Google shares benefits of using Mobile Driving License

Driving licenses are important. They are not only the testaments of an individual's ability to drive but they also serve as identification proofs for people. But they aren't secure in their current form. For starters, they can easily get lost and verifying them also poses a significant challenge to the verifying authority.

Enter: Mobile Driving License.

For those of you who don't know, Mobile Driving License are the digital versions of an individual's driving license. They use a special APK and app to enable users and the authorities to verify an individual's credentials. What makes them better than the plain old driving license that are made of plastic cards is the fact that they can't get lost and they come with strong encryption technology that protects them against digital thefts. Additionally, they can be easily verified by technologies using existing technologies such as NFC and QR Codes.

Now, Google, in a detailed blog post, has shared the privacy benefits of using a Mobile Driving License (mDL).

Google says that Android 11 consists of Identity Credential APIs at the Framework level along with a Hardware Abstraction Layer interface which can be implemented by Android OEMs to enable identity credential support in Secure Hardware. Using the Identity Credential API, the Trusted Computing Base of mDL applications does not include the application or even Android itself.

Google says that ISO 18013-5 “Mobile driving license (mDL) application” standard allows for construction of Mobile Driving License (mDL) applications which users can carry in their phone and can use instead of the plastic card.

“Instead of handing over your plastic card, you open the mDL application on your phone and press a button to share your mDL. The Verifier (aka “Relying Party”) has their own device with an mDL reader application and they either scan a QR code shown in your mDL app or do an NFC tap. The QR code (or NFC tap) conveys an ephemeral cryptographic public key and hardware address the mDL reader can connect to,” Google explained in a blog post.

“Once the mDL reader obtains the cryptographic key it creates its own ephemeral keypair and establishes an encrypted and authenticated, secure wireless channel (BLE, Wifi Aware or NFC)). The mDL reader uses this secure channel to request data, such as the portrait image or what kinds of vehicles you're allowed to drive, and can also be used to ask more abstract questions such as “is the holder older than 18?”,” it added.

mDL has several benefits over the conventional driving license. For starters, users don't need to hand over the phone to the verifier. Additionally, all data is cryptographically signed by the Issuing Authority and the amount of data presented by the mDL is minimised increasing the safety and minimising abuse.

Google says that the initial version of ISO 18013-5 won't improve on this but the ISO committee working on the standard is already investigating ways to utilise on-device biometrics sensors to perform this match in a secure and privacy-protecting way.