Comment by Closi
2 years ago
They needed reliable connectivity in the previous scenario (checking barcodes against a central db) - they just setup a local private wifi network for the handsets and all the venue devices.
Otherwise I can't see how you would avoid replay attacks.
You can do time-based binding. Many TLS/Quic 0RTT take this approach; where the signature is only valid for a second or so. It's not as good as a real strike register, but probably ok for this kind of environment. Of course the barcodes would need to be more dynamic, but that's doable.