Google introduces privacy-preserving features in Android’s Mobile Driving License framework
Google has added new features to its Android’s Mobile Driving License (mDL) framework, the company announced last week.
The ISO 18013-5-compliant “Mobile driving license application” is a digital identity credential, still under development, describing the construction of mDL applications that users will be able to use directly from their phones as a replacement for plastic cards.
Applications built using this framework will utilize either NFC or QR code technologies to convey the driving license data to another phone utilizing the same app.
The information will be transmitted via ephemeral cryptographic public key and hardware address, and once the mDL reader obtains the cryptographic key it creates its own key pair and establishes an encrypted and authenticated wireless connection.
To further enhance the mDL framework’s security features, users will be able to specify what data to send over as they open their mDL app, as well as authenticate the transfer via biometrics such as face or fingerprint reading.
Thanks to the Android Keystore system, which allows for cryptographic keys to be stored in a container to make it more difficult to extract from the device, developers can now implement the ISO 18013-5 into their own apps with no additional platform changes.
Google, however, suggests building mDL applications on Android 11, which includes additional security features, including Identity Credential APIs at the Framework level and a Hardware Abstraction Layer interface.
The Mountain View company also said the new APIs could be used in the future with other types of identification documents like school IDs, bonus program club cards, and even passports.
Florida recently announced a contract with Thales for mobile driver’s licenses to be delivered in 2021.
Android | API | authentication | biometrics | credentials | digital identity | driver's license | Google | mDL | mobile app