ISO IEC 18013-3-2017 PDF

Full title and description

Information technology — Personal identification — ISO‑compliant driving licence — Part 3: Access control, authentication and integrity validation (ISO/IEC 18013‑3:2017). This part of ISO/IEC 18013 defines interoperable technical options for issuing authorities to limit access to machine‑readable driving‑licence data, authenticate the origin of a licence, and validate data integrity to support secure international use and mutual recognition of ISO‑compliant driving licences.

Abstract

ISO/IEC 18013‑3:2017 specifies access control mechanisms (e.g., Basic Access Protection, PACE), document authentication techniques (e.g., Passive Authentication, Active Authentication, EAC), and data‑integrity validation methods (digital signatures, security objects such as EF.SOD) for machine‑readable driving licences based on the data model of ISO/IEC 18013‑2. It is focused on technical mechanisms for secure reading and verification and does not itself prescribe downstream privacy or data‑use policy.

General information

• Status: Published.
• Publication date: 4 April 2017 (ISO/IEC 18013‑3:2017).
• Publisher: ISO/IEC (published under ISO/IEC JTC 1/SC 17).
• ICS / categories: 35.240.15 (Identification cards; chip cards; biometrics).
• Edition / version: Edition 2.0 (2017) with later amendments (see below).
• Number of pages: 80 pages (base publication).

Scope

This part provides technical options and rules for: (1) access control to limit unauthorized reading of on‑card machine‑readable data; (2) document authentication to confirm that a driving licence was issued by the claimed issuing authority; and (3) data integrity validation to detect alteration after issuance. It builds on the machine‑readable data content defined in ISO/IEC 18013‑2 and is intended to support interoperable issuance and verification while allowing jurisdictions to apply their own privacy and policy rules. The standard does not prescribe how obtained data are subsequently used.

Key topics and requirements

• Access control mechanisms: Basic Access Protection (BAP), Password‑Authenticated Connection Establishment (PACE), and other options to protect against unauthorized or remote reading.
• Document authentication: Passive Authentication (digital signature verification), Active Authentication, and Extended Access Control variants for proving document origin.
• Data integrity validation: Use of digital signatures and Document Security Object (e.g., EF.SOD) to ensure data have not been altered since issuance.
• Interoperability rules aligned with the machine‑readable data model from ISO/IEC 18013‑2.
• Compatibility with subsequent amendments that update cryptographic and protocol details (amendments published post‑2017).

Typical use and users

Primary users include national and regional issuing authorities (motor vehicle departments), card and chip manufacturers, system integrators, identity solution vendors, verification service providers, and software developers implementing readers and verification tools. Use cases include issuance workflows, inspection/verification at border control or law enforcement, and interoperability testing between jurisdictions.

Related standards

ISO/IEC 18013 is a multi‑part series. Related parts and documents include ISO/IEC 18013‑1 (human‑readable driving licence data), ISO/IEC 18013‑2 (machine‑readable data model), ISO/IEC 18013‑5 (mobile driving licence — mDL interfaces and application), and associated amendments to part 3 (e.g., Amd 1:2022 for PACE, Amd 2:2023 for passive authentication updates). Test‑method and technical specification work (such as TS or DIS documents for mDL and testing) also complements part 3 when applied to mobile implementations.

Keywords

ISO‑compliant driving licence (IDL), machine‑readable driving licence, access control, authentication, data integrity, passive authentication, active authentication, PACE, BAP, EF.SOD, digital signature, mDL, issuing authority, document authentication.

FAQ

Q: What is this standard?

A: ISO/IEC 18013‑3:2017 is the part of the ISO/IEC 18013 series that specifies access control, authentication, and integrity validation mechanisms for ISO‑compliant driving licences (machine‑readable and interoperable IDLs).

Q: What does it cover?

A: It covers technical mechanisms and rules to limit unauthorized access to on‑card data, verify that a licence was issued by the claimed authority (document authentication), and confirm that recorded data have not been altered since issuance (integrity validation). It does not govern downstream privacy or data‑use policy.

Q: Who typically uses it?

A: Issuing authorities, card/chip manufacturers, solution integrators, reader and verification software developers, and organizations performing interoperability testing or audits.

Q: Is it current or superseded?

A: The 2017 edition is published and has received subsequent amendments (for example, Amendment 1 in 2022 and Amendment 2 in 2023) that update protocol and authentication details; implementers should consider the base 2017 text together with applicable amendments for current requirements.

Q: Is it part of a series?

A: Yes — ISO/IEC 18013 is a multi‑part standard covering human‑readable data (part 1), machine‑readable data model (part 2), access/authentication/integrity (part 3), and mobile driving licence interfaces and related work in later parts (such as part 5), plus supporting test specifications.

Q: What are the key keywords?

A: Access control, authentication, data integrity, PACE, BAP, passive authentication, active authentication, EF.SOD, mDL, issuing authority, ISO‑compliant driving licence.