How can citizens enroll, revoke, or transfer their state digital ID credentials?
Executive summary
Enrollment, revocation and transfer of state digital ID credentials is handled by state DMVs and mobile wallet platforms: citizens typically enroll by scanning their physical credential and taking a selfie in a state app or Apple/Google Wallet flow (examples: Illinois rollout uses Apple Wallet scan + selfie) [1] and TSA lists participating states and wallet platforms [2]. Revocation and device removal is supported by state apps and vendor toolkits—users can remotely revoke or remove devices via account settings in some state or vendor apps (example: ID123 shows device removal UI) and national guidance highlights remote management as a security advantage of digital IDs [3] [4]. Cross-device transfers are an unresolved standards challenge: IETF working groups and drafts describe transfer “shares” and recommend secure, standardized protocols because no universal method yet exists [5] [6].
1. How people enroll today — “scan, selfie, sign”
States and commercial platforms have converged on a simple enrollment pattern: you open the official state app or a wallet (Apple/Google/Samsung), scan or present your physical driver’s license, and complete a biometric selfie verification so the issuing agency can match you to records before issuing a mobile credential (illustrated by Illinois’ Apple Wallet launch) [1] [7]. The TSA’s list of participating states confirms that these credentials are issued by state authorities and can be added to Apple Wallet, Google Wallet or state-specific apps for use at approved checkpoints [2] [8]. Enrollment is voluntary in most states and does not yet replace the physical card for all uses [9].
2. What revocation and device control look like — “remote kill switches exist, but vary”
Remote revocation and device management are core selling points of mobile IDs: guidance from privacy/cyber groups and state programs highlights the ability to revoke an mDL if a phone is lost or stolen [4] [10]. Vendor documentation shows concrete controls in practice — for example, ID123’s support article explains how users can view and remove registered devices and long‑press to revoke access from an old phone [3]. States and apps vary in terminology and pathways (some call it “remove device,” others “revoke credential”), and available sources do not provide a single national procedure or timeline for how quickly revocation takes effect in all contexts (not found in current reporting).
3. Transferring credentials between devices or people — “standards work, not yet ubiquitous”
Transferring a digital credential from one wallet to another or sharing it temporarily is an active technical problem. IETF work (the Tigress WG and drafts) says there is currently no widely accepted, cross‑platform method for securely transferring credentials and proposes a “share” construct that lets a recipient request a new credential from the issuer without exposing private keys [5] [6]. Platform documentation (Android’s DigitalCredential API) and standards efforts point to multiple protocols (W3C Verifiable Credentials, SD‑JWT, mdoc) but emphasize that implementations differ across ecosystems [11] [5]. In short: transfer is possible in limited, vendor/state-specific ways, but a universal, interoperable transfer model is still being standardized [5].
4. Who enforces and who accepts digital IDs — “an evolving trust network”
Acceptance depends on two parties: the issuing state and the verifier (airports, businesses, agencies). TSA’s program lists participating states and approved wallet platforms for checkpoint use, showing that federal screening now recognizes state-issued mDLs from eligible jurisdictions [2] [8]. Media reports and industry trackers document expanding state participation (Illinois launch, a dozen+ states implemented or piloting programs) and millions of issued mDLs, but acceptance remains uneven in everyday contexts outside airports [1] [9] [12].
5. Privacy, security and political pushback — “convenience versus surveillance”
Proponents emphasize cryptographic protections, selective disclosure and remote revocation as security gains over plastic cards [4]. Civil liberties groups warn that badly designed digital ID systems can enable pervasive tracking and increase demands for identity verification online, urging strict privacy safeguards and legislative limits [13]. States and standards bodies are responding: California’s Identity Gateway and other projects stress minimal data storage and controlled exchanges with services [14], while NIST and technical drafts push verifiable credential models to limit data exposure [15] [5].
6. Practical checklist for citizens — “before you go digital”
Follow your state DMV’s official instructions and use the state app or an approved wallet to enroll [1] [2]. Configure strong device security (passcode, biometrics) and learn the revocation or “remove device” steps in your app — vendor guides such as ID123 show dedicated account/device UIs [3] [4]. If you need to transfer access, check whether your state or vendor offers a supported transfer flow; if not, expect to re‑provision the credential via the issuer rather than a simple peer‑to‑peer copy [6] [5].
Limitations: reporting documents state examples, standards drafts and vendor guides, but available sources do not provide a single nationwide enrollment/revocation/transfer procedure — processes vary by state, wallet platform and issuer (not found in current reporting).