AffixIOAFFIXIO
Contact

At a glance

Product
QR proof verification at gates without live API
Scope
Stadiums, festivals, transport barriers
Offline
Local verify with spent enforcement on device
Signatures
ML-DSA-65 post-quantum (NIST FIPS 204)
Sync
Merkle audit when connectivity returns
Retention
Zero PII at verifier by default

The gap

Gates fail when the network does

Major venues routinely lose mobile data under crowd load. Cloud-only ticket checks stall queues, force manual overrides, and open the door to screenshot sharing.

Operators need verification that works on a battery-powered scanner at turnstile 47, not a datacentre three counties away.

AffixIO ships cryptographic proofs to the edge. Each scan is a local verify with spent tracking, not a prayer for 4G.

0ms
Network round-trip at scan time. Verification runs on the gate device against pre-synced keys and revocation state.
<80ms
Typical offline verify latency on production-shaped edge endpoints, including spent list lookup.
1 scan
One admission per proof. Replay at a second gate returns DENY with cryptographic certainty.

Architecture

Cloud lookup vs offline gate verify

Live API at gate
  • Scan fails when connectivity drops
  • Queues grow while staff override manually
  • Race conditions on concurrent scans
  • Screenshot tickets pass until sync catches up
  • Audit is server logs, not verifiable proof
AffixIO edge gate
  • Local verify with issuer public keys
  • Spent list enforced on device
  • Revocation deltas synced before doors open
  • Merkle audit uploaded when online
  • Works with anti-scalping ticket binding

Gate scan flow

QRFan presents ticket
VERIFYLocal proof check
YESAdmit and mark spent
QRSame ticket again
VERIFYSpent list hit
NODeny entry

Capabilities

What the gate device holds

Keys

Issuer trust bundle

Public keys and circuit manifests synced before the event. No secrets on the scanner.

Spent

Local spent registry

Every admitted proof marked spent on device. Partition merges on reconnect.

Revoke

Revocation deltas

Cancelled and refunded tickets blocked offline via pre-pushed delta bundles.

Bind

Holder binding

Optional wallet or device binding to stop screenshot resale at the turnstile.

Sync

Merkle upload

Spent digests and scan events append to audit tree when connectivity returns.

Edge

Gate hardware ready

Runs on rugged scanners, tablets, and embedded turnstile controllers.

Integration

Four steps to offline gates

01

Mint proofs

Issue tickets as verifiable QR proofs from your box office or primary platform.

02

Pre-sync devices

Push trust bundles, revocation deltas, and partition config to each gate before doors.

03

Scan offline

Gate returns YES or NO locally. Spent proofs cannot pass a second scan.

04

Reconcile

Upload Merkle events post-event. Audit admission counts against central records.

Where it applies

Offline gate scenarios

Football stadia

Turnstile clusters with patchy signal. Sector-based partitions for North Stand gates.

Music festivals

Field gates across multiple days. Day-bound proofs with wristband re-entry rules.

Transport hubs

Platform barriers where underground coverage is unreliable.

Conference halls

Session-level access without Wi-Fi dependency on the exhibition floor.

Theme parks

Fast-pass lanes with offline verify and spent enforcement per ride.

Pop-up venues

Temporary sites with no fixed network. Battery scanners and sync on teardown.

Offline verification at the physical boundary

Stadium gates, festival entrances, and rural transit stops share one constraint: connectivity is unreliable at the moment of decision. Traditional ticketing checks a barcode against a central database. When the link fails, operators fall back to visual inspection or offline lists that go stale within minutes. AffixIO puts the proof inside the QR payload so the scanner decides locally.

The verifier receives allow or deny plus signature validation. No round trip. No standing guest profile at the gate. Spent-proof semantics mean a screenshot or duplicate scan returns DENY even if the first admission happened on a different lane ten seconds earlier.

Architecture at the turnstile

Issuance binds ticket rights to a witness prepared upstream. The QR encodes a proof, not merely a lookup key. Gate devices run verify with embedded public keys. Audit digests sync when connectivity returns, appending to a Merkle tree for dispute resolution and revenue assurance.

Venue operator checklist

  1. Define admission policy as a circuit or attestation path.
  2. Test offline verify latency on target scanner hardware in the sandbox.
  3. Configure spent-proof enforcement across all lanes.
  4. Rehearse Merkle export for finance and anti-fraud review.
  5. Train staff on DENY handling without exposing guest data.

Related: anti-scalping tickets, double-spend prevention, ticketing platforms, ticketing FAQ. Reviewed 12 July 2026.

Frequently asked questions

Can gate devices verify tickets without internet?

Yes. Edge devices verify cryptographic proofs locally using pre-synced keys and revocation state. No live API call is required at scan time.

How are double scans prevented offline?

Each successful admission marks the proof as spent on the gate device. A second scan returns DENY with a spent reason.

What happens when connectivity returns?

Gate devices upload spent digests and audit events to the Merkle tree. Central systems reconcile partitions and push fresh bundles.

Does offline verification store attendee PII?

No. The gate receives YES or NO plus proof metadata. Personal data stays at the issuer.

Test offline gate verify

Run ticket mint, edge consume, and spent checks in the sandbox. Scope a pilot with your access control vendor.