A mobile driver's license operates through a combination of cryptography, device security, and standardized protocols that together ensure the credential is authentic, tamper-evident, and under the holder’s control.
How is the credential secured to my device?
When you receive an mDL, your smartphone generates and protects a unique cryptographic key using the device’s hardware-backed security (such as a Secure Enclave or secure element, depending on platform), a tamper-resistant hardware component designed to protect sensitive operations. This key, called the device key, is mathematically linked to your credential. The DMV locks your license to that device key at the time of issuance.
The credential is stored on your device in encrypted form. If someone copied or shared a screenshot of the license to another device, it would not function because the required key would be missing. This binding makes the credential non-transferable and resistant to theft.
What happens when I present my mDL?
When you present your mDL to a verifier, whether at a TSA checkpoint, a retail counter, or online, the verification process confirms two things: that the credential was issued by a legitimate authority, and that it belongs to the person presenting it (coming from a device and wallet that holds the credential’s cryptographic keys).
For in-person verification, the mDL can be presented via NFC (just like Tap to Pay with credit cards on your phone’s digital wallet) or by displaying a QR code. The verifier's device checks the cryptographic signature embedded in the credential against known public keys from the issuing authority. If the signature is valid and the data hasn't been altered, the credential is accepted.
For online verification, ISO/IEC 18013-7 defines how mDLs can be presented over the internet, enabling use cases like account creation, digital onboarding, and remote identity verification.
What happens if I lose my phone?
If you lose or replace your device, the DMV can reissue a new mobile driver's license after verifying your identity again. The old credential becomes unusable because it can be suspended or revoked (and the wallet/device protections prevent presentation). The DMV can then reissue the credential to a new device after verification. This is actually more secure than losing a physical card, which could be used by anyone who finds it.
Want to keep learning?
Subscribe to our blog.
