Almost 30 States Test Mobile Driver’s Licenses

Ensuring Citizens' Data Is Safe Among Other Benefits

Conversations about mDLs date back roughly a decade, according to Michael McCaskill, director of identity management at the American Association of Motor Vehicle Administrators (AAMVA), who says adoption picked up steam in recent years, in part due to advancements in mobile security and other technologies.

Unlike a physical license, which can be used fairly easily if it’s stolen or lost, biometric safeguards such as face recognition serve as an extra layer of protection for device content.

An mDL can offer touchless transactions, allow instant updates to ensure data is current and enable the license holder to control what information is shared.

“I hand them my physical credential, and they have all the data about me on that — my name, address, everything,” McCaskill says “The mDL holder has the ability to select the data they want to share. That could be just be the person’s photo and that they’re over a certain age.”

To issue an mDL, the identifying information that appears on a physical driver’s license is provisioned to a person’s phone or other device. Each element is cryptographically signed and also picks up some of the device’s cryptographic information in the process, according to McCaskill.

Creating an Efficient, Fully Encrypted Electronic Verification

A retail outlet or other relying party would then use a reader to authenticate the mDL via a cryptographic public-private key system, confirming a legitimate authority issued the identifying information specifically to that device.

Using the ISO/IEC 18013–5 international standard — secure, interoperable interface specifications established by STA, AAMVA and other organizations, published in fall 2021 — states can design custom software to read and verify mDL data that, because of its uniformity, should make mDLs usable across states.

Per the ISO standards, wireless protocols such as near-field communication or Bluetooth allow data transmissions to occur offline.

“There is a certain misconception that you’re essentially just taking a picture of your physical card and then sticking it on your phone. That’s not what this is,” Bohrer says. “This is a fully encrypted, digital credential that is validated through NFC.”

CHECK OUT: How some states are using a single digital identity for accessing state services.

How to Navigate This Hybrid ID Environment

In 2021, Apple announced it was working with several states to enable the iPhone and Apple Watch Wallet to hold mDLs that could be checked at certain Transportation Security Administration airport checkpoints.

Since March, for example, at Phoenix Sky Harbor International Airport, Arizona residents with TSA PreCheck and a state-issued ID in Apple Wallet have been able to tap their device on a TSA credential reader to verify their identity through encrypted, digitally transmitted data.

Physical driver’s licenses aren’t on the verge of extinction, however; for IDs to become fully digital, every driver would need to have a smartphone or other device that can handle mDL data, and each relying agency would also need to be outfitted with appropriate devices and software.

Still, Bohrer foresees an increasingly hybrid ID environment, similar to the current state of digital payments, in which people sometimes make transactions on their phone but also carry a physical payment card.

“Two years ago, there were maybe six states entertaining some type of mobile driver’s license,” Bohrer says. “We’ve reached the tipping point, where over 50 percent are in some way involved with mDLs. States recognize this is more efficient than a physical card as a way to distribute identification moving forward; they want to create convenience for their constituents and also improve the issuing process on their side.”