocols for the identification of the credential holder and authentication of their data have been lacking. However, a task force that includes UL’s Lead Principal Advisor for Identity Management and Security, Arjan Geluk, has developed a standard for mobile documents (mdocs). Over the last five years, the task force under ISO/IEC JTC1/SC17 (security devices for personal identification) developed ISO/IEC 18013-5 providing a generic data model and protocols for mobile credentials, enabling:
- Secure wireless communication
- User control over what data is released
- Electronic authentication of that data
The standard was originally developed for the mobile driver’s licenses (mDLs) document type but it can be applied to many other credentials that involve complex security and privacy issues. An example of a credential that can be digitized is the vaccination certificates that have been proposed to help society open up during the COVID-19 pandemic. Currently, multiple proprietary technologies and approaches are being proposed to enable vaccination certificates, but most lack globally interoperable protocols for the presentation and authentication of the credentials in a secure privacy-preserving manner.
Why is this standard important?
According to Geluk, “Technology enabling the operational use of mdocs should facilitate both verification of the identity of the holder of the credential and authentication of the credential data. The technology should also be interoperable — it should work everywhere — and be always available regardless of internet connectivity. Most importantly, since sensitive personal data is involved, the technology should be privacy-preserving.”
While the protocols in the standard were originally developed for mDLs, they have been explicitly designed to be usable for other types of documents. Geluk said, “The standard is close to publication and has gone through several rounds of the rigorous international commenting and balloting process that ISO/IEC demands. Moreover, we have received feedback from multiple rounds of international interoperability testing on several continents.”
To learn more about how your document could be transitioned to a digital credential leveraging the ISO/IEC 18013-5 specifications, contact us now.