Google arbeitet an einer Lösung, den Führerschein in Android digital und sicher zu speichern.
At first glance, the commit, submitted by Shawn Willden, Lead of Android’s Hardware-backed Keystore Team, doesn’t seem very interesting. However, if you view the IdentityCredential and IdentityCredentialStore files, you’ll find multiple references to what kinds of “identity credentials” Google is referring to. For instance, IdentityCredential uses a protocol of key exchanges that is “used by the ISO18013-5 standard for mobile driving licenses.” Furthermore, this protocol is used as “the basis for ongoing ISO work on other standardized identity credentials.” While it’s unlikely we’ll see mobile passports anytime soon, it’s clear that this API is intended for more than just mobile driving licenses. Digging deeper, Google elaborates on the types of signing keys supported by the IdentityCredential API. There are two kinds of data authentication: static and dynamic. Static authentication involves keys created by an issuing authority, whereas dynamic authentication involves keys created by the device’s security hardware (such as the Titan M in the Pixel 3 and Pixel 3 XL.) The benefit of dynamic authentication is that its harder for an attacker to compromise the secure hardware to copy the credential to another device. Furthermore, dynamic authentication makes it harder to link a particular credential with a user’s data. An Android app can present an IdentityCredential to a reader by asking the user to initiate a wireless connection via NFC. Apps are recommended to guard these transactions by requesting user permission in the form of a dialog and/or password protection.