International Driver License Standards Focus on Mobile
by Dave Tushie, Magellan Consulting, Inc., ICMA Standards and Technical Representative
As we have seen throughout the COVID-19 pandemic, the integration of cards with digital devices continues to be investigated and implemented. While a lot of that focus has been on financial transaction cards and gift/prepaid cards, it has also been a long-term trend with driver license cards as well.
International driver license card standards have been in development and revision for many years. While many countries use these standards for the issuance of licensed driver privileges, in North America in particular, it is also used as a de-facto government identity credential. Other countries of the world have a separate national ID credential for citizen identity purposes, not a driver’s license per se. Further separating these two types of implementations is that the states and provinces of North America are the entities that issue these driver license cards, not the federal governments of the United States and Canada. This is where the American Association of Motor Vehicle Administrators (AAMVA) steps in to provide a valuable role in providing best practices and specifications for these credentials to the various issuing agencies (jurisdictions) of these states and provinces.
There are five existing parts to this standard with the sixth and seventh parts in development. A short summary of each part and its status is outlined below:
Part 1 (Physical Characteristics and Basic Data Set): Second edition was approved and published in July 2018. There has been no recent work on this part of the standard.
Part 2 (Machine readable technologies): A new edition was published in June 2020. These revisions were minor. New work has commenced to update compact encoding due to ambiguities in the data required. A new version of compact encoding will result.
Part 3 (Access control, authentication and integrity validation): Amendment 1 to add the PACE protocol was approved in January as a new International Standard (IS). New work items to add digital signatures for Parts 2 and 3 have been registered as Draft International Standards (DIS) and are expected to be balloted soon.
Part 4 (Test methods): Latest revision was published in November 2019. There also has been some movement to update this part to incorporate new tests proposed. Some work has been done on TR 19446 for Europeans who want to use a chip card implementation. A new work item proposal was approved that adds capability to include compact encoding tests for both chip and non-chip cards; compact encoding is described in Part 3 but no test methods have been defined for it.
Part 5 (Mobile DL): Mobile driver license (mDL) is seen as the first implementation of an electronic ID (eID). Like financial cards currently, this is seen as requiring a companion card being issued with an mDL application. AAMVA has issued a guidance document to jurisdictions interested in mDL. This was published as a new IS at the end of 2021.
Previously, an mDL interoperability test event was conducted in both the Netherlands and Texas that showed the technology works. Another test event is envisioned in the Asia Pacific region but is unscheduled due to the pandemic. A meeting is scheduled in Kentucky (end of May) that will have an inoperability testing/demonstration event as part of the meeting.
Other work progresses on providing guidance for Public Key Infrastructure (PKI) related to self-signed certificates and alternatives to such. Work also progresses on use of this mDL IS as a basis for vaccination certificates.
Part 6 (mDL test methods): Proposal of a new work item has been approved as the test method companion to Part 5. A team has been assigned and they have been active updating their work with finalization of Part 5 text.
Part 7 (mDL ‘Day 2’ functionality): This is where most of the recent work has been focused. The priority in this part of the standard is the use of an mDL to exchange data over the internet. Part 7 is being divided into multiple topics with over the internet protocol and device authentication being the top functionalities.
The standard does not deal much with the Issuing Authority (Jurisdictions) and how they get the mDL provisioned to the user/DL holder. Off-line attended operation is the only operational mode addressed in this initial issuance of the standard. It doesn't appear that this version of the standard attempts to deal with a Master Certificate Authority capability needed to implement PKI interoperability across the globe.
However, it is recognized that PKI will be required for widespread use of mDL. AAMVA is investigating how to do this. Their scope includes the business proposition for certificate generation, distribution and management as a service. This PKI challenge exists for international jurisdictions as well.
Other new work proposals are being considered for mDL add-on functions and a mobile rendition of a vehicle’s registration certificate. Like other kinds of cards, the work on digital implementations of driver licenses and electronic IDs is progressing rapidly. Symbiotic relationships between the physical card and its digital representation, which unlock cardholder services neither can provide separately, will make both products better.
About the Author: David Tushie, ICMA standards and technical representative, has had a long and continuing career in the card industry, working for international companies such as DataCard, UbiQ and NBS Technologies. He has master’s degrees in engineering and business, holds U.S. and international patents in measurement and card issuance systems and has had several years of involvement with the ANSI, INCITS and ISO Standards process. ICMA is represented at six ISO and ANSI Standards Meetings through his standards role within the association.