January 2026
This past October, California announced a new Driver’s License design. Included in their new card is a 2-D barcode, a PDF417, with a digital signature based on the Verifiable Credentials Data Model v2.0. Together with separate specifications for data integrity ( VC-DATA-INTEGRITY) and data compression ( CBOR-LD), it results in a secure and verifiable artifact. One of the key outcomes of California’s new ID is that it adds to the growing list of U.S. state jurisdictions that are issuing physical ID’s with a digitally signed barcode. Digitally signed barcodes are likely to be a critical addition to the security, the anti-counterfeiting posture, of a given document.
The use of the VC data model is unique and California is the first U.S. jurisdiction to use this specification. In our Summer 2025 meeting, we heard from NIST on the developing standards of the identity ecosystem – mainly between mDoc and the World Wide Web Consortium (WSC) Verifiable Credentials. It can be tempting to think of the ISO standards for mobile Driver’s Licenses (mDL) as exclusive or in competition with the W3C specification. The ISO 18013-5 standard started from a place of transforming a physical ID into a digital credential. The W3C started from a place of using any credential over the internet. There are perspectives and arguments on how these frameworks can be used in conjunction to create less fragmentation across identity ecosystems. In that respect, California’s efforts may offer opportunities.
In the short-term, one practical opportunity is that California is also offering a public “Credential Verifier.” While DSA has not tested or used this application, it appears that any smartphone or tablet can be used to scan the physical document, or the digital version in the CA DMV wallet, to help confirm an individual’s identity. This may allow new types of relying parties to conduct higher forms of identity assurance for a given benefit. It may be possible to build on this momentum to improve physical ID security against counterfeiting. If new and/or more businesses in California can realize or observe a reduction in fraud, this in turn can signal value to more issuing authorities to leverage the security in digitally-signed visible seals.
The next step is how to build on the work NIST has recently demonstrated in the preparation of compact face images for 2D barcodes – in short, that it may be possible to implement facial portraits, protected by digital signatures, inside optical barcodes to conduct facial recognition from the physical ID. Instead of relying on the printed portrait, could we realize identity verification using a 1:1 facial comparison from a secure artifact?
Tony Poole, President, DSA
