Solution · Architecture
Offline authentication — trust without a network.
Most of the world is not always online. Transit gates lose backhaul. Industrial sites are air-gapped. Inspectors patrol remote routes. Offline authentication is the architecture pattern that lets two parties prove identity to each other without needing to phone home.
When offline auth is the right tool
- Latency-bounded systems where a network round-trip is too slow (transit gates).
- Intermittent connectivity environments (rural buses, depot-only Wi-Fi, mobile inspectors).
- Sensitive systems where a network dependency is itself a risk (industrial control, defence).
- High volume where the cost of an authoriser round-trip is operationally prohibitive.
The pattern
Three ingredients:
- Hardware-rooted credential. The card / device holds a private key inside a Secure Element. The validator holds a verifying key (public, or symmetric in a SAM).
- Per-session crypto. Mutual challenge-response over a freshly derived session key per tap. Captured cryptograms expire on the next interaction.
- Deferred reconciliation. Receipts are signed locally and uploaded later. The back office verifies after the fact, even hours later, against the same key material the SAM used.
The combination is what makes the gate decide in 200 ms with the same security properties as if it had been online.
Building offline-first?
From card profile to validator firmware to backend reconciliation, we ship the offline-authentication chain.