Verifiable trust between organisations — without central authority

Stargate is rolling out across Swiss healthcare through 2026, making institutional trust programmable, auditable, and free from single points of failure.

Discuss Stargate for your organisation — no commitment

Organisations depend on third parties to verify who they are communicating with — creating single points of failure in every trust chain. Stargate enables direct, bilateral verification between organisations, removing this dependency. Swiss healthcare chose Stargate to replace 25 years of legacy infrastructure — implementation is underway, already processing over 800,000 verified interactions monthly.

Read the HIN use case →
HIN — Health Info Net

850+

gateways across Swiss healthcare

Seven capabilities. One platform.

Stargate provides a complete platform for organisations to establish, manage, and verify trust relationships — without depending on any central authority. Here are the seven capabilities that make this possible.

Trust between organizations at institutional scale requires authentic, sovereign data exchange. Stargate is being deployed as that layer in Swiss healthcare. Local systems integrate easily using standard protocols like OAuth.

FINMA reports a 30% increase in cyber attacks targeting Swiss financial institutions — FINMA

ENISA reports 4,875 significant cyber incidents across Europe, with phishing responsible for over 60% of initial attack vectors — ENISA

Organisation identity management
Each organisation controls its own cryptographic identity via DKMS (Decentralized Key Management System), built on KERI (Key Event Receipt Infrastructure). Identity events are tamper-evident and auditable without requiring a central registry or certificate authority. Organisations establish and revoke trust relationships bilaterally — no central coordinator required.
Certificate management and authority
Stargate includes a built-in certificate authority based on DKMS, allowing organisations to integrate internal and external trust relationships without depending on external CA infrastructure. Certificates are issued and managed within the platform, reducing external dependencies and the attack surface of third-party CA chains. Certificate lifecycle management is handled programmatically with full audit trails.
Verifiable credential issuance and verification
Stargate issues and verifies credentials in ACDC (Authentic Chained Data Container) format — a cryptographic chain of proof that links every credential to the identity that issued it. Credentials carry their own verification data, so verifying parties do not need to query a central registry at the time of verification. The chain of custody is maintained and auditable at every step.
Policy engine
Access control policies are defined with OPA (Open Policy Agent), making them programmable, version-controlled, and auditable. Policies can be updated without redeploying infrastructure, and every policy decision is logged. This supports granular, resource-level consent rather than coarse OAuth scopes.
Sovereign data exchange
SVDX (Sovereign Data Exchange) provides multi-path programmable routing for data between organisations. Routing decisions are policy-driven and auditable — data flows are governed, not assumed. Organisations retain sovereignty over which data leaves their environment and under what conditions.
Secure transport layer
All communication between nodes is encrypted with WireGuard — an open source, auditable transport protocol with a small code surface and strong security properties. Point-to-point connections are established between organisational nodes without routing through a central relay. WireGuard operates at the network layer, making the transport layer independent of application-level encryption.
Semantic interoperability
OCA (Overlays Capture Architecture) enables data format transformation at the semantic layer, so organisations with different internal data models can exchange structured information without losing meaning. OCA overlays describe how data should be interpreted, translated, and displayed — enabling interoperability between systems with different schemas without requiring a shared canonical model.

How Stargate works

Stargate architecture diagram showing concentric-ring mail exchange topology with verified sender, SEAL gateway, and recipient verification
Stargate mail exchange — verified communication between organizations
Stargate architecture diagram showing concentric-ring structured data exchange with sovereign routing and policy engine
Stargate structured data exchange — sovereign, policy-driven data routing

Each organization runs its own Stargate node. Trust relationships are established bilaterally between organizations — there is no central authority or coordinator. This is how Stargate scales institutional trust.

Deployment models

Cloud

Private Cloud

Deploy Stargate in your own cloud environment with full control over infrastructure and data residency.

On-premises

On-Premises

Run Stargate entirely within your own data centre for maximum control and compliance.

Azure

Azure Virtual Machine

Deploy on Azure VM for organizations already invested in Microsoft infrastructure.

Service

Gateway-as-a-Service

Vereign-operated gateway for organizations that want the capabilities without managing infrastructure.

Dev

Development

Development environment for testing and integration before production deployment.

SEAL — the verifiable communication layer within Stargate

SEAL (Secure Authentic Exchange Layer) handles verifiable messaging within the Stargate infrastructure — every sender verified, every message cryptographically signed and auditable. Stargate is the full trust infrastructure; SEAL is the communication function that runs on top of it. SEAL can also be deployed independently wherever verifiable messaging is needed, without the full Stargate stack.

Explore SEAL — the verifiable communication layer →
See all use cases →

Fully open source, every line auditable

Stargate and SEAL are released under AGPLv3+ — every line of code is publicly auditable. The AGPLv3+ licence ensures modifications must also be shared openly, protecting the commons. Source code is available in the Vereign source repository.

What Stargate eliminates

Bilateral CA negotiations. Manual key exchange. Dependence on certificate chains for inter-organisational trust.

What Stargate is not

  • Not a VPN
  • Not a certificate authority
  • Not an identity provider
  • Not a blockchain

It is a bilateral trust infrastructure that makes organisations independently verifiable.

Trusted by
Hin Ibm Dhi Redhat Ehda Cyberware Dkms alliance Daasi Dif

Ready to evaluate Stargate for your organisation?

Whether you need a technical deep dive or want to understand how verified trust applies to your sector, we are here to help.

Book an architecture review See how this applies to your sector Explore partnership opportunities
Swiss Data Protection GDPR Compliant Open Source AGPLv3+ Swiss Hosting