Mobile Driver s License Solution

Transcription

1 Mobile Driver s License Solution Secure, convenient and more efficient

2 Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity to improve credential security, convenience, efficiency and even expand smart services to save people s time and money. Reasons for police officers making a road-side stop include speeding and other traffic violations. Usually, the officer also checks for suspicious behavior and has to protect himself and/or his partner in such situations. Typically, road-side checks do not really allow for in-depth physical document or time-consuming background checks via radio. The mobile driver s license can help to improve verification of the driver s credentials very fast and with 100% degree of certainty. This will give officers more time to concentrate on procedure and self-protection. Ideally, the equipment to verify mobile driver s licenses also enables conventional driver s licenses to be verified, in order to minimize additional reading equipment for the officers. The verification procedure also needs to work in offline or remote scenarios in order for the officers to concentrate on their mission. Mobile driver s licenses would not only serve the above cases, they would also save time and costs for all parties by integrating smart online services such as the renewal of driver s licenses, address changes, etc. and allowing for automated online checks against several databases. Secure mobile driver s licenses tremendously improve identity protection and therefore reduce identity theft, in turn benefitting the private sector dramatically. All-in all, the issuance of mobile driver s licenses provides benefits for authorities and driver s license holders alike. Technology The mobile driver s license solution by Veridos consists of three main components: Mobile driver s license application (mdl) Mobile driver s license verification application (mdl-verify) Document Signer (DS) and Public Key Distribution System (PKD) Mobile driver s license application The mobile driver s license application (mdl) incorporates a digital identity based on the International Standard for Driver s Licenses, namely ISO This standard allows multiple data containers. Elliptic curve cryptography and hashing methods are used to secure the digital driver s license information. At a minimum, the following data containers can be found: Biographical data Applicant name, address Applicant date of birth as proof of age, isolated from other data for privacy Privileges Driving privileges and restrictions Biometric data Applicant facial image Optional: Applicant fingerprint minutiae Certificate to prove rightful issue of the digital driver s license by the issuing authority Signature over all containers, signed by the issuing authority to detect tampering The mdl can be installed as a mobile application for use on a smartphone or tablet compatible with all mobile operating systems (e.g. Android / Apple ios / Windows 10 Mobile). The following techniques are used to prevent fraud and protect privacy when the digital driver s license resides within the mobile device: The mobile driver s license data is encrypted with the applicant s PIN or fingerprint. If a defect is exploited (like rooting or jailbreaking a device) in the operating system which protects the mobile driver s license, the data is not usable as it resides encrypted in the mobile device memory. All data is digitally signed (by the issuing authority). If the data is altered in any way, the digital signature is invalidated, which is detected by the verification process.

3 Personalization of the mdl Mobile DL App from store Previously sent password and instructions via Mail / Read 2D barcode from online issuance screen, letter with card or post-issuance letter Mobile DL ready for use Personalization of the mdl A mobile driver s license can be issued using any one of several models, depending on whether the license was delivered to the applicant during an in-person visit to a driver s license office, by mail, or through an online process restricted to certain groups. Mobile driver s license verification application (mdl-verify) Veridos mobile driver s license verification application (mdl-verify) is the key component for verifying the mdl data presented by the driver s license holder. The mdl data can be transmitted to the mdl-verify application via barcode, Bluetooth LE, Wi-Fi or Google Nearby technology. mdl-verify can be installed as a mobile application for use on a smartphone or tablet. The application recalculates the data received and decrypts the signature using the issuing authority s public key. It also verifies the rightful issue of the received driver s license holder data. Mobile driver s license verification application (mdl-verify) Individual / Person Inspecting Device with Camera (e.g. Smartphone) Inspection Device Display Verifier Presents digitally sealed ID, portrait image and credentials using 2D barcode displayed on smartphone or physical document Camera captures 2D barcode encodes barcode, checks data integrity, security & authenticity of transmitted electronic document Display of biographic data, credentials and biometric data (e.g. image) Checks image with individual to be verified Physical DL Mobile DL on Smartphone Inspection Device Inspection Device Inspecting Officer

4 Document Signer (DS) & Public Key Distribution System (PKD) PKD Drivers License Bridge Certificate Authority (CA) Juristication 1 CA Juristication N CA Document Signer (DS) Document Signer (DS) Signed DL data Signed DL data verify verify mdl mdl-verify mdl mdl-verify Document Signer (DS) & Public Key Distribution System (PKD) The document signer (DS) is the component responsible for signing the driver s license holders data digitally with the issuing authority s private key. The result is the digital driver s license data. The inspection device uses the public key to verify the signed data. Implementation of ISO encourages cross-jurisdiction application and ease-of-use in applications installed on desktop and mobile computers and hand-held readers. It is a proven approach for high security and privacy and is used all over the world. The European Union applies ISO for its 300 million driver s licenses in circulation. A driver s license bridge certification authority holds all public key certificates of the various jurisdictions and organizes their distribution. Such a setup is extremely lean and efficient. Since the mobile inspection devices are frequently updated or even have internet access, an out-of-state or out-of-province driver s license can easily be verified in a matter of seconds. A similar setup is also used with electronic passports.

5 Advantages Fast processing time Lightweight reading/verification equipment (e.g. to be carried by law enforcement or private sector) Reading equipment processes document security for genuineness within milliseconds Physical contact between mobile driver s license holder and reading equipment carrier is limited to minimize liability issues and to improve operational procedures The mobile driver s license is independent of user device, which results in ease of use if phone is broken or a new one bought No involvement of Trusted Service Manager (TSM) or Mobile Network Operator (MNO) needed Checks against certificate revocation lists, blacklists, driver databases and merit point systems Allows additional online smart services (renewal, address change, etc.) Seamless integration into existing driver s license issue and verification processes Features at a glance Smart combination of mobile devices and communication channel security Interoperable across population s smartphone base / BYOD (Bring your own device) On-/Offline verification capable Not dependent on special features of the smartphone (e.g. Secure Element (SE), Trusted Execution Environments (TEE)) Compliant with international driver s license standard ISO Drop-in expansion/replacement into existing driver s license processes Data minimization concept to protect privacy Mobile driver s license holder has control over information released Attribute-driven use case (e.g. age verification in private sector) Use by both state and federal authorities possible thanks to PKD (cross-jurisdiction use) New revenue stream and business models for authorities and private sector possible (e.g. additional fee for mobile driver s license option) Use of strong cryptography based on recommendation of major IT security bodies like BSI, NIST, ANSSI, CSE NLNCSA Smart services for driver s license holders (e.g. online renewal service) People across the world are increasingly turning to mobile technology as their main source of news, information and connecting with others. The Veridos mobile driver s license solution has picked up this trend and developed it into a secure, convenient and more efficient method of driver s license verification and smart services.

6 Veridos GmbH Veridos GmbH, 2016 All technical data subject to change.