Veriff’s ePassport Validator performs industry-standard cryptographic checks to ensure the authenticity and integrity of electronic passport (ePassport) data, as specified in the ICAO Doc 9303 guidelines. This safeguards against counterfeiting and tampering and ensures alignment with border control best practices.
Does Veriff cryptographically verify ePassport data?
Yes.
Veriff performs a full suite of cryptographic checks on ePassport data, known as Passive Authentication under ICAO standards. These procedures guarantee that the passport’s digital information is genuine and has not been altered since issued by the proper authority.
Does Veriff verify DS cert chains to CSCA (Country Signing CA)?
Yes.
Veriff checks that the Document Signer (DS) certificate, which was used to sign the ePassport’s data, is itself trusted by a legitimate national authority (CSCA). This is done by verifying the DS certificate’s path (“chain”) up to a trusted Country Signing Certificate Authority, which is part of an official set of trusted government certificates.
Why? This ensures the ePassport was genuinely issued by a legitimate passport authority and not by an imposter.
Does Veriff verify the SOD signature with the DS key?
Yes.
The validator reads the Security Object Document (SOD), a special file on the ePassport which contains digital signatures, and verifies its signature using the public key contained in the trusted Document Signer certificate.
Why? This proves that the ePassport’s critical information (such as the holder’s personal details and biometrics) has been officially signed by the country and has not been altered since.
Does Veriff compute hash(DG1) and compare to SOD?
Yes.
The validator recalculates the cryptographic hash (a unique fingerprint) of Data Group 1 (DG1), which contains personal details (like name, passport number, etc.), and compares it to the value that’s stored and signed in the SOD.
Why? This makes sure that the identity data has not been tampered with or modified.
Does Veriff compute hash(DG2) and compare to SOD?
Yes.
The validator recalculates the hash of Data Group 2 (DG2), which contains the passport photo (facial biometric), and compares it with what’s signed in the SOD.
Why? This guarantees the facial image used for biometric checks is authentic and has not been changed or replaced.
Summary
Veriff’s validator performs all critical, internationally-required Passive Authentication steps on every ePassport:
It checks that all digital signatures chain up to a trusted country authority.
It verifies that signatures themselves are valid and untampered.
It checks that personal and biometric data has not been altered since issuance.
This ensures that Veriff’s ePassport validation process meets high standards for authenticity and integrity -important for compliance and regulatory confidence.
Changelog
Date | Description |
|---|---|
Jan 19, 2026 | Document published |