At the airport, he shows the security droid his hacked boarding pass and his real ID. The droid never checks the pass to see if it is the name it was sold to. When Joe boards the plane, he turns in the original boarding pass, which does shows the name it is supposed to. No need to show an ID again.
In this scenario, it's Bob Jones' name that gets checked against the blacklist. Since Bob is a fine upstanding citizen, his references are as white as snow. Most ten year-olds today could pull this off.
So much for the TSA spending a gazillion tax dollars and hacking into everyone's electronic records in the name of almighty security.