A Recipe for a Digital ID that Works: DDL Security, Privacy & Interoperability by design

Last updated: 22 June 2018

In today’s world, we treat our mobile devices as essential engines for navigating our lives. Their multifarious uses extend beyond calling and text, beyond browsing on-the-go, beyond sharing selfies. By putting the power of mobile convenience and security in our hands, we can literally get from Point A to Point B in the most efficient and streamlined manner, while accessing whatever news, entertainment, and communication avenues we choose along the way.

The benefits of mobile are especially powerful when it comes to securing our personal information online. In creating Gemalto’s DDL solution, we’ve examined the ingredients in today’s digital security landscape and addressed the greatest concerns that users face when protecting their identities online.

Digital Data & Information Sharing

In a post-Cambridge Analytica world, tech industry stakeholders, activists, regulators, and reporters alike are grappling with the open questions around storing and sharing personal information online. As big data behemoths like Facebook come under fire for deliberately granting select companies and consulting firms access to user data – and in some cases, the personal information of their friends and connections online – new and emerging technologies are having to address their own policies and practices for maintaining the integrity and privacy of user data, and for how they solicit that information in the first place.

DDL technology is more than a digital snapshot of a driver’s license stored on a mobile device. Rather, it is a total environment – soup to nuts – for the secure issuance, usage, and verification of a user’s identity in today’s digital terrain. The information contained in the DDL originates from the DMV. As with traditional driver’s licenses, they are responsible for collecting and maintaining this source data. Once the personal information is securely loaded onto a mobile device, it belongs to the end-user, and they retain control over when and to what extent it is accessible.

As an example of the way DDL users can choose exactly when and how to share the personal information from their credential, consider that when you hand your traditional driver’s license to a bartender to validate your age, the bartender has sudden access to all of the personal information that appears on that ID – your address, date-of-birth, even your height and organ donor status. When using a DDL, however, you can choose to share only your photo, to confirm that you are indeed the licensee, and a proof-of-age indicator, to verify that you are of legal age to purchase alcohol.

By giving users greater control over the personal information they are required to show, DDLs are inherently privacy-enhancing.

Likewise, DDL technology uses no geo-location tagging or verification tracking, so there is no log or record generated of user verification history. In fact, the entire process for validating a DDL is fully compliant with PII policies and best practices, designed to limit the personally identifiable information that is shared when accessing the digital ID.

Data Breaches, Hacking & Fraud

In today’s hyper-changing, cyber-centric world, the protection of personal identities online can’t be taken for granted. Recent data breaches have compromised the personal information of millions of people and dominated news cycles, and users are correctly demanding greater security for their vital information online.

Perhaps the most notable breach last year was Equifax’s loss of the personal information of almost 145 million Americans. This headline-making event put nearly half the US population’s identities at risk in one fell swoop, and may extend even further than originally thought. With DDL, we’ve created an end-to-end system for protecting your driver data that is much more resistant to fraud and hacking than a stand-alone credential.

The authenticity of a DDL credential is confirmed through a digital, cryptographic signature that only the issuing agency can input – similar to the holographic security markings on today’s plastic licenses. But if these digital security features are falsified or copied the DDL verification process immediately flags the fraudulent activity. This gives retailers, law enforcement, and other validating entities assurance that the ID they are verifying is a genuine, state-issued credential, and that it hasn’t been finagled.

On the user side, the personal data contained in the DDL is encrypted at multiple levels: the application level, the network level, and the server level. The DMV-driven DDL app that is used to display the licensee data on a mobile device is only accessible by entering a unique PIN of the user’s choosing, or by scanning a fingerprint with the device’s biometric reader. When presenting a DDL for verification in the field, the user’s device never even needs to leave their hand. Further, if a user’s phone is damaged or non-recoverable for any reason, the DDL can be remotely wiped from the device, further protecting against physical identity theft or misplaced credentials.

The DDL user always triggers the verification process and the sharing of information, and that information is always encrypted.

Interoperability & Multi-Factor Authentication

Taking steps to ensure our digital security matters more than ever. It is increasingly important that multi-factor authentication be integrated into standard security protocol for online transactions, to reduce the likelihood that user information will be compromised. Today, a growing number of online platforms require that users type in a one-time numeric code sent directly to their phones, as an assurance measure at login. The flexibility and ease-of-use inherent in the DDL make it a prime factor for next-level online authentication. The reliability of the DMV-verified data contained in the DDL could also make it a seamless authentication agent in future use cases. Scenarios, like enrolling for health insurance, filing taxes, renting a car, or completing online purchases, would benefit from a smooth, convenient process for adding extra security around personal data.

As the prospects for online integration take shape, the ultimate value of DDL will be in offering users and verifiers the peace of mind that they’ve improved their digital security posture with our special blend of fraud-resistant, dynamic data for those seeking mobile convenience in identity they can sink their teeth into.

What do you think?

How concerned are you about your personal information online? Where do you consider your digital identity most at-risk? Would you be confident validating your ID using DDL technology? Share your thoughts below!

One thought on “A Recipe for a Digital ID that Works: DDL Security, Privacy & Interoperability by design

Leave a Reply

Your email address will not be published. Required fields are marked *