ClickCease

‍‍JULY NIST ANNOUNCEMENT: A watershed moment for mobile driver’s licenses or another false start?

Tim Brown
July 26, 2023

Last week, the National Cybersecurity Center of Excellence (NCCoE) and NIST (National Institute of Standards and Technology) held a briefing on the upcoming mobile driver's license project. Read on to get up to speed on the current state of mobile driver’s licenses (i.e., what’s taking so long), and then learn the latest news about an exciting and potentially major breakthrough announced by NIST that has the potential to change everything. 

Mobile Driver’s License: Historical Context 

A mobile driver's license (mDL) offers numerous potential benefits that enhance convenience, security, and efficiency in the realm of identification and driving privileges. Firstly, mDLs provide a digital and easily accessible format on smartphones, reducing the need to carry physical cards, streamlining interactions with law enforcement, and simplifying age verification processes at various establishments. Secondly, mDLs can incorporate biometric authentication, enhancing security measures and reducing the likelihood of identity fraud. Additionally, the dynamic nature of mobile licenses allows for real-time updates, ensuring accuracy and immediate reflection of any changes, such as addresses or endorsements. Overall, mobile driver's licenses have the potential to offer a modern, secure, and user-friendly solution to traditional identification, driving privileges, and authentication processes.

Despite their obvious value, mDLs have experienced slow adoption for several key reasons. Primarily, there hasn't been enough coverage in the US (e.g., not enough states issuing them, not enough consumers downloading them) to excite national or global relying parties to fund integration to the multiple providers of mDL. Further, no comprehensive standard exists to enable or integrate multiple providers, so again, you have large companies not wanting to spend money to integrate many different providers. Finally, the REAL ID Act didn't contemplate driver's licenses on mobile phones (hello! 2005 called and it wants the flip phone back). 

Having said all of that, this announcement from NIST, along with the work that's happening at the international standards (ISO) level, illustrates that there are collective pushes to standardize both the API interfaces and online use cases for mobile driver's licenses. I don't believe it will happen quickly (e.g., I’m hearing that ISO expects to have part 7 of the ISO driver's license spec released in 2024 - ISO/IEC 18013-7), but at some point, mDL will be a big part of the online identity verification landscape. Relatedly, we’ve seen the Department of Homeland Security working on a subset of REAL ID rules to enable the acceleration of mobile Driver’s License adoption. 

Here's a quick recap of the session as shared with the FIDO (Fast Identity Online) Alliance working groups:

NIST walked attendees through the project goals. The project will:

  • Develop an open-source reference implementation of ISO/IEC 18013-7 mDL specification for unattended use cases.
  • Build prototypes in the lab using products and services from participants.
  • Develop security and privacy guidance for implementations 

Additionally, the project will set up sandbox environments and participants can build demos of different transaction types, including:

  • Attended use cases
  • Identity Proofing
  • Attribute presentation
  • Authentication
  • Single sign-on

The NCCoE and NIST are looking for mDL application providers, issuing authorities, verifiers to bring use cases and business processes, identity service providers to provide mDL readers, and third-party trust lists.

Conclusion: 

It’s difficult to overstate the potential benefits of mDLs for the general public. Equally difficult to overstate how onerous and complex adoption has proven to be. The recent actions taken by the NCCoE and NIST have me feeling optimistic. It’s too early to say for sure but it appears that we are fast approaching a world where efforts such as ISO/IEC 18013-7, and NCCoE/NIST efforts will provide a framework to accelerate the integration of mDL use cases, and modifications to REAL ID regulations will lead to market saturation of digitized driver’s licenses in the US. With active participation from industry leaders and guidance from NIST, I believe that the United States can craft an mDL-based solution that enables remote identity proofing, improves public safety, protects privacy, and saves everyone a whole lot of trips to the DMV.

Keep reading

See all blogs
Prove’s Brad Rosenfeld Explains the New Customer Onboarding Process on Fast Company

No longer confined to top-of-funnel engagement and brand awareness, CMOs are now leading efforts to shape the entire customer experience journey.

Kaushal Ls
June 6, 2024
PYMNTS TV: Prove CEO Rodger Desai Explains Need for Phone-Based Approach to Authentication

Prove’s CEO Rodger Desai was featured recently on PYMNTS TV, where he met with PYMNTS CEO Karen Webster to discuss trends and shifts in the identity verification market.

Kaushal Ls
June 4, 2024
Prove’s Tim Brown Explains How to Reduce Fraud and Improve Onboarding with Identity Verification

Reporters from GreenSheet, a popular publication that highlights trends in the banking, financial services, and fintech markets, recently met with Prove’s Global Identity Officer, Tim Brown to learn how advanced identity verification solutions are driving faster and better digital customer onboarding.

Kaushal Ls
May 21, 2024