Scytáles ISO-Compliant Products
Scytáles ISO-Compliant Solutions
ISO/IEC 18013-5 Personal Identification - ISO-Compliant Driving Licence – Part 5
A mobile driving licence (mDL) that is secure, accurate, interoperable, and that protects privacy is coming and will change the identity landscape in the near future. Scytáles products are all fully ISO-compliant and follow the best security and implementation standards.
Scytáles AB is representing SWEDEN as an expert through the Standardization Body (SIS) SIS/TK 448 and Task Force 14 on mDL within ISO/IEC JTC1/SC17/WG10.
The International Organization of Standardization (ISO) 18013-5 will specify the technical and interoperability requirements for Mobile Driving Licences (mDL). The ISO 18013–5 standard is in Committee Draft phase and is expected to be published in 2020. The current standard supports data exchange for attended online and offline use cases.
Get Updates on the ISO Development
If you're interested in knowing more about the developments of the ISO 18013-5 and how you can benefit from this standard, subscribe to our monthly newsletter and receive the news directly in our inbox (you can unsubscribe at any time).
What is the ISO/IEC 18013-5?
The ISO/IEC 18013-5 standard defines an mDL as a driving licence which resides on a mobile device or requires a mobile device as part of the process to gain access to the driver licence. This Global standard is being developed by the members of the International Organization for Standardization (ISO/IEC JTC1/SC17/WG10), ultimately serving billions of mDL holders and the mDL relying party community.
ISO/IEC 18013 consists of the following parts, under the general title Personal identification -ISO-compliant driving licence:
Part 1: Physical characteristics and basic data set. Part 1 describes the basic terms for this document including physical characteristics, basic data element set, visual layout, and physical security features;
Part 2: Machine-readable technologies. Part 2 describes the technologies that may be used for this document, including the logical data structure and data mapping for each technology;
Part 3: Access control, authentication and integrity validation. Part 3 describes the electronic security features that may be incorporated under this document, including mechanisms for controlling access to data, verifying the origin of an IDL, and confirming data integrity;
Part 4: Test methods. Part 4 describes the test methods that can be used to determine if an IDL conforms to the requirements for machine-readable technologies specified in Part 2 and to the electronic security features specified in Part 3.
Part 5: Mobile Driving Licence (mDL) application. Part 5 describes interface specifications for the implementation of a driving licence in association with a mobile device.
What is Scytáles’ role in the ISO 18013-part 5 working group?
Scytáles is a strong driving force in the ISO working group for the mDL and we are fully compliant with this standard as per today.
We are representing Sweden (SIS) as an expert through the Standardization Body and Task Force 14 on mDL within ISO/IEC JTC1/SC17/WG10.
Why the importance of being interoperable in a mobile identity solution?
With all the different use case scenarios, an mDL and an mDL validator will not only run on different operating systems but also be designed and developed by different vendors.
This is why interoperability, enforced by the ISO 18013-5, is one of the key factors in opting for and achieving a functioning mDL ecosystem so that, for example, a Malaysian citizen with a driving privilege can be validated online by a rental officer in the same way upon renting a car in Sweden, Finland or any other place in the world.
Scytáles ISO mDL/mID and validation products ensure full interoperability and are passing the various ISO 18013-5 tests.
Is it possible to have a mobile identity ecosystem where there is compatibility between iPhone and Android?
Not only is it possible, but Scytáles is also a true pioneer in the implementation of this solution within the ISO 18013-5. Our ISO Mobile Driving License (mDL) and Mobile ID (mID) are not only fully compliant with the standard but also supports online, offline, NFC, QR, Bluetooth, Wifi Aware and Barcode readers on both iPhone and Android. As forerunners, we also support all the above combinations, i.e. iPhone to Android and vice versa and on all different interfaces.
What if I don’t have a data connection or wifi available? How is my data verified?
With an ISO-compliant solution, it is possible to share and validate the information of a Mobile Driving Licence (mDL) stored on a secure smart device even when there is no connection.
In this scenario, the Validator (e.g. a police officer) requests the mDL Holder to transmit identity attributes over communication channels supported by both devices. Data is transmitted from the Holder’s device over a secure encrypted channel to the Validator’s reader, along with a cryptographic signature from the Issuer proving that the data have not been altered. The reader can also check that the mDL data was transmitted by the device to which it was originally issued.
This technology is already developed into all Scytáles ISO-compliant products.
Does Scytáles' ISO mDL support NFC, BLE, QR, Wifi Aware and Barcode?
Our ISO Mobile Driving Licence (mDL) and Mobile ID (mID) are not only fully compliant with the standard but also supports both online and offline scenarios, and NFC, QR, Bluetooth, Wifi Aware and Barcode readers on both iPhone and Android. Scytáles is a frontrunner in the ISO international standardization work that is under development— ISO/IEC 18013-5, “Personal Identification – ISO-Compliant Driving Licence – Part 5: Mobile Driving Licence Application”.
Do I have to share all info from my Mobile ID, like I have to with my physical ID?
Besides offering convenient availability of your identity without requiring access to a physical credential, an ISO-compliant mobile Identity / Driving Licence also allows you to share only the necessary attributes for the transaction, rather than all ID/DL attributes.
For example, a bar employee verifying your age does not need to know your name or address., and with the Scytáles mID/mDL you can share only your age and photo.
Scytáles ISO-compliant solutions additionally supplements controlled access to your identity information and protection against unauthorized use, supported by capabilities of the smart device platform, like the usage of a PIN code and/or biometrics.
Is an mDL/mID a digital copy of a DL/ID card on the mobile phone?
It's true that an mDL/mID provisions a copy in the mobile phone of the same data as the physical DL/ID, signed by the respective issuer authority.
However, an mDL/mID can not be fully trusted only by showing it to a validator on the Holder's phone since, for instance, it is so easy to take a screenshot of the displayed ID and alter it.
This is why it is so important to adopt an ISO 18013-5 compliant solution: it ensures the interchange of trustworthy identity data between an mDL and a Reader device. The data can be transmitted between the two devices and then cryptographically verified to be authentic and untampered.
Is it possible for an mDL/mID solution to include additional data, like from a fishing or hunting licence?
With the Scytáles ISO mDL/mID you can connect to other trusted data sources and provide additional attributes or licences. One of the main advantages of being digital is that you can have your different IDs on your mobile wallet and keep the control at all times of the information you want to share.
If you want to start with one ID and afterwards scale-up adding other IDs/Licences to your Mobile Identity Ecosystem, you must choose an ISO 18013-5 compliant solution.
This ISO is the standard that not only models how to build these solutions but also ensures that different vendors can communicate seamlessly between them.
Can an mDL have extra security controls like, for instance, facial recognition?
Mobile phones today are incredible pieces of technology and users are getting more keen on security features such as using the fingerprint to authenticate or even facial recognition.
Scytáles ISO-compliant mDL/mID products take advantage of these state-of-the-art technologies.
Our products allow validators to additionally cross-check the identity of a person by using facial recognition mechanisms, thus ensuring the identification displayed is actually from the person that is presenting it.
Why should I trust an mDL/mID verification from a Validator device?
The ISO 18013-5 determines two ways to validate the data - an online and an offline method - none of which requires users to hand over their device.
On the one hand, an online mode provides the quickest data retrieval and ensures the freshest data, thus is recommended whenever an Internet connection is available. In this scheme, the Validator obtains a token through QR Code, NFC, BLE or via the Internet from the mDL/mDL Holder phone. The Validator device then uses that token to request and receive the ID data directly from the Issuing Authority, using Signer Certificates to secure and authenticate the connection.
On the other hand, when there is no connectivity to the central system (no data or Internet connection), the Validator retrieves the ID info directly from the mDL/mID device via NFC, BLE or WifiAware. The offline scenario applies enforced mechanisms to protect the connection between the devices and the Validator uses Signer Certificates to validate the integrity and authenticity of the data.
Can someone verify my mDL/mID without physically handling my mobile device?
An mDL/mID Holder does not have to hand over their device at any point of the verification process and has complete control over the data shared with a Validator.
The ISO 18013-5 defines principles for data privacy and security by design. By enabling tap, nearby and distance data communications, the Holder always handles their mobile device and controls which of their data is shared. The closest your phone gets to a Validator device is when is tapped for an NFC connection, similar to payment implementations today.
What happens to my mDL/mID if I switch phones?
For security reasons, the ISO 18013-5 states that the end-user data is not transferrable to a new device. The enrollment process uses device-specific keys to authenticate the ID data and to protect the information transmitted.
When you switch to a new phone, you must re-enrol your ID either through a self-guided or in-person process. This is a quick process and happens fairly seldom.