Google lays out the privacy benefits of electronic ‘Mobile Driving Licenses’ on Android

Android 11 features an Identity Credential API that can be used for Mobile Driving Licenses. In a blog today, Google detailed the privacy-preserving aspects of this technology and how day-to-day interactions will work on a technical level. 

To allow for virtual driver’s licenses (taking the US as an example), state governments (i.e. DMVs that issue licenses), relying parties (federal and state governments, including law enforcement), academia, and Google, as well as others in the industry, came together on the ISO 18013-5 “Mobile driving license (mDL) application” standard.

This ISO standard allows for construction of Mobile Driving License (mDL) applications which users can carry in their phone and can use instead of the plastic card.

The Android Security and Privacy team today laid out a scenario for how this could work in the real world. It starts with you having an mDL app on your phones and pressing a button to share. The receiving party (police officer, government agency, etc.) has its own app to either scan a QR code or perform an NFC tap. 

Advertisements

The QR code (or NFC tap) conveys an ephemeral cryptographic public key and hardware address the mDL reader can connect to.

Once the mDL reader obtains the cryptographic key it creates its own ephemeral keypair and establishes an encrypted and authenticated, secure wireless channel (BLE, Wifi Aware or NFC)).

This connection allows the other party to request additional data, with the ability for the license holder to approve with a fingerprint/face scan first. Google touts several privacy benefits over a plastic card: 

  • Your phone need not be handed to the verifier
  • All data is cryptographically signed by the Issuing Authority (for example the DMV who issued the mDL).
  • The amount of data presented by the mDL is minimized: For example, any bartender who checks your mDL for the sole purpose of verifying you’re old enough to buy a drink needs only a single piece of information, which is whether the holder is e.g. older than 21, yes or no.

Google today also discussed the scenario of Android phones with Mobile Driving Licenses running out of power. A Direct Access mode will allow the license to remain “available through an NFC tap even when the phone’s battery is too low to boot it up.” However, it warns that hardware support could “take several years to roll out.”

Besides licenses, Google says ISO 18013-5 mDLs also open the door to school IDs, bonus program club cards, passports, and other electronic documents. The company is also working “with civil liberties groups to ensure it has a positive impact on our end users.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.