AFFIXIO
Offline QR
Offline QR gate verification
Turnstiles and field gates cannot always call a cloud eligibility API. AffixIO offline QR patterns let scanners verify signed proofs locally, enforce spent-proof anti-replay, and return allow or deny without a live identity database.
Definition
Offline QR gate verification presents a cryptographic proof in a QR code that scanners verify locally, with spent-proof to prevent replay.
Field note. QR codes without spent-proof invite pass-back and duplicate scans. Mark proofs spent at first successful verify.
How the scan works
Issue a credential with offline verify and spent-proof. Attendee or agent presents QR. Scanner checks ML-DSA-65 signature and spent state, then allow or deny. No attendee profile required at the gate.
Compare offline QR versus dynamic barcode for procurement. See offline gate verification for architecture.
Venues, transit, and field
The same pattern covers events, transit concessions, and contractor site access. Sync Merkle audit when connectivity returns.
Pair with anti-scalping ticket patterns where transfer policy matters.
Boundary hooks for offline QR gates
Map offline QR gates to a single verify endpoint even if multiple protocols feed the same checkout or tool surface. One permission layer reduces drift between AP2, UCP, and direct REST integrations.
Review deny rates weekly during pilot. Spikes often trace to policy drift or clock skew on expiry, not fraud.
PII creep
Dynamic barcodes without proof semantics
Many venues rotate barcodes yet still lack spent-proof and signed policy binding. Photographed codes and shared screens remain a problem.
Replay at the door
A valid-looking code used twice admits two people.
WAN dependency
Cloud-only verify fails when the venue link drops.
Attendee PII on scanners
Pulling profiles to the gate expands breach surface.
Weak compare story
Buyers need a clear contrast with dynamic barcode vendors.
Regulatory pack
Offline QR gates with spent-proof at the door
Venue and event gates using QR codes need verify that works when connectivity fails. Offline proofs with spent-proof on first scan prevent duplicate entry after sync.
Issue offline credentials
Spent-proof enabled.
Provision scanners
Keys and anti-replay.
Scan and decide
Local allow or deny.
Sync audit
Merkle refs after reconnect.
Boundary review
Readiness checks for offline QR gates
- Identify gates that must work offline.
- Enable spent-proof on all entry credentials.
- Remove profile fetch from the scanner path.
- Test double-scan and expired proof cases.
- Brief ops on deny handling at the door.
Age-assurance FAQ
Questions on offline QR gates
How is this different from a rotating barcode?
Signed policy binding plus spent-proof, not only rotation.
Do we need special phones?
Any QR presentation that carries the proof works. Scanner capability matters more.
Can agents present QR?
Yes. Offline agent payment and access use the same presentation idea.
Where is the compare page?
/compare/offline-qr-vs-dynamic-barcode
Sector context
Pages that support offline QR gates
Infrastructure
More infrastructure briefs
Bench offline QR verify gates
Run QR verify on disconnected devices in sandbox, then confirm spent-proof when the reader reconnects.