Comment on page
Provisioning: In-Person and Remote
Similar to physical driver's licenses, the mobile driver's license credential has a lifecycle:
The lifecycle management required for a mobile driver's license (and other digital credential types, too).
Today, these actions follow completely different, paper-intensive processes, especially across different ecosystems.
It's important to note that mobile driver's licenses will likely not eliminate the need for and use of physical driver's licenses. However, they should still reduce overall administrative burdens by making verifying identity digitally significantly less cumbersome.
The specific workflow approach for issuing a mobile driver's license is up to the DMV as the Issuer. The AAMVA guidelines for mDL implementation state,
Issuing Authorities have the responsibility to:
- 1.Ensure the effective, accurate and secure provisioning of an mDL holder's mDL onto the mDL holder's device.
- 2.Before exchanging sensitive information with an mDL, confirm that mDL app and the hardware on which it is being presented, support the functional requirements of the Issuing Authority.
Depending on the workflows selected by the DMV, mobile driver's licenses can be issued both in-person and remotely. The ability to issue driver's licenses remotely, without compromising on security by employing advanced security technology, improves the accessibility of the DMV for people who are unable to travel to the physical DMV office location.
Facial matching, different from facial recognition, is used to confirm a one-to-one match between a previously-known image of a person in a database and their presented facial features. In contrast, facial recognition is often understood to imply one-to-many matching commonly used in surveillance, and is largely unnecessary for credential provisioning workflows. This can be used for adding security where there is an additional check while remotely provisioning a mobile driver’s license, for example using the front-facing camera of a person’s smartphone to determine if they are the same person as pictured in the DMV system database with a confidence score.
Another type of check commonly layered with the above is a liveness check or a genuine presence assessment, which can also identify attempts to circumvent the check, such as holding a photo up to the camera or a latex mask. This works by expecting a different outcome if an element in the environment is changed. For example, if colors are flashed onto the screen, the camera would record the response on your face to see if colors change in the expected way, based on the geometry of your face where shadows and different shades should appear.
There also may be checks to verify the texture of human skin, compared to a latex mask. Another type of liveness check test is using a circular bubble on the screen and requesting the user to move their head in specific directions to test the proportions of their head in the camera focal view.
Remote verifications such as facial matching, liveness checks, and more are rapidly evolving with the advancement of microprocessors, AI algorithms, and new data sources. They are undergoing standardization processes within the US federal government to benchmark efficacy and inclusion, to ensure that they are convenient for everyone and not just particular demographics. Best practices around data collection and retention are also emerging, such as automatic discarding of new data streams used for matching, so the DMV is only left with the original image from their database.
Once a driver’s license has been securely provisioned, various parties need to be able to verify its authenticity when a mobile driver’s license holder presents it. We will explore presentations and verifications of mobile driver’s licenses next.