Verimesh (formerly the Stargate project)
Infrastructure for verifiable cross-organisation exchange
Verimesh is infrastructure, not a platform. Your organisation owns the data flow — no intermediary required.
Talk to us about VerimeshThe post-platform alternative
The platform economy concentrated data and trust into intermediaries. Every inbox, every document workflow, every health record became a dependency on an operator whose interests are not yours. That architecture is not neutral — it is a business model.
No intermediary owns the data flow.
Verimesh is infrastructure you own. Organisations exchange data, credentials, and communications directly — verified cryptographically, routed by your policies, auditable end to end. The trust relationship is bilateral. The operator is you.
Four editions. One architecture.
Verimesh is a product matrix, not a single product. Each edition addresses a distinct exchange domain — all share the same Decentralized Key Management (DKMS), built on KERI, and the same verifiable credential foundation.
Available now
Verimesh Mail
Email and messaging authentication
Verified sender identity for every message. Encrypted human-to-human communication across organisational boundaries — without trusting the mail server in the middle. Recipients verify the sender cryptographically, not by inspecting a header that anyone can forge.
Verimesh Data
Structured data and document exchange
Cross-organisation data sharing with provenance: clinical orders, regulatory filings, contracts, financial data. Every document carries cryptographic proof of origin and integrity. Routing is policy-driven — what leaves your environment, and to whom, is governed, not assumed.
Roadmap
Verimesh Agent
AI and automated-entity exchange
Zero-trust service identity for AI agents and automated systems. When machines exchange data on behalf of organisations, the same verifiable identity and policy engine applies. Automated entities are held to the same cryptographic standard as humans.
Verimesh Edge
Device and IoT identity
Device identity rooted in the same DKMS architecture. IoT deployments and edge nodes are cryptographically bound to the organisation that operates them — not to a cloud vendor's certificate authority.
What each edition contains
Mail and Data are the two day-one editions. Both are built from the same layered trust architecture — only the outer exchange surface differs.
What's inside Verimesh — the trust layers
Every Verimesh Node, in every edition, is built from the same layers — from a self-certifying identity core outward to the data it carries:
- Identity A self-certifying organisational identity anchored in Decentralized Key Management (DKMS, built on KERI). Every other layer builds on it. Identity Agent Iris Agent KERI Witness KERI Watcher Key Service
- Certificates (X.509) Bridges to existing PKI so Verimesh interoperates with the systems you already run — no rip-and-replace. Certificate Authority (X.509) S/MIME Agent X.509 / JWT bridge
- Verifiable Credentials Cryptographically provable claims about who an organisation is and what it is authorised to do. Credential issuance Web Verification App
- Policy A programmable engine that governs what each party may do — including consent and opt-out enforcement across organisations. Policy Agent Policy Sync Directory (LDAP) connector Authentication Service
- Transport Authenticated, encrypted routing of messages directly between Nodes. Stalwart MTA MX engine DNS management
- Sovereign Data Exchange The outer surface that carries the payload — email for Mail, structured and FHIR data for Data, and more as the editions grow. SEAL Engine IPFS content distribution spam & virus filtering
Three deployment forms
Every Verimesh edition is available in three forms. The form does not change the architecture — it changes who operates the infrastructure.
VERIMESH Mail Hub
Multi-organisation infrastructure operated by a sector orchestrator. A single Hub serves an entire trust community — for example, HIN operating the authenticated exchange layer for Swiss healthcare. Governance is shared; participation is open to any organisation in the sector.
VERIMESH Mail Node
Single-organisation appliance, on-premises or hosted. You own your infrastructure and your keys. A Node connects to any Hub or exchanges directly with other Nodes — no dependency on a central service.
VERIMESH Mail Cloud
Managed entry point operated by Vereign. No infrastructure to deploy. The same verifiable identity and policy architecture — without the operational overhead. The natural starting point before migrating to a Node or contributing to a Hub.
Start with SEAL. Grow into Verimesh.
SEAL: the permanent standalone entry product
SEAL is not a legacy product and it is not being replaced. It is the entry point for verified communication — and it is in production today. Over 800,000 verified interactions per month flow through SEAL in Swiss healthcare, with AES-GCM-256 encryption and IPFS-anchored audit trails. Recipients need zero installation.
SEAL solved the entry problem. VERIMESH solves the infrastructure problem.
Start with SEAL. When your organisation is ready to join — or lead — the authenticated exchange ecosystem, upgrade to VERIMESH.
Upgrade path
SEAL → VERIMESH Mail Cloud → Mail Node → Mail Hub
In production — not a concept
HIN (Health Info Net) is rolling out an early production deployment of Verimesh for Swiss healthcare — first customers being onboarded late June 2026. HIN chose Verimesh because the sector needed an authenticated exchange layer that no single party controls. That is what a Hub delivers.
The strongest healthcare differentiator: consent that actually works
EHDS Article 71 made opt-out a legal right, not a best practice. Every secondary use of identifiable health data must be deniable by the patient, and that denial must propagate downstream. Verimesh's DKMS architecture anchors authorizations in patient-controlled cryptographic state — consent withdrawal is a key rotation the patient performs unilaterally, and it propagates by failing closed at every downstream verifier without a central registry.
Read the consent architecture thesisA note on FHIR integration
Verimesh Data is designed to carry FHIR clinical orders across organisational boundaries — the architectural integration is complete and documented. However, production deployment of FHIR-over-Verimesh depends on hospital-side onboarding: EHR systems must be configured to emit and consume FHIR resources over Verimesh. That onboarding work is under way, and the earliest realistic date for production FHIR exchange is in late 2026. What ships today is the infrastructure layer; the clinical data layer follows as hospitals come on board.
Verifiable code is a precondition for verifiable identity
Verimesh products are Open Source under AGPLv3. Every line of code is publicly auditable — you can verify that the software does what we say it does. An optional Section 7 exception is available for organisations that need to build proprietary integrations on top of the open core without triggering copyleft on their internal systems.
Ready to own your organisation's exchange infrastructure?
Whether you are evaluating Verimesh for your sector, want a technical architecture review, or are ready to join an existing Hub — we are here to help.