Verified Browser Mail

Every message verified. Every sender authenticated.

SEAL processes 800,000+ verified messages per month across Swiss healthcare — cryptographically signed, fully auditable, no software installation required.

See SEAL in cybersecurity

Healthcare professionals need to send verified, confidential information to patients — on any device, with no software to install. SEAL (Secure Enterprise Application Layer) makes this possible: every message cryptographically signed, every sender verified, full audit trail preserved. No assumptions about recipient infrastructure. Already processing 800,000+ verified messages monthly across Swiss healthcare.

30,000+

GP offices and healthcare institutions

What SEAL delivers

Every sender is verified before a message is accepted

SEAL (Secure Authentic Exchange Layer) authenticates each sender's cryptographic identity at the point of origin. Messages from unverified sources are rejected before delivery.

Every message is cryptographically signed and auditable

Each message carries a verifiable cryptographic signature. Recipients — and auditors — can confirm who sent a message, when it was sent, and that it has not been altered in transit.

Documents are adapted to the recipient's context

Using Overlays Capture Architecture (OCA), documents are automatically rendered in the format and language appropriate for the recipient organisation — without modifying the underlying signed payload.

Deployable within Stargate or as a standalone layer

SEAL is designed to operate as part of the full Stargate platform or independently within existing messaging infrastructure — wherever verifiable communication is needed.

How it works

When a sender dispatches a message through SEAL, the platform authenticates their cryptographic identity using Decentralised Key Management System (DKMS) anchoring and attaches an Authentic Chained Data Container (ACDC) credential as a verifiable envelope. The message traverses the transport layer — which can be standard email infrastructure — and arrives at the recipient, where SEAL verifies the sender's identity and the integrity of the payload before delivery. Verifiable Credentials (VCs) and ACDC attestations make both ends of the exchange independently auditable.

For technical readers, the diagrams below show the full message flow and data structure. Expand either section to view.

SEAL message flow

SEAL authentication operates in three phases: sender identity verification before dispatch, cryptographic signing and envelope construction during transmission, and signature verification with credential validation on arrival. The Web Verification App provides a browser-native verification experience for recipients — no software installation required.

Email data structure

The SEAL verifiable envelope nests the signed payload within a structured container that carries the sender credential (ACDC), metadata overlays (OCA), and the cryptographic signature. Any compliant verifier can independently confirm authenticity without relying on a central authority.

What recipients see

When someone receives a SEAL message, they can verify its authenticity directly in their browser — no software to install, no certificates to manage.

Message verified

Cryptographic signature valid — sender identity confirmed

From: Dr. Maria Huber
Organisation: Kantonsspital Zürich
Sent: 13 March 2026 — 09:14
Subject: Patient referral — confirmed

Identity credential — HIN member in good standing
No modifications detected since signing

Verified by Stargate

SEAL within the Stargate ecosystem

SEAL is a function of Stargate. Stargate provides the full trust infrastructure — identity management, certificates, credentials, policy engine, data exchange, transport, and semantic interoperability. SEAL handles verifiable communication: authenticating senders, signing messages, and generating auditable proof of every exchange.

SEAL can also be deployed independently wherever verifiable communication is needed — it does not require the full Stargate platform.

Explore the full Stargate platform

See all use cases →

Fully open source

Every line auditable — AGPLv3+

SEAL is fully open source under the GNU Affero General Public License v3 or later (AGPLv3+). Every line of code is publicly auditable. Contributions are welcome.

View source

Trusted by

Ready to add verified messaging to your infrastructure?

Whether you are evaluating secure communication for your organisation or exploring how verified messaging fits your sector, let us talk.

Book an architecture review See how this applies to your sector Explore partnership opportunities

Swiss Data Protection GDPR Compliant Open Source AGPLv3+ Swiss Hosting