Offline attendance without time spoofing

Offline mode is only safe if you can trust the timestamp. We use a monotonic clock offset relative to the last server ping to reconstruct real punch time.

Kiosks encrypt offline payloads using the public key and never store raw images. On sync, the backend validates the offset window and rejects tampered payloads.

This approach removes time travel attacks while preserving operational continuity.