FB pixel

Kantara lays out trust-building recommendations for mDLs

Kantara lays out trust-building recommendations for mDLs
 

A global digital ID association has published steps vendors and others need to take in order to build effective mobile driving license services that also put ID holders in control of their identity.

The Kantara Initiative’s report starts from the premise that trust in mobile driving licenses grows with the degree of control that license holders have over the documents, their privacy and their biometric identifiers.

Privacy and digital ID-related requirements and expectations identified in the report pertain to all ISO/IEC 18013-5-compliant credentials in the pursuit of “robust and privacy-protective” systems for stakeholders.

The organization notes that the interface between issuing authority infrastructure and the mobile driver’s license is out of scope of ISO 18013-5, while those between the mDL and mDL reader and the reader and issuer are covered by the standard

The report surveys other standards and guidance being formulated. The American Association of Motor Vehicle Administrators (AAMVA) has looked into public key collection and dissemination solutions, as it seeks to stand up a Verified Issuer Certificate Authority List (VICAL). The AAMVA has also issued guidelines for issuing authorities on how to administer mDLs. The Identity Council of the Secure Technology Alliance (STA), meanwhile, has published a set of educational materials and resources for participants within the mDL ecosystem.

Eleven categories of risk considerations are listed, including for establishing consent, purpose legitimacy, collection limitation, data minimization and use, retention and disclosure limitation. Data flows for various use cases are defined and mapped out. These considerations state the importance of “proof of presence” in online transactions with mDLs, likely in the form of biometrics.

The Kantara authors write that their requirements will enable relying parties — anyone relying on validity of a person’s or process’ authenticators and credentials — to give mobile license holders a significant and “potentially verifiable” assurance about how their private data is protected.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

DHS awards SVIP contract to Procivis for decentralized identity software

Procivis AG, a subsidiary of Swiss institution Orell Füssli, has been awarded a tender through the U.S. Department of Homeland…

 

IDnow rides online betting wave from UEFA Euro Championship

IDnow is capitalizing on UEFA European Football Championship fever, registering over eight times more identity verification requests on sports betting…

 

Android 15 integrates biometric security across the board

In the latest Android 15 Beta 3 release, significant progress has been made in the area of biometric authentication. In…

 

Vote begins on biometric injection attack standard

Europe’s standard for biometric data injection attacks is on track to be published in October of this year, and could…

 

Police Scotland engages public on biometric data rights amid cloud storage concerns

Police Scotland has commenced the distribution of an information leaflet to all individuals in police custody who have their biometric…

 

‘Facial recognition is the easy part’: digital travel ID pilot results are in

Air travel has been getting more complicated. From security and passport checks to special documents such as COVID-19 certificates, passengers…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events