Inspiration

● Phone provides addition security against malicious acts

● Organizes license information clearly, points on licenses, endorsements, restrictions, organ donor, under 21 before, expiration and etc…

● Faster information updates

● Adaptable and extensible standard

What it does

● The state’s DMV creates a master key and master root certificate.

● The user’s device generates a key, which is then signed by the state’s certificate

● Authority after proving the user’s identity and possession of the physical drivers license.

● The relying party (bar, cop, etc) generates a random string (“none”), which is read by the user’s camera or via NFC, signed by the user’s key/certificate, and uploaded to a server or transmitted via NFC.

● User can scan a QR code with their phone instead of presenting a physical license

  1. The Driver supplies their drivers license ID and other identifying information to the DMV’s server.
  2. The DMV responds with challenge questions, and the Driver replies with the answers.
  3. After successful identity verification, the Driver supplies the DMV with a RSA-4096 bit public key. The private key is always stored on the Driver’s device. It must never be uploaded anywhere; loss of the device should result in the loss of the key.
  4. The DMV creates and signs a JSON Proof with the Driver’s public key and data from the license, and provides this to the client. The DMV must not sign a JSON Proof with a serial number containing more than 18 hexadecimal characters.

How I built it

● DMV -4096 bit RSA key -Stored in Azure Key Vault -Only generated once; needs to be cycled every ~20 years as it doesn’t expire -Explicitly trusted by Relying Parties -Signs JSON Proofs after validating identity

● Driver -4096 bit RSA key -Supplies the DMV with its public key and identity validation information

● JSON Proof -Signed by the DMV -Contains the Driver’s public key, expiration and license information.

● Relying Party -Has list of all state DMV public keys to be used to verify JSON Proofs.

●Signatures The DMV signs the JSON Proof below with SHA256, which the client presents along with the JSON. The Relying Party must verify this signature.

Challenges I ran into

●Running into problems with Android Studio and Azure

What I learned

●Tons about Cryptography and secure solutions to problems we face today

What's next for Copia

●Improving our proof of concept implementation

Built With

Share this project:
×

Updates