Mobile Driver's License (mDL)
Abbreviations
| Abbreviation | Description |
|---|---|
| mDL | Mobile Driver's License |
| COSE | CBOR Object Signing and Encryption |
| CBOR | Concise Binary Object Representation |
Overview
Mobile Driver's License (mDL) is a digital representation of a driving license, defined by the ISO/IEC 18013-5 standard. It contains a structured, cryptographically protected set of identity and driving privilege data stored on a mobile device and presented to verifiers through standardized, secure protocols. These protocols include Device Engagement, Session Establishment, and Data Retrieval, using COSE/CBOR and ephemeral key exchange, and transports such as BLE, Wi-Fi Aware, or NFC to ensure secure and verifiable communication between the holder and the verifier.
An mDL ecosystem involves three primary parties:
-
Issuer — the authority responsible for creating and issuing the mDL. The Issuer signs the mDL data and defines the policies for its use.
-
Holder — the individual to whom the driving license is issued. The mDL is stored securely on the Holder’s mobile device. The Holder controls which data elements are shared during verification.
-
Verifier — an organization or service that requests and validates specific data from the mDL.
Usage
Regula Document Reader SDK operates on the Verifier side, providing the tools to establish a secure session with the Holder’s device, request individual data elements, and validate the received mDL attributes according to the standard.
Data exchange in scope of mDL processing flow is divided into two phases:
1. Device Engagement
Device Engagement is the phase in which the verifier and the holder’s device establish the initial context for a secure session. The holder device provides the engagement payload in the form of a QR code or NFC tag for the verifier to scan. The engagement payload includes information about supported communication methods and ephemeral cryptographic material. After reading it, both sides perform a brief handshake to derive shared session keys used to secure the subsequent data exchange.
See currently available Device Engagement methods over different platforms in the following table.
| Engagement Method | Mobile SDK | Web Components | Desktop Devices |
|---|---|---|---|
| QR Code |  |
 |
|
| NFC | |
|
|
2. Data Retrieval
Data Retrieval is the phase in which the verifier requests specific data elements from the mDL, and the holder’s device returns selectively disclosed, cryptographically protected information. The exchange occurs over one of the supported transport protocols—Bluetooth Low Energy (BLE), NFC, Wi-Fi Aware, or a server-assisted retrieval path—using the session keys established during Device Engagement. The verifier then validates the issuer’s signature, integrity digests, and optional device binding to complete the verification process.
See currently available Data Retrieval methods over different platforms in the following table.
| Retrieval Method | Mobile SDK | Web Components | Desktop Devices |
|---|---|---|---|
| BLE | |
|
|
| NFC | |
|
|
| Wi-Fi Aware | |
|
|