HUMΛN
DocsAPI ReferenceSDK ReferencePatternsCommunity
← Back to Patterns

Verify Passport Offline

Availablepassportintermediate

Overview

Verify a Passport and its delegations without network connectivity. Cryptographic verification happens locally using public keys and signatures—no API calls, no latency, no dependency on HUMAN's infrastructure.

Why Offline Verification?

  • Zero Latency: Verification is instant (milliseconds, not seconds)
  • High Availability: Works even if HUMAN's servers are down
  • Privacy: No network calls means no metadata leakage
  • Edge Computing: Perfect for IoT, mobile, and distributed systems
  • Compliance: Meet data residency requirements (data never leaves device)
  • Resilience: Continue operating during network outages

    • Think of it like: Checking a driver's license by looking at the hologram—you don't need to call the DMV to know it's authentic.

    How Offline Verification Works

    HUMΛN Passports use cryptographic proofs that can be verified without contacting a server:

    1. Public Key Infrastructure (PKI): Every Passport has a public/private key pair 2. Signatures: Actions are signed with the private key 3. Local Verification: Anyone with the public key can verify the signature 4. Revocation Lists (CRLs): Downloaded periodically (optional) to check for revoked Passports

    SDK Examples

    >
    SDK:
    0

    Verify Delegation Offline

    Delegations can also be verified without network connectivity.

    >
    SDK:
    1

    Use Cases

    1. IoT & Edge Devices

    Scenario: Smart home device verifies agent authority without internet connectivity.

    >
    SDK:
    2

    2. Mobile Apps with Spotty Connectivity

    Scenario: Mobile app verifies user identity without network access.

    >
    SDK:
    3

    3. High-Security Environments

    Scenario: Air-gapped system verifies credentials without external connectivity.

    >
    SDK:
    4

    Hybrid Approach: Offline with Periodic Sync

    Best practice is verify offline, sync periodically:

    >
    SDK:
    5

    Security Considerations

    DO:

  • Verify signatures locally for speed and privacy
  • Cache Certificate Revocation Lists (CRLs) and sync periodically
  • Check expiration dates locally (no network required)
  • Use offline verification for latency-critical operations
  • Log verification events for audit trails

    • DON'T:

  • Skip revocation checks entirely (use cached CRLs)
  • Trust expired Passports (always check expiresAt locally)
  • Rely solely on offline verification for high-security scenarios (combine with periodic online checks)
  • Ignore signature validation errors (they indicate tampering)

    • Performance

    Offline verification is orders of magnitude faster than online verification:

    Verification TypeLatencyNetwork Required
    Offline (signature only)~5ms❌ No
    Offline + CRL check (cached)~10ms❌ No
    Online (full verification)~200ms✅ Yes

    Edge IoT Devices

    Verify sensor data signatures without network access in remote locations

    Autonomous Vehicles

    Authenticate control commands offline for safety-critical operations

    Air-Gapped Systems

    Verify identities in secure facilities without external connectivity

    High-Frequency Trading

    Sub-millisecond verification for financial transactions

    DO

    Download and cache revocation lists (CRLs) periodically when online

    Use time-bounded verification with expiry timestamps

    Validate full certificate chains for trust verification

    Implement fallback to online verification when critical

    DON'T

    Trust stale CRLs beyond their validity period

    Skip signature verification to save processing time

    Store private keys on verification-only devices

    Assume offline verification is sufficient for all use cases

    ← All PatternsLearn about passport