Digital Signatures in Drivers License Barcodes

You may have noticed the implementation of cryptographically secure digital signatures in some drivers license barcodes. This is the work of CBN STI (Canadian Bank Note Secure Technologies Inc), the current secure credential provider for New York, North Carolina, Virginia, and Wisconsin drivers licenses and ID cards. This article presents our research findings on these digital signatures, their underlying mechanisms, and their implications for our barcode service.

Note: at the time of writing this article, the digital identity provider Intellicheck only validates the signatures for NY, NC, and VA. Wisconsin is not validated properly.

Understanding Digital Signatures

A digital signature, in essence, is a cryptographic technique used to verify the authenticity and integrity of digital data.

1. Authenticity: Confirms the document was issued by a legitimate authority (e.g. the DMV)
2. Integrity: Guarantees that not a single letter, number, or symbol has been altered since issuance

This is achieved through asymmetric cryptography, involving a pair of keys: a private key, known only to the signer, and a public key, which can be widely distributed. The signer (e.g. the DMV) uses their private key to create the unique digital signature tied to the barcode data, and anyone with the corresponding public key can verify it.

Digital Signatures in Drivers License Barcodes

CBN STI implements a digital signature within the barcode of the driver's licenses it produces. While the exact algorithms are proprietary and closely guarded, our research indicates that this signature utilizes the Elliptic Curve Digital Signature Algorithm (ECDSA) in conjunction with the SHA-512 cryptographic hash function, a military-grade combination trusted by banks and governments worldwide. The resulting signature is then encoded using Base85, a binary-to-text encoding scheme, to efficiently represent the signature data within the barcode's limited space.

The process works as follows: First, all the data fields on the driver's license (name, address, date of birth, etc.) are concatenated and hashed using SHA-512. This produces a unique "fingerprint" of the license data. This fingerprint is then signed using the issuing authority's (e.g., the state DMV's) private key. This signed hash is the digital signature. Any modification to even a single character within the barcode data (e.g. changing "1990" to "1991") will result in a different hash value, and therefore, an invalid signature.

Barcode Validation

Our research into digital identity validation providers has revealed important distinctions in how different providers verify these digital signatures. Most providers, including Veriscan and Checkpoint, perform only basic structural validation by confirming that the signature field contains properly encoded data that decodes to a valid ASN.1 DER format binary signature. While this approach confirms the presence of a formally valid signature, it does not verify the cryptographic authenticity of that signature.

For complete cryptographic verification, a validation service must possess the correct public key corresponding to the issuing authority's private key. Through extensive testing of various validation services, we found that Intellicheck currently appears to be the only digital identity verification provider performing full cryptographic verification using the correct public keys. This was demonstrated through controlled tests where minimal alterations were made to legitimate barcodes such that changing even a single character in any field consistently results in validation failure with Intellicheck, while other validators continue to accept the modified data as long as it contains a properly formatted signature.

This distinction is significant because we are able to use our own private key to create signatures that pass basic structural validation. This means that barcodes generated using our service will still pass on all validation providers other than Intellicheck. However, without access to the issuing authority's private key, it is mathematically impossible to generate a signature that will pass true cryptographic verification.

Cryptographic Security

The security of ECDSA relies on the computational difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP). This mathematical problem is considered intractable, that even quantum computers can't yet solve. The private key used by the issuing authority is kept secret and is never exposed to the public. SHA-512, the hash function used, is designed to be collision-resistant, meaning it's practically impossible to find two different inputs that produce the same hash output. These factors combined make it computationally impossible for anyone to generate a valid signature without possessing the correct private key.

Implications for Barcode Generators

Unfortunately for us, digital signatures embedded in driver's license and identification card barcodes represent a substantial advancement in document security. The implementation in credentials centrally issued by CBN STI offers a high level of assurance against forgery. We will continue to monitor advancements and implementations in verifiable credentials to keep our service one-step ahead wherever possible.