To provide the same kind of security traditional state-issued driver’s licenses do, mobile versions require an ecosystem that includes users, their phones, the authenticated digital ID, reader devices, cyber infrastructure, privacy standards and secure data transfer.
Several states have experimented with mobile driver’s licenses (mDLs), but there are many considerations to address before the technology can be used at airport security checkpoints and more widely adopted, according to the Department of Homeland Security.
To ensure that the process is secure and interoperable, DHS described how its Science and Technology Directorate (S&T), the National Institute of Standards and Technology and the Transportation Security Administration are working to develop an mDL framework that has security, privacy and authentication features that will work for DHS use cases.
Three groups are involved in the issuance and use of mDLs: state licensing agencies, the end users and the government agency or business that requires photo IDs to verify identities.
That means mDLs require an ecosystem that includes users, their phones, the authenticated digital ID, reader devices, cyber infrastructure, privacy standards and secure data transfer. In the absence of physical security measures, these components will support the provisioning, issuance, acceptance, updating and authentication of mDLs, officials said.
The federal agencies are working with state governments and non-governmental organizations to conduct industry studies on the integrity and trustworthiness of digital identities, with the goal of making mDLs more widely accepted.
As part of the interoperability testing, NIST will develop standards for authentication, cross-functional readers and the other technology that will support implementation of mDLs. Once a solution has been determined, S&T will examine how state-issued mDLs will work on different mobile device platforms and whether these digital IDs will be interoperable on the various reader systems that could be adopted by DHS.
TSA, for its part, is developing a system to authenticate mDLs using a public key infrastructure framework – a set of roles, policies, hardware, software and procedures that govern the creation, management, distribution, usage, storage and revocation of digital certificates and management of public-key encryption – at its security checkpoints, according to DHS.
This model will ensure that TSA receives public keys from issuing authorities before confirming the legitimacy of an mDL, TSA Identity Management Capability Manager Jason Lim said. The implementation of a centralized PKI is one of the biggest challenges governments face in the widespread acceptance of mDLs, he added.
“S&T is looking at criteria, processes, and tests that will help DHS and its components assess if a specific mDL implementation is trustworthy and interoperable,” said Arun Vemury, director of S&T’s Biometric and Identity Technology Center. “This determination will help DHS components decide whether they want to adopt an mDL solution as part of their existing operations or even new operations.”
Digital identification at TSA checkpoints is relatively new. In September 2021, several states announced that they would allow residents with iPhones to add an mDL to their Apple Wallet app that they eventually could use at TSA checkpoints. On March 23, Phoenix Sky Harbor International Airport became the first site to roll out use of mDLs in a Wallet app for ID verification at TSA checkpoints. About a dozen other states and territories are expected to follow suit.
“The focus of this joint project is to build an ecosystem to implement mDLs,” Vemury said. “Once this project is completed, we believe we will create a digital identity ecosystem that replicates and potentially improves upon today’s physical ID system.”