SpruceID Joins NIST National Cybersecurity Center of Excellence (NCCoE) to Accelerate Mobile Driver’s License Adoption

SpruceID is participating in the National Cybersecurity Center of Excellence (NCCoE) Accelerate Adoption of Digital Identities on Mobile Devices Consortium. This initiative will help define and facilitate a reference architecture for digital credentials that protect privacy, are implemented securely, enable equity, are widely adoptable, and are easy to use.

Understanding the Initiative

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) is a collaborative hub where industry, organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges.

The NCCoE is playing a pivotal role in expediting the adoption of mobile driver's license (mDL) standards and best practices. In partnership with technology vendors (including SpruceID), government agencies, regulatory bodies, standards organizations, and entities aiming to implement mDLs, the NCCoE is kicking off an initiative to build a reference architecture that showcases practical, real-world business use cases. This initiative will integrate mDLs with commercially available technologies and embed them into existing business processes:

“Whether boarding a plane, creating a bank account, or making an online purchase, mobile driver’s licenses (mDLs) and other digital credentials have the potential to improve the way we conduct transactions, both in person and online. To help realize this potential, the NCCoE is collaborating with more than a dozen partners from across the mDL ecosystem to build out reference implementations and to accelerate the adoption of mDL standards and best practices.” 

- Bill Fisher, co-lead of the NIST mDL project, NIST National Cybersecurity Center of Excellence

This reference implementation aims to promote standards and best practices for mDL deployments and address mDL adoption challenges. Over the next two years the project will produce guidance addressing:

1. Know Your Customer/Customer Identification Program Onboarding and Access which will demonstrate the use of an mDL and/or Verifiable Credentials (VC) for establishing and accessing an online financial account. 
2. U.S. Federal Government Credential Service Provider (CSP) and Federation which will demonstrate the use of an mDL and/or VC for establishing a CSP account to access federated agency systems.
3. Healthcare and Electronic Prescribe which will demonstrate the use of an mDL and/or VC for provider access and prescription uses.

Benefits of the Mobile Driver’s License

Physical driver’s licenses were not designed for our online world. The current best practice for online identity verification asks users to take a picture of their driver’s license with a smartphone and to answer knowledge-based questions. The efficacy of these methods is being eroded by new technology, such as AI-generated images of driver’s licenses accurate enough to bypass document scanning tools and the ability of bad actors to get ahold of the information needed to answer knowledge-based questions.

mDLs function much like a traditional driver's license, carrying information such as name, date of birth, and address but in a digital format accessible through a dedicated mobile application, often referred to as a digital wallet. Compared to physical driver’s licenses, mDLs have several capabilities that make them easier to use with online and digital transactions:

• mDLs are underpinned by public key cryptography, making the credential cryptographically verifiable.
• mDLs can be integrated natively with device biometrics for user verification.
• mDLs can communicate natively between two mobile applications but also in cross device flows between mobile applications and the web browser on a laptop or tablet.
• mDLs offer the potential for selective disclosure, allowing users to pick and choose which information to share with third parties.

Transactions at financial institutions, healthcare providers, government services, and many other organizations could benefit from enhanced customer experiences, more accurate identity verification, and reduced fraud if they supported mDLs.

How SpruceID will Collaborate with NCCoE

SpruceID is proud to have been selected to partner with the NCCoE to expedite the adoption of mobile driver’s license standards and best practices. Several of our contributions to this project will include:

• Coordinate and collaborate with other parties to demonstrate success for the Financial Services Sector CIP/KYC use case, serving the primary role of a Wallet Provider.
• The use of our open-source libraries, including the SpruceKit Wallet, an application holding mDoc and Verifiable Credential that can interact over the internet and app-to-app using 18013-7 and OpenID4VP.
• Bring our expertise and learnings from interoperability test events that we previously hosted for ISO/IEC 18013-7 in August 2023 and from the development and deployment of the California DMV mobile driver’s license application.

We look forward to leveraging our unique knowledge and expertise to help drive this initiative forward.

Stay up to Speed

Interested in learning more and staying up to date with major milestones? Attend upcoming mDL events and follow along for updates on the NCCoE website mDL home page.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.