[DigitallyFidget]

That's what concerns me. It wouldn't be unreasonable or impossible for this to happen. The physical IDs have a ton of security features to them. And that's actually not even required. It's NFC based tap, someone will find a way to exploit and spoof a valid ID.

[dwaite]

Typically if presenting in person (such as airport security) you would need to also release your picture, which would show up on the TSA agent's terminal next to a big green checkmark for the valid cryptographic signature.

Without the picture? My understanding is that release does require authentication, and the message could disclose whether that was done with say the fingerprint used when the license was added to the phone.

The use of cryptographic signatures means the weakest link would likely be the identity verification process of the issuing DMV (or their app).

[judge2020]

If it's in any way reliant on a central database, or even PGP, I fail to see how you could fake an ID besides finding someone that looks like you and sending that in your place.

[DigitallyFidget]

That would kinda be the idea, using someone who has a similar looking photo to you. I'm thinking in terms of kids getting into clubs. Physical fake ID's are easy for a knowledgeable bouncer to spot, but if it's all digital data, then it's significantly harder for the bouncer to spot fakes when the data is validated by a system. They'd need entirely new training.

And it's not like there isn't already a black market of stolen IDs already. Get a photo of your client, run it against a database of stolen info, get a match. I understand I'm simplifying this immensely, but if the system can be broken, then it will be exploited. And really it's not if, but when.

I can see this being a useful technology in the case of law enforcement, pharmacies, doctors offices, or anywhere you would need to check in with your driver's license.