The infancy of mobile driver’s licenses

More and more states are adopting mobile driver’s licenses that can be stored on a smartphone. Mobile driver’s licenses (mDLs) are available from Colorado, Delaware, Louisiana, and Oklahoma, and may be available from additional states by the time you read this.

LA Wallet Louisiana Digital Driver’s License. lawallet.com.

For me, the two key benefits of mDLs are the following:

  • If you have your smartphone, you have your mDL. Since smartphones are becoming more of a necessary must-have item – and wallets are not – the presence of a driver’s license on a smartphone is beneficial. (Unless, of course, you’re the type of person who misplaces your smartphone.)
  • mDLs can be designed to show only the information that is necessary. If I want to enter a bar or other facility for people over 21, I don’t have to show the bouncer my weight, my address, or even my birthdate. I just have to show the bouncer that I’m over 21.

While mDLs are becoming available in more states, they are not fully mature yet.

  • They are only valid in the state where they were issued. You can’t show your Oklahoma mDL in California. (Well, I guess you CAN show it, but a Californian isn’t obligated to do anything.)
  • Even within the state of issue, they’re still not always valid. At least some states require you to carry your physical driver’s license while driving, even if you have an mDL. And you can’t present an mDL to airport security in Denver or any other city. (See the LA Wallet image above, which clearly states “NOT FOR FEDERAL IDENTIFICATION.” So even if Louisiana’s physical driver’s license is REAL ID compliant, its mDL isn’t.)

Part of the issue regarding acceptance of mDLs is that the standards are still evolving. One key standard, ISO/IEC FDIS 18013-5 (Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application), is still under development.

But these four states, and others, didn’t want to wait until the standards were fully approved, and their solutions were fully certified, before issuing mDLs. Louisiana’s LA Wallet solution was introduced back in July 2018. While none of the solutions by definition can claim compliance with ISO/IEC FDIS 18013-5, they are already providing benefits to the license holders in these four states.

How long will it be until all states, provinces, and territories support mDLs?

The five authentication factors

I thought I had blogged about the five factors of authentication, either here or at jebredcal, but I guess I haven’t explicitly written a post just on this topic.

And I’m not going to do that today either (at least in any detail), because The Cybersecurity Man already did a good job at that (as have many others).

However, for those like me who get a little befuddled after authentication factor 3, I’m going to list all five authentication factors.

  • Something You Know. Think “password.” And no, passwords aren’t dead. But the use of your mother’s maiden name as an authentication factor is hopefully decreasing.
  • Something You Have. I’ve spent much of the last ten years working with this factor, primarily in the form of driver’s licenses. (Yes, MorphoTrak proposed driver’s license systems. No, they eventually stopped doing so. But obviously IDEMIA North America, the former MorphoTrust, has implemented a number of driver’s license systems.) But there are other examples, such as hardware or software tokens.
  • Something You Are. I’ve spent…a long time with this factor, since this is the factor that includes biometrics modalities (finger, face, iris, DNA, voice, vein, etc.). It also includes behavioral biometrics, provided that they are truly behavioral and relatively static.
  • Something You Do. The Cybersecurity Man chose to explain this in a non-behavioral fashion, such as using swiping patterns to unlock a device. This is different from something such as gait recognition, which supposedly remains constant and is thus classified as behavioral biometrics.
  • Somewhere You Are. This is an emerging factor, as smartphones become more and more prevalent and locations are therefore easier to capture. Even then, however, precision isn’t always as good as we want it to be. For example, when you and a few hundred of your closest friends have illegally entered the U.S. Capitol, you can’t use geolocation alone to determine who exactly is in Speaker Pelosi’s office.

Now when these factors are combined via multi-factor authentication, there is a higher probability that the person is who they claim to be. If I enter the password “12345” AND I provide a picture of my driver’s license AND I provide a picture of my face AND I demonstrate the secret finger move AND I am within 25 feet of my documented address, then there is a pretty good likelihood that I am me, despite the fact that I used an extremely poor password.

I don’t know if anyone has come up with a sixth authentication factor yet. But I’m sure someone will if it hasn’t already been done. And then I’ll update to update this post in the same way I’ve been updating my Bredemarket 2021 goals.

Why I created a LinkedIn Showcase Page for Bredemarket

It was Sunday, and I was thinking about something that I wanted to communicate to a potential client in the coming week. The potential client performs work in multiple areas, and had inquired about my assisting in one of those areas.

As I thought about solutions for that one section of the potential client’s website, I began wondering how that material could be repurposed in other channels, including LinkedIn. One solution, I realized, was for the client to set up a special “showcase page” on LinkedIn that was dedicated to this one area. Content from the website could then be repurposed for the showcase page.

If you are unfamiliar with LinkedIn Showcase Pages, they “are extensions of your LinkedIn Page, designed to spotlight individual brands, business units and initiatives.”

A notable example of the use of showcase pages is Adobe. Adobe has a company page, but since Adobe provides a plethora of products and services, it would be a firehose to cover EVERYTHING on the main Adobe page. So Adobe established showcase pages, such as its page for Adobe Experience Cloud, that allowed the company to go into greater detail for that particular topic.

But this doesn’t explain why I just created a showcase page for a Bredemarket customer segment. Actually, there are two reasons.

  • While Bredemarket provides its services to identity firms, technology firms, general business, and nonprofits, it’s no secret that Bredemarket’s most extensive experience is in the identity industry. Because of my experience in biometrics and secure documents, I know the messages that identity firms need to communicate to their customers and to the public at large. Because of this, I thought I’d create a showcase page dedicated solely to the services that Bredemarket can provide to identity firms.
  • There’s another reason why I created the showcase page – the “eating your own dog food” reason. If I’m going to talk about the use of LinkedIn Showcase Pages, wouldn’t it make sense for me to create my own?

So on Sunday I created the Bredemarket Identity Firm Services page on LinkedIn; you can find it at the https://www.linkedin.com/showcase/bredemarket-identity-firm-services/ URL.

And if your interest is specifically in identity, be sure to click the Follow button.