Mobile Driver Licenses & Digital IDs
Mobile Driver Licenses (mDLs) are leading the adoption of verifiable credentials in government identity. Built on ISO 18013-5, mDLs enable secure, privacy-preserving identity verification that works offline.
Why mDOC for Government IDs?
Offline Verification
Works via NFC without internet. Critical for traffic stops, remote locations, and network outages.
Device Binding
Cryptographically bound to holder's device, preventing credential cloning or sharing.
Age Attestation
Prove 'over 21' without revealing date of birth. Built-in age_over_X claims.
Hardware Security
Keys stored in device Secure Element, protected by biometrics.
Travel & Identity Scenarios
| Scenario | Credential | Format | Verification |
|---|---|---|---|
| TSA Checkpoint | Mobile Driver License | ISO mDOC | Offline (NFC) |
| Hotel Check-in | Government ID | mDOC or VCDM | Online or QR |
| Car Rental | Driver License | ISO mDOC | Online |
| Age Verification | mDL or Digital ID | mDOC (age_over_X) | Offline |
| Border Control | Digital Travel Credential | ICAO DTC | Online + Biometric |
Current Deployments
US State mDLs
AAMVA / State DMVs
Multiple US states now issue mDLs through Apple Wallet and Google Wallet, with TSA accepting them at select airports.
- Apple/Google Wallet integration
- TSA PreCheck acceptance
- Retail age verification
EU Digital Identity Wallet
European Commission
EU member states implementing digital ID wallets that will accept mDL and other government credentials.
- Cross-border recognition
- Multiple credential types
- 2026 deadline
Age Verification
One of the most privacy-preserving applications of mDLs is age verification. Instead of showing your full ID, you can prove you're over a certain age.
ISO 18013-5 Age Attestations
The mDOC standard defines specific claims for age verification:
age_over_18- Booleanage_over_21- Booleanage_in_years- Integer (current age)
A bar can verify age_over_21 = true without learning your name, address, or exact birthdate.
Implementation Considerations
Device Engagement
MediumThreat
Attackers could attempt to intercept or replay device engagement data.
Mitigation
Use session encryption and ephemeral keys. The mDOC protocol includes session-specific key agreement.
Reader Authentication
For sensitive data, verifiers should authenticate themselves to the holder's device. This prevents unauthorized data harvesting and builds user trust.
Issuer Authority
Only government authorities should issue mDLs. AAMVA maintains the VICAL (Verified Issuer Certificate Authority List) for US states.