> For the complete documentation index, see [llms.txt](https://docs.oomus.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.oomus.org/security/offline-verification.md).

# Offline verification

Offline verification is one of the most distinctive capabilities of Oomus CampaignID. It allows a field agent to verify the authenticity of thousands of cards without any Internet connection.

***

## How it works

### Portal generation

At the end of each successful generation job, Oomus CampaignID automatically produces a **static verification portal** : a standalone archive containing the verification interface, the code registry and the resources needed for offline operation.

### Portal distribution

The portal can be distributed in several ways depending on the connectivity available:

| Method                            | Connectivity required                         | Use case                            |
| --------------------------------- | --------------------------------------------- | ----------------------------------- |
| Download from the Oomus interface | Requires a connection at the time of download | Campaign managers                   |
| USB flash drive / SD card         | None                                          | Areas without Internet access       |
| Internal web server               | Local network only                            | Healthcare facilities with intranet |
| CD-ROM / offline archive          | None                                          | Archiving, most remote areas        |

### Client-side verification

Once the portal is downloaded, **all checks are performed locally in the browser** via the native WebCrypto API. The scanned or entered code is checked instantly against the local registry — no network request is made.

***

## Verification modes

### 1. Manual code entry

The agent enters the code printed on the card (e.g., `DKR-VAC-9XQ7LM2A`).

**Interface** :

* Input field with format validation
* Immediate verification after entry (< 50 ms)
* Clear visual result (green / red / orange)

**Possible results** :

| Status     | Display                                  | Meaning                                                             |
| ---------- | ---------------------------------------- | ------------------------------------------------------------------- |
| ✅ Valid    | Green background, "Authentic card"       | The card is in the registry and active                              |
| ❌ Revoked  | Red background, "Revoked card"           | The card has been invalidated                                       |
| ⚠️ Unknown | Orange background, "Card not recognized" | The code is not in this registry (possible forgery or wrong portal) |

### 2. QR code scanning (camera)

The agent points their smartphone camera at the QR code.

**Compatibility** :

* Android: Chrome, Firefox, Samsung Internet
* iOS: Safari, Chrome (via WebRTC API)
* Tablet: all modern browsers

**Process** :

1. Click on **"Scan a QR code"**
2. Camera permission requested (once)
3. Frame the QR code → automatic verification
4. Result displayed in 1–2 seconds

The scanner decodes the opaque QR token and performs the local SHA-256 lookup. No network connection is established.

### 3. Bulk verification — CSV import

For operations involving many cards (group distribution, list checking):

1. Click on **"Bulk verification"**
2. Import a CSV file containing the card codes:

```csv
code
DKR-VAC-9XQ7LM2A
DKR-VAC-3KPQ8NX1
DKR-VAC-7FZM2TYB
DKR-VAC-INVALID01
```

3. The portal processes the entire list immediately (local processing)
4. Summary displayed: X valid / Y revoked / Z unknown
5. Export of the results CSV report

***

## Multilingual support

The verification portal is available in three languages:

| Language    | Code | Support level                   |
| ----------- | ---- | ------------------------------- |
| **French**  | `fr` | Full interface + error messages |
| **English** | `en` | Full interface + error messages |
| **Wolof**   | `wo` | Full interface + error messages |

The language can be selected by the agent via a selector at the top of the portal. The default language matches the campaign's language.

***

## What is verified

| Information              | Verified? | Source                                            |
| ------------------------ | --------- | ------------------------------------------------- |
| Code authenticity        | Yes       | SHA-256 lookup in registry.json                   |
| Campaign membership      | Yes       | Code prefix + registry                            |
| Status (valid / revoked) | Yes       | Field `status` in the registry                    |
| Issue date               | Yes       | Field `issued_at` in the registry                 |
| Beneficiary name         | No        | Not included in the registry (privacy protection) |
| Medical data             | No        | Never included                                    |
| MPI ID                   | No        | Not included in the registry                      |

***

## What is NOT transmitted

During offline verification:

* **No personal data** is transmitted to a server
* **No scan log** is sent (the field agent can verify completely anonymously)
* **No network connection** is established
* **No cookie** tracking is placed

***

## Security guarantees

### Registry anti-forgery

The `registry.json` is SHA-256 linked to the generation audit trail stored on the Oomus server. Any attempt to modify the registry after it is generated is detectable in a later online verification.

### No PII in the registry

The file `registry.json` contains only QR token hashes and statuses. It is technically impossible to recover a beneficiary's identity from this file.

### Portal integrity

The portal JavaScript application is compiled and minified. It includes integrity checks to detect any modification of the client-side code.

***

## Portal validity period

Each verification portal is tied to a specific generation job. The portal contains only the cards generated in this job.

**Recommendation** : For a campaign with several generation jobs, download and distribute a consolidated portal from the campaign interface (tab **"Verification portal"**).

***

## Next steps

* [Verification portal — Features](/features/verification.md)
* [Cryptographic guarantees](/security/cryptographic-guarantees.md)
* [Data protection](/security/data-protection.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.oomus.org/security/offline-verification.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
