In these slides, offline and online PUF-based authentication protocols are explained in minute 16:30 and 17:30, respectively. I understand the way the online protocol works. Basically, the server keeps a table of CRPs, sends a challenge, then verifies the generated response (by PUF) from the table.
However, I do not understand the offline protocol. Who has the CRP table to verify the response? Batteries and printer cartridges are two of the examples mentioned in these slide that use offline protocol. In my opinion, they should be online, so the server can check the response.
My reasoning: suppose that a new battery is issued (a new CRP table is generated). The server can store the CRP table before sending out the battery (so that it can check the response). However, the smartphone cannot get the new CRP table because user is the owner (not the server). I was wondering which part of the protocol I am missing and why and how the offline protocol works.
