> The clerk only visually inspects the ID document then enters the serial number into a web portal and hands it to you.

No absolutely not. There's no need for it. We don't require Internet connected beer cans to phone home to a government server and recheck your driver's license when you're cracking them open.

> When you go to "redeem" it the service relays the number back to the government server rather than your local device doing so directly

Your possession of the token when you enter it into your social media account is proof enough that you're of age. The social media website only needs to call the token issuer's API to verify its validity. And all the token issuer should know is it's a valid token sold to a buyer of legal age. Anything more is needlessly complicated and risks anonymity. No recording of IDs in any way, shape or form whatsoever.

And there's no need to involve the government or government servers in any of the implementation or technology. It can be an open, published standard. Any company that can get their cards in stores, and sold with age verification, should be able to participate. All participants can be periodically inspected by the government to ensure compliance with standards.