Comment on page
- Device binding helps combat others from downloading, storing, and presenting your digital credentials as their own.
- The data packet you receive from the issuing authority with your digital credentials is digitally signed by the issuing authority and uses the secure element within your mobile device to tie the credential to your device specifically.
Another concern presented with a mobile driver’s license may be that someone else other than the actual license holder could just download it, store it in their own mobile wallet, and present it as their own, impersonating the real licensed driver. It’s very simple in the modern age to copy and paste images, so we need to build security solutions to prevent that from happening. One way to combat this is through device binding.
The data packet you receive from the DMV or other issuing authority, which is digitally signed by the issuing authority to demonstrate authenticity, actually requires a special key from your device to use. Our smartphones actually can generate and store different cryptographic keys that are completely unique to our own devices. In many implementations of device binding, we use the secure element within the phone to do this, which is essentially a separate, secure computing zone that can be used for sensitive operations like digital signing with many additional protections around the private key.
Once keys are generated and stored within the secure element, it is extremely difficult to get them out by design. No one can extract the keys by using the normal interfaces–they’d have to actually conduct a physical attack or find some major vulnerability. This is an extremely low probability event–to the magnitude of required expensive lab-grade electron microscopes to hope to glean some aspects of the key provided that many layers of security mechanisms, including tamper-detection, do not prevent this attack. This means the barrier to attack is extremely high for the silicon secure element.
For the purposes of a mobile driver’s license implementation, a key is generated in the secure element of your smartphone called the device key. Before the DMV issues a mobile driver’s license to you and has certified your identity, they would request the device key to which the mobile driver’s license will be bound. The wallet (part of the operating system or as a third-party application) will then share the public key with the DMV, and the DMV will lock the credential to the unique device key requiring its presence for proper usage. The document will then be stored on the device in an encrypted form. The device key that the credential is locked to is unique and behind many layers of protection, so if your mobile driver’s license was compromised and copied to a new device, attackers would not be able to operate it.
This cryptography and key management happens under the hood of the wallet applications on a technical level that is not exposed to the actual driver’s license holders themselves. The holders are just informed that the driver’s license is only operable from the device to which the DMV issued the mobile driver’s license.
If a person were to lose or replace their device which had that unique key and data packet for their mobile driver’s license on it, they would simply need to have a new one provisioned by the DMV, after certifying their identity again.
Next, we will discuss the actual provisioning process for when and how the DMV issues a mobile driver's license to a person.