This project is currently in the build phase. We are drafting guidance with the technology collaborators we have selected and who have signed a Cooperative Research and Development Agreement (CRADA) with NIST.
Digital Identities - Mobile Driver's License (mDL)
The National Cybersecurity Center of Excellence (NCCoE) is helping to accelerate the adoption of mobile driver’s license standards and best practices. In collaboration with technology vendors, government agencies, regulators, standards bodies, and organizations seeking to adopt mDLs, the NCCoE will build a reference architecture demonstrating real world business use cases, integrating mDLs with commercially available technology and into business processes.
NCCoE Project Use Cases
Why mDLs?
mDLs function much like a traditional driver's license, carrying information such as name, date of birth, and address but in a digital format accessible through a dedicated mobile application, often referred to as a digital wallet. Compared to physical driver’s licenses, mDLs have several capabilities that make them easier to use with online and digital transactions:
- mDLs are underpinned by public key cryptography, making the credential cryptographically verifiable.
- mDLs can be integrated natively with device biometrics for user verification.
- mDLs can communicate natively between two mobile applications but also in cross device flows between mobile applications and the web browser on a laptop or tablet.
- mDLs offer the potential for selective disclosure, allowing users to pick and choose which information to share with third parties.
Transactions at financial institutions, healthcare providers, government services, and many other organizations could benefit from enhanced customer experiences, more accurate identity verification, and reduced fraud if they supported mDLs.
Challenge: Credential compromise and online fraud are significant issues in today's cyberthreat landscape, as traditional methods of online identity verification, including mDLs, are increasingly vulnerable. The effectiveness of these methods is undermined by new technologies like AI-generated images and the ability of malicious actors to access necessary information.
Consortium Participants
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
- American Association of Motor Vehicle Administrators (AAMVA)
- California Department of Motor Vehicles
- Capital One
- Department of Homeland Security (DHS), Science and Technology Directorate
- Idemia
- iLabs
- JP Morgan Chase
- Maryland Department of Transportation
- MATTR Limited
- Microsoft Corporation
- New York State Department of Motor Vehicle
- OpenID Foundation
- Raymond James
- SpruceID
- Synchrony
- TBD (Block, Inc.)
- US Bank
- Wells Fargo
- Yubico
Additional Resources
Interested in attending upcoming mDL events, watching a recording of a recent mDL webinar, or reading our blog posts? Use the buttons below to view a list of mDL events or our latest blog post.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.