Abstract: Techniques are described herein for mobile document provisioning. An example method includes a device receiving, from an inspection system of a first jurisdiction, a request for a mobile identification document of a second jurisdiction. The device can transmit, to the inspection system, the mobile identification document based on the request, the mobile identification document comprising a mobile identification document public key. The device can receive from the inspection system, a mobile supplemental document, the mobile supplemental document comprising a mobile supplemental document public key derived from the mobile identification document public key, the inspection system being configured to derive the mobile supplemental document public key from the mobile identification document public key.

Abstract: Techniques are disclosed relating to authenticating a user with a mobile device. In some embodiments, a computing device stores a first signed attestation indicating an ability of the computing device to securely perform a user authentication. The computing device receives a request to store credential information of an identification document issued by an issuing authority to a user for establishing an identity of the user. In response to the request, the computing device sends, to the issuing authority, a request to store the credential information, the sent request including the first signed attestation to indicate an ability to perform a user authentication prior to permitting access to the credential information. In response to an approval of the sent request based on the first signed attestation, the computing device stores the credential information in a secure element of the computing device.

Abstract: Techniques are disclosed relating to authenticating a user with a mobile device. In various embodiments, a mobile device receives a request to provision the mobile device with identification information from an identification document issued by an authority to a user for establishing an identity of the user. In response to the received request, the mobile device issues a request for verification information signed by the authority and usable to verify the identification information. The issued request identifies multiple public keys of the mobile device, each having a respective corresponding private key for generating a signature usable to verify the identification information. The mobile device receives and stores the signed verification information, the signed verification information including the plurality of public keys. In some embodiments, the mobile device receives a request provide, at least, a portion of the identification information and selects one of the private keys to generate a signature.

Abstract: Techniques are disclosed relating to authenticating a user with a mobile device. In some embodiments, a computing device stores a first signed attestation indicating an ability of the computing device to securely perform a user authentication. The computing device receives a request to store credential information of an identification document issued by an issuing authority to a user for establishing an identity of the user. In response to the request, the computing device sends, to the issuing authority, a request to store the credential information, the sent request including the first signed attestation to indicate an ability to perform a user authentication prior to permitting access to the credential information. In response to an approval of the sent request based on the first signed attestation, the computing device stores the credential information in a secure element of the computing device.