Mobile driver's licenses operate within a three-party model that separates the roles of creating credentials, holding them, and confirming their validity. Understanding these roles clarifies how trust is established and flows through the system.
Who issues mobile driver's licenses?
The Department of Motor Vehicles (or equivalent state agency) is responsible for issuing mDLs. According to AAMVA guidelines, issuing authorities must ensure accurate, secure provisioning of mDLs onto the holder's device and confirm that the mDL app and device hardware meet functional and security requirements.
Issuance can happen in two ways. In-person issuance mirrors traditional DMV workflows: individuals bring physical documents, complete identity checks at a DMV office, and the credential is provisioned directly to their phone. Remote issuance supports individuals who prefer the convenience of not going to the DMV (or cannot easily access DMV offices), utilizing secure digital processes that include facial matching and liveness detection to verify identity before provisioning.
The issuer's core responsibility is binding the credential to a verified identity. The DMV confirms you are who you claim to be, then creates a digitally signed attestation of that fact. This signature is what makes the credential trustworthy.
Who verifies mobile driver's licenses?
Verifiers are the entities that check credentials when they're presented. This includes TSA agents at airport checkpoints, law enforcement officers during traffic stops, retail clerks verifying age, banks conducting identity checks, and online services requiring proof of identity.
When a verifier checks an mDL, they don't need to contact the DMV. Instead, they confirm the digital signature against cryptographic proofs. If the signature is valid and the data hasn't been altered, the credential is accepted. This decentralized verification model scales efficiently and protects privacy by not creating a central log of every identity check.
Verification can happen offline, using NFC or QR codes with locally stored cryptographic data, or online, with real-time queries for status information. Both approaches depend on the same underlying trust: the cryptographic signature from the issuing authority.
What standards govern verification?
The ISO/IEC 18013-5 standard defines the framework for in-person mDL verification, making it suitable for law enforcement, age-restricted retail, and airport security. ISO/IEC 18013-7 extends this to online verification, enabling secure presentation over the internet.
TSA has published program requirements and operational guidance through its Digital ID and mDL acceptance processes, defining eligibility criteria, security expectations, and deployment considerations for issuers and verifiers participating in airport screening use cases.
Want to keep learning?
Subscribe to our blog.
