AFFIXIO
Scan at the door without connectivity
Stadium concourses, festival fields, and station barriers cannot rely on live API calls. AffixIO gate devices verify QR proofs locally and return signed YES or NO with spent enforcement. Try offline ticket flows in the sandbox or read the offline tickets sector guide.
At a glance
- Product
- QR proof verification at gates without live API
- Scope
- Stadiums, festivals, transport barriers
- Offline
- Local verify with spent enforcement on device
- Signatures
- ML-DSA-65 post-quantum (NIST FIPS 204)
- Sync
- Merkle audit when connectivity returns
- Retention
- Zero PII at verifier by default
The gap
Gates fail when the network does
Major venues routinely lose mobile data under crowd load. Cloud-only ticket checks stall queues, force manual overrides, and open the door to screenshot sharing.
Operators need verification that works on a battery-powered scanner at turnstile 47, not a datacentre three counties away.
AffixIO ships cryptographic proofs to the edge. Each scan is a local verify with spent tracking, not a prayer for 4G.
Architecture
Cloud lookup vs offline gate verify
- ✕ Scan fails when connectivity drops
- ✕ Queues grow while staff override manually
- ✕ Race conditions on concurrent scans
- ✕ Screenshot tickets pass until sync catches up
- ✕ Audit is server logs, not verifiable proof
- ✓ Local verify with issuer public keys
- ✓ Spent list enforced on device
- ✓ Revocation deltas synced before doors open
- ✓ Merkle audit uploaded when online
- ✓ Works with anti-scalping ticket binding
Gate scan flow
Capabilities
What the gate device holds
Issuer trust bundle
Public keys and circuit manifests synced before the event. No secrets on the scanner.
Local spent registry
Every admitted proof marked spent on device. Partition merges on reconnect.
Revocation deltas
Cancelled and refunded tickets blocked offline via pre-pushed delta bundles.
Holder binding
Optional wallet or device binding to stop screenshot resale at the turnstile.
Merkle upload
Spent digests and scan events append to audit tree when connectivity returns.
Gate hardware ready
Runs on rugged scanners, tablets, and embedded turnstile controllers.
Integration
Four steps to offline gates
Mint proofs
Issue tickets as verifiable QR proofs from your box office or primary platform.
Pre-sync devices
Push trust bundles, revocation deltas, and partition config to each gate before doors.
Scan offline
Gate returns YES or NO locally. Spent proofs cannot pass a second scan.
Reconcile
Upload Merkle events post-event. Audit admission counts against central records.
Where it applies
Offline gate scenarios
Football stadia
Turnstile clusters with patchy signal. Sector-based partitions for North Stand gates.
Music festivals
Field gates across multiple days. Day-bound proofs with wristband re-entry rules.
Transport hubs
Platform barriers where underground coverage is unreliable.
Conference halls
Session-level access without Wi-Fi dependency on the exhibition floor.
Theme parks
Fast-pass lanes with offline verify and spent enforcement per ride.
Pop-up venues
Temporary sites with no fixed network. Battery scanners and sync on teardown.
Offline verification at the physical boundary
Stadium gates, festival entrances, and rural transit stops share one constraint: connectivity is unreliable at the moment of decision. Traditional ticketing checks a barcode against a central database. When the link fails, operators fall back to visual inspection or offline lists that go stale within minutes. AffixIO puts the proof inside the QR payload so the scanner decides locally.
The verifier receives allow or deny plus signature validation. No round trip. No standing guest profile at the gate. Spent-proof semantics mean a screenshot or duplicate scan returns DENY even if the first admission happened on a different lane ten seconds earlier.
Architecture at the turnstile
Issuance binds ticket rights to a witness prepared upstream. The QR encodes a proof, not merely a lookup key. Gate devices run verify with embedded public keys. Audit digests sync when connectivity returns, appending to a Merkle tree for dispute resolution and revenue assurance.
Venue operator checklist
- Define admission policy as a circuit or attestation path.
- Test offline verify latency on target scanner hardware in the sandbox.
- Configure spent-proof enforcement across all lanes.
- Rehearse Merkle export for finance and anti-fraud review.
- Train staff on DENY handling without exposing guest data.
Related: anti-scalping tickets, double-spend prevention, ticketing platforms, ticketing FAQ. Reviewed 12 July 2026.
Frequently asked questions
Can gate devices verify tickets without internet?
Yes. Edge devices verify cryptographic proofs locally using pre-synced keys and revocation state. No live API call is required at scan time.
How are double scans prevented offline?
Each successful admission marks the proof as spent on the gate device. A second scan returns DENY with a spent reason.
What happens when connectivity returns?
Gate devices upload spent digests and audit events to the Merkle tree. Central systems reconcile partitions and push fresh bundles.
Does offline verification store attendee PII?
No. The gate receives YES or NO plus proof metadata. Personal data stays at the issuer.
Test offline gate verify
Run ticket mint, edge consume, and spent checks in the sandbox. Scope a pilot with your access control vendor.