AffixIOAFFIXIO
Contact

Offline QR

Offline QR gate verification

Turnstiles and field gates cannot always call a cloud eligibility API. AffixIO offline QR patterns let scanners verify signed proofs locally, enforce spent-proof anti-replay, and return allow or deny without a live identity database.

Category Infrastructure Updated 17 July 2026 Reading ~8 min
OFFLINE QRSPENT-PROOFTURNSTILEML-DSA-65LOCAL VERIFYALLOW/DENY

Definition

Offline QR gate verification presents a cryptographic proof in a QR code that scanners verify locally, with spent-proof to prevent replay.

Field note. QR codes without spent-proof invite pass-back and duplicate scans. Mark proofs spent at first successful verify.

How the scan works

Issue a credential with offline verify and spent-proof. Attendee or agent presents QR. Scanner checks ML-DSA-65 signature and spent state, then allow or deny. No attendee profile required at the gate.

Compare offline QR versus dynamic barcode for procurement. See offline gate verification for architecture.

Venues, transit, and field

The same pattern covers events, transit concessions, and contractor site access. Sync Merkle audit when connectivity returns.

Pair with anti-scalping ticket patterns where transfer policy matters.

Boundary hooks for offline QR gates

Map offline QR gates to a single verify endpoint even if multiple protocols feed the same checkout or tool surface. One permission layer reduces drift between AP2, UCP, and direct REST integrations.

Review deny rates weekly during pilot. Spikes often trace to policy drift or clock skew on expiry, not fraud.

PII creep

Dynamic barcodes without proof semantics

Many venues rotate barcodes yet still lack spent-proof and signed policy binding. Photographed codes and shared screens remain a problem.

Replay at the door

A valid-looking code used twice admits two people.

WAN dependency

Cloud-only verify fails when the venue link drops.

Attendee PII on scanners

Pulling profiles to the gate expands breach surface.

Weak compare story

Buyers need a clear contrast with dynamic barcode vendors.

Regulatory pack

Offline QR gates with spent-proof at the door

Venue and event gates using QR codes need verify that works when connectivity fails. Offline proofs with spent-proof on first scan prevent duplicate entry after sync.

  1. Issue offline credentials

    Spent-proof enabled.

  2. Provision scanners

    Keys and anti-replay.

  3. Scan and decide

    Local allow or deny.

  4. Sync audit

    Merkle refs after reconnect.

Boundary review

Readiness checks for offline QR gates

  • Identify gates that must work offline.
  • Enable spent-proof on all entry credentials.
  • Remove profile fetch from the scanner path.
  • Test double-scan and expired proof cases.
  • Brief ops on deny handling at the door.

Age-assurance FAQ

Questions on offline QR gates

How is this different from a rotating barcode?

Signed policy binding plus spent-proof, not only rotation.

Do we need special phones?

Any QR presentation that carries the proof works. Scanner capability matters more.

Can agents present QR?

Yes. Offline agent payment and access use the same presentation idea.

Where is the compare page?

/compare/offline-qr-vs-dynamic-barcode

Bench offline QR verify gates

Run QR verify on disconnected devices in sandbox, then confirm spent-proof when the reader reconnects.