This document specifies building blocks for the implementation of the operational phase of mobile eID systems and any other mdoc for national bodies or document-specific standards to create profiles according to their needs.

This document specifies the interface between the mdoc app and mdoc reader and the interface between the mdoc reader and the issuing authority infrastructure.

More specifically, this document defines transport protocols for various RF solutions and for over the internet. It defines the application layers, such as the request-response protocols between an mdoc app and mdoc reader and between an mdoc reader and issuing authority.

It further defines the security mechanism for issuer authentication, mdoc authentication and credential holder verification.

This document also specifies mechanisms enabling parties other than the issuing authority to:

• use a machine to obtain the mdoc data;
• bind the mdoc to the mdoc holder;
• authenticate the origin of the mdoc data;
• verify the integrity of the mdoc data.

The following items are out of scope for this document:

• provisioning of the mdoc data (this is covered by ISO/IEC TS 23220-3);
• how holder’s consent to share data is obtained;
• requirements on storage of mdoc data and mdoc private keys.

Finally, it provides information to create a conformant profile.