Imagine a customer using a mobile app to perform an online banking transaction. The customer must trust that their sensitive financial data, such as account numbers and personal information, will remain secure throughout the interaction.
If the assurance levels are low—meaning there's a higher risk of data breaches, unauthorized access, or fraud—the customer could face identity theft, financial loss, and a major erosion of trust in the banking institution. They are likely to avoid such transactions in the future. However, with the right technology in place this transaction can be augmented with identity verification, data integrity checks and privacy protection.
For businesses, the ability to conduct such high-assurance interactions is crucial for regulations compliance, reducing fraud and maintaining customer trust. For users, it increases engagement by providing seamless and secure experiences without the risk of their data being compromised. The need for secure, efficient, and high-assurance interactions has never been more paramount.
That’s why we’re excited to announce the expansion of our mDocs credential format, which now supports trusted interactions not just in person, but also for online use cases.
Perfectly aligned with the recent publication of the ISO/IEC 18013-7 technical specification, this enhancement meets the evolving demands of businesses and users alike, to enable online interactions that are seamless, secure, and compliant.
What are mDocs?
MATTR’s mDoc credential format facilitates the exchange of selected information during high-assurance digital interactions, offering a secure solution for establishing trust across various channels. Enhancing existing in-person exchange capabilities, with this update mDoc credentials can now be used in online interactions as well, adhering to the ISO/IEC 18013-7 and OID4VP technical specifications.
Why mDocs matter
Meet any use case
Organizations face the challenge of offering digital interactions across multiple channels, industries, and geographies. With mDocs you can establish trust effortlessly in intuitive, seamless user experience—whether in-person or via online platforms. This flexibility ensures that you’re equipped to handle any use case, maintaining security and trust in every interaction.
Mitigate security risks
With the rise in fraud and misuse, businesses must prioritize security and privacy. mDocs are equipped with advanced security features that enable authenticating the issuer, the holder and the device being used to present the credential. This minimizes the risks associated with data breaches and unauthorized access and makes it easier and simpler to comply with any regulatory requirements.
Future-proof your infrastructure
In a rapidly changing landscape, it’s critical to invest in solutions that won’t become obsolete. MATTR is at the forefront of the technical standards community, designing our digital trust infrastructure with the future in mind, scaling with your business and adapting to market needs. You can have confidence that our mDoc credential format will continue to evolve alongside industry standards and regulatory requirements.
Use cases
The following use cases demonstrate how mDocs can enhance security, privacy, and user experience across a wide range of industries.
- Digital national IDs: Citizens can store their national ID on their mobile device, allowing for secure access to government services such as tax filing, voting, and social benefits, whether at a government office or remotely for online services.
- Bank account opening: Customers can use mDocs credentials such as BankID to securely open accounts without visiting a physical branch.
- Mobile Driver’s License (mDL): Just like a physical driver’s license, an mDL serves as a central identity document, used in a wide range of everyday interactions to verify personal details such as identity, address, and age. From purchasing age-restricted items, accessing government services, or proving your identity in financial transactions, having an mDL on your mobile device provides a convenient and secure way to manage and share your credentials in-person and online.
- Digital health cards: Patients can store their health insurance cards or medical IDs as mDocs. This allows healthcare providers to quickly and securely verify a patient’s identity and insurance status during appointments or hospital visits, ensuring efficient care delivery and reducing the risk of fraud.
- Transcripts and certificates: Educational institutions can issue digital transcripts and graduation certificates as mDocs, allowing students to share their verified academic achievements with prospective employers or other institutions. The secure verification of credentials ensures that only authentic documents are shared, preventing credential fraud.
- Employee ID cards: mDocs can replace traditional employee ID cards, allowing for secure, digital access to offices and facilities. Employers can use BLE-enabled verification systems to authenticate employees without requiring internet access, enhancing both security and convenience.
- Age-restricted purchases: mDocs can be used to verify a customer’s age when purchasing restricted items like alcohol or tobacco. Retailers can request only the necessary information (e.g., confirming the customer is over 18), protecting the customer’s privacy while ensuring compliance with regulations.
Core capabilities
Enhanced security
The key strength of the mDoc credential format over alternative credential formats lies in their ability to provide strong authentication and strong identification, supporting digital interactions that were previously impossible due to high security risks. They enhance security and reduce fraud risk by implementing advanced security features that enable establishing trust in digital interactions:
- Issuer authentication: mDocs adhere to a well-defined suite of data structures, procedures and cryptographic algorithms defined in the ISO 18013-5 specification. This enables relying parties to verify the origin and the issuer of a credential through a chain of linked certificates. Read more about the chain of trust model.
- Device authentication: To protect against malicious cloning, mDocs are bound to a mobile device and enable verifying the binding between a credential and the mobile device used to present it.
- Holder authentication: mDocs can include a portrait picture of their holder, enabling the verifier to compare it with the person presenting them in person. This comparison can be performed either manually or using facial recognition technologies.
- Session Encryption: mDocs communication protocols establish encryption/decryption keys to secure sessions and ensure the Mobile Credentials remain hidden and confidential from any possible eavesdroppers. This security feature applies to both in-person and remote (online) verification workflows.
Read more about core capabilities of the mDoc credential format.
Seamless user experience
Increased security often comes at the expense of user experience and can result in fragmented journeys or reduced user autonomy. However, this is not the case with mDocs, as they support flexible workflows and advanced privacy preserving features:
- Multiple verification workflows: mDocs offer tremendous value as a single credential can be used across different digital interactions:
- Remote (online) interactions: mDocs can be used in online interactions via either same-device or cross-device workflows. Read more about online verification.
- Proximity (in-person) interactions: mDocs are constructed in a way that enables real time offline verification, with no reliance on internet-based technologies. This means that in-person verification workflows can be completed anywhere, regardless of location and internet coverage. Read more about in-person verification.
- Selective Disclosure: mDocs allow relying parties to specifically request only the information they need from the holders of these credentials. The holders, in turn, can consent to sharing this information while fully understanding what, with whom, and for what purpose they are sharing it. Read more about selective disclosure.
Underlying standards
Widespread adoption of any credential format relies heavily on adherence to established global standards. Compliance with these standards not only facilitates seamless cross-platform integration but also enhances trust between issuers, holders, and verifiers, resulting in a secure and scalable solution.
The ISO/IEC 18013-5:2021 standard was created to standardise the usage of Mobile Driver Licences (mDLs), while the ISO/IEC DTS 18013-7 standard was created to augment capabilities defined in ISO/IEC 18013-5:2021 standard by enabling the verification of an mDL to a verifier remotely (online). The ISO/IEC TS 23220 standard series (currently under development) aims to generalise applications of mDL technology for more use cases, broadly referred to as Mobile Documents or mDocs.
The MATTR Advantage
As a leader in developing the 18013-7 standard, MATTR is committed to ensuring that our solutions are built with the future in mind. We continuously monitor changes in compliance and regulation worldwide, taking the burden off your shoulders so you can focus on what you do best.
Why Now?
The shift toward digital credentials is not just a trend—it’s a necessity driven by legislative changes and evolving user expectations. With initiatives underway across the USA, Canada, Australia, and Europe, businesses must be prepared to adopt digital credentials to meet the demand for secure, convenient and compliant digital interactions.
Now is the time to partner with MATTR, the first to market with mDocs online verification capabilities. Our expertise in standards development ensures that your organization is equipped with cutting-edge solutions that are compliant and reliable.
Let’s build the future of digital trust together
The expansion of our mDoc credential format is a game-changer for organizations navigating the complexities of digital trust. Whether you’re looking to enhance security, streamline verification processes, or future-proof your infrastructure, MATTR’s mDoc credential format offers a comprehensive solution.
Join us as we lead the charge in building a secure and trusted digital landscape, allowing you to focus less on implementation challenges and more on driving your business forward.
For more information on how to implement mDocs in your unique use case, contact us today!