Comment on page
Verifying: Offline and Online
Mobile driver's licenses, and digital credentials more generally, operate in a three-party model that includes issuers, holders, and verifiers.
In the case of mobile driver's licenses, the relevant DMV is the Issuer, the licensed driver is the Holder, and the Verifier is any entity that needs to check the validity of the driver's licenses. This could be a financial institution verifying a person's identity, a law enforcement officer from a different state confirming the driver's eligibility to operate a vehicle, or a bartender confirming the patron is old enough to be served a beverage with alcohol.
Verifiers can span different industries, across both the public and private sectors, as driver's licenses serve many more identity use cases for people in the United States than just one's ability to drive.
Retrieval of mDL data for verification, meaning presenting information to a Verifier to prove the validity of certain attributes about your identity, can happen in either an offline or an online environment.
Offline data retrieval, which allows a Verifier to confirm data from an mDL without internet connectivity, can be facilitated by two methods currently, either through tap through Near Field Communication (NFC) or through scanning a QR code. Near Field Communication is already commonly used in payment technologies, such as Apple Pay, to "Tap to Pay." Similarly, holders of a mobile driver's license could "Tap to Prove Identity" using their mDL stored on their smartphone. QR codes are also familiar to most people now, as widely popularized in restaurants for menu displays since the onset of the COVID-19 pandemic.
Through either of these methods, the holder will initiate a connection with the Verifier and the authenticity and originality of the mDL are verified using the cryptographic techniques we discussed in Digital Signatures.
Offline transmission is critical in situations where internet access is not available or has low availability.
The online model for data retrieval requires that the Verifier confirm the validity of the mDL with the Issuer at the time of the presentation. This type of approach introduces concerns about increasing the DMV's ability to track the movements of individuals by being notified each time a person uses their mobile driver's license.
In addition to data retrieval models, the interactions themselves can be both offline or online, meaning attended or unattended. In an attended interaction, the mDL is presented in person for verification. The standard for this interaction is outlined in ISO/IEC 18013-5. In an unattended interaction, the mDL is presented by the holder to an online organization or company. This type of interaction is not covered by ISO/IEC 18013-5, but work is underway to develop a standard for unattended interactions, as well.
Various states in the United States have mobile driver’s license programs underway, with many more considering new implementations. With this in mind, it’s important for us to also frame the privacy, security, and ethical considerations related to creating more pervasive digital identity solutions. We’ll outline these in the next section, The Considerations.