mDL verification moving from theoretical to practical questions

An opportunity is emerging for relying parties to onboard users more easily and securely through mobile driver’s licenses (mDLs). But as discussed during the “Verifying CA mDLs and learnings from the first mDL hackathon” webinar from Trinsic and Mitek, uncertainty about availability and interoperability remain stumbling blocks for many.

Louisiana’s mobile wallet is close to a launch on the Trinsic network, Trinsic Co-founder and CPO Michael Boyd said during the presentation.

Trinsic counts eight states on track to launch mDLs in 2025; Illinois, Montana, Tennessee, New Jersey, North Dakota, Wyoming, North Carolina and West Virginia.

The developer APIs implemented by both Apple and Google for digital ID credentials within their wallets has spurred states with legislation on the books to act, and Boyd suggests that continued advances in the ecosystem, such as the ISO/IEC 18013-7 standard for remote verification, will spur further launches and adoption.

Boyd reviewed the 18013 standards family and proximity verifications through server-side or peer-to-peer exchanges.

At least for the remote verification specification, Boyd says, “These specifications are extremely flexible. But that means that all of these wallets tend to have a slightly different flavor. And that is where Trinsic’s universal API for all of these wallets has been a huge benefit to folks trying to POC and run pilots.”

Mitek Senior Client Partner Ali Nazem says the relying parties his company serves are looking to use mDLs to ease customer experiences, while also cutting fraud, like most digital identity technologies.

Nazem described an implementation of reusable digital identity for peer-to-peer car rental platform Turo. The company wanted to improve the user experience, security and privacy protection of its digital processes for user onboarding and authentication for car pick-up and drop-off.

After entering some basic information, the user performs a server-side selfie biometric and liveness check. Nazem then demonstrated the creation of a passkey bound to his account, and the addition of his California mDL as a credential for interactions with the relying party – Turo in this case. Turo receives the information it needs, and approves the completion of the onboarding process.

The technology works, but Boyd says that one of the struggles many in the mDL ecosystem are facing is uncertainty about “what is going live, and where, and when.”

Relying parties can get information about what information they can find about people in a given jurisdiction from Trinsic, which also handles the personally identifiable information and support regulatory compliance. The company has just completed a pen-test, according to Boyd, and is going through an audit for SOC 2 Type II certification. Trinsic users can store information outside of their wallet without relinquishing control or risking diminished security, he says.

In addition to onboarding digital identities from providers in its network, Trinsic also provides a basic document scan functionality.

Boyd went through the options for testing and populating the credentials, which include a portrait for biometric identity verification.

This brings up a thorny point that came during the Q+A portion of the webinar.  Some legislation currently treats the relying party as the data processor, Boyd says, which complicates requirements for the government to know in each case what entity is checking the digital ID it has issued. This adds an extra hurdle to adoption that he believes can be avoided with greater clarity about how the parties should interact.

Path to production goes through California

The path to production launches is being cleared both by online demos like those contained in the webinar, and by developer teams participating in events like the California DMV’s use case competition. Both Trinsic and Mitek were among participants. Others included Fime, Ping Identity, Incode and Credence ID.

There are now 780,000 people in California participating in that state’s mDL pilot, and a slate of seven winners has been announced in the hackathon the DMV held for applications of the digital ID.

A way for nonprofits to integrate mDLs to reach and enroll underserved members of the community into social benefits programs by Team Entidad won “Most Compelling and Most Socially Impactful.” A team from Cisco won “Most Promising” for an application of mDLs as a root digital identity for passwordless authentication. Developers from Block won “Best Privacy and Security Design” for an in-person age check application for merchants using Square, and a team from U.S. Bank won “Most Scalable” for an in-person identity verification implementation for bank branches to carry out high-risk transactions.

Team UltraPass won for “Best User Experience” for an mDL combined with encrypted biometrics to streamline account creation, while Mattr, in collaboration with Samsung, Treez and Nuvei, won “Best Presentation” for an application to carry out identity and age verification for cannabis sales and deliveries.

The “Best Independent Submission” came from Team UFI, which integrated California mDls into existing identity and access management (IAM) systems.

The hackathon was co-hosted by the OpenID Foundation, and a second has been announced for November 1 in Sacramento to focus on public sector applications.

“We were impressed by the innovative solutions presented by the teams. Their efforts underscore the mDL’s potential to empower Californians to verify their identity in a safe and privacy-conscious way,” says DMV Director Steve Gordon. “These use cases demonstrate how mDL technology can impact both private and public sectors to the benefit of their customers.”

Article Topics

digital ID  |  digital wallets  |  identity verification  |  interoperability  |  ISO 18013  |  mDL (mobile driver's license)  |  Mitek  |  onboarding  |  remote verification  |  selfie biometrics  |  Trinsic