Identity has lived in databases, not in lives
For a decade, digital identity has lived inside databases, not inside lives. To use their own identity, a person has had to log into someone else's product.
Pilot-grade hardware · Carries MID · Does not issue identity. From a clay seal pressed into wax, to a sealed letter of introduction, to a passport stamped in steel — every age has needed an object it can trust, to vouch for a person who has already been recognised. Meridian Phone wants to be that object, for this age.
Meridian
Phone
It is not another flagship made to impress, and it is not another new idea. It is an object made with care, made to carry — to take a digital identity already issued by an institution, and let one person hold it in the palm of a hand: presented precisely, used without being broken, recovered if it is ever lost. Each use, it should stand on its own.
We have made three. Care lets an elder stop having to face a new age alone. Kids draws the boundaries of childhood more steadily. One brings what an adult uses most — identity, civic service, everyday payment — onto a single device worth trusting. Three devices, one institution of trust — held across three generations of a single household.
3role-specific editions
¥150–¥260indicative price range
Path Adevice tenets
0 mnemonicsMPC threshold key
PRECEDENTSeal → Letter → Passport → MID
VERBS · What the device doesCarry · Verify · Recover · Separate · Audit
STANDARDSW3C DID/VC · FIDO2 · ISO 18013-5
CRYPTOTEE + SE · MPC threshold
BOUNDARYPath A · Carry, do not issue
Why a phone
Every civilisation answers the same quiet question:
how does a person come to be recognised, believed, and treated as themselves?
Once, the answer was a clay seal, a letter of introduction, a passport stamped in steel. Today the same question has moved into a digital world — and it needs to be answered there too. Meridian Special District — an institutional framework for identity and civic services in the digital age — gives the institutional answer; Meridian Phone is what takes that answer out of the archive and into a person's day. It does not invent identity. It only lets MID and MCID be used by an ordinary person, from morning to evening.
The harder edge of this question lies on the other side: every system of identity leaves someone out. People without a home, elders who cannot read, migrant workers, people with disabilities, the stateless — those who most need to be recognised are the ones a form, a QR code or a login screen most easily turns away. A digital identity worth trusting has to begin by acknowledging who is being left out; a device that hopes to hold it has to keep a door open for them from the start.
This is also why — in an age where almost everything has become software, and almost nothing is held in the hand — there still has to be an object you can hold. When relationships dissolve entirely into code, they become easy to copy, easy to revoke, easy to forget. An object held in the hand is itself a kind of restraint: it reminds everyone that an identity is not a line of data, but a living person, present.
The device becomes identity's home
When identity can be carried properly on a personal device, it stops being just an account — it becomes a form of recognised membership. A person no longer logs into someone else's product to be themselves; they walk into a place already carrying who they are.
The device carries; the institution issues
A phone never issues identity. It is only the trusted container — what lets an already-issued identity be carried, presented and, when needed, set down again.
Every presentation deserves more trust
Verifiers trust credentials, not screens. Holders present a single qualification — they do not hand over a whole file. Each use leaves a trace of being trusted, not a trace of being exposed.
PATH A · DEVICE TENETS
What the device does ·
What the device does ·
what it does not.
This boundary is where Meridian Phone becomes willing to be examined, by a government, with care. It is written into the hardware and into the institution. Three lines of commitment, three lines of restraint — a device worth being entrusted with has to say both, clearly.
✓
Carries MID and MCID issued through accredited channels, with selective disclosure and controlled offline use.
✓
Verifies credentials presented by counterparties and produces audit-ready event records.
✓
Recovers via MPC threshold and guardians — losing a phone does not mean losing identity.
✕
Does not issue MID or MCID. Issuance authority remains with accredited bodies.
✕
Does not store source biometric templates or raw identity material in clear text.
✕
Does not provide medical, drug or diagnostic functions — those belong on regulated medical devices.
Three human interfaces · One system
Three generations in one household.
One institution of trust to hold them all.
A family is more than one relationship. A person grows old; a child grows up; an adult, in between, holds up both ends. We have made three devices, so that the three generations of a household can be held by the same institution of trust — gently. Elders are looked after. Children are accompanied. Adults are entrusted with the day. They share one identity system underneath, and each one focuses on doing only one thing properly.
Designed for elders
A larger font is the easy part; holding a relationship steady, over years, is the hard part. Care lets an elder stop facing a changing world alone — a fall at the wrist reaches their children directly; a utility bill is quietly handled; an unfamiliar service window has a remote line of help open. It keeps the dignity of an ordinary day inside the life of an elder who deserves respect.
- Family authorization and bounded delegation
- Fall detection · SOS · medication reminders (advisory, not medical)
- Call and service entry, remote assistance
- Simplified civic and utility console
Designed for children
Childhood is not a shrunken adulthood. Kids is not an adult phone in a smaller size — it is a device made to grow up alongside a child. Student identity, school access, the bus that goes to school: all held through a parent-derived sub-credential. Issuance still belongs to the institution; use passes through the parent. The first piece of "identity" a child ever holds is one that has been looked after with care.
- Parent-derived sub-credential (not school-issued)
- Family allowlist · time windows · gentle location sharing
- App console without addictive social or unsuitable content
- School access, transit, reading and learning entries
For everyday citizens
An adult signs their own contracts, buys medicine for their family, handles paperwork for a parent, pays their own taxes. All of this should sit on a single device they can trust. One holds MID and MCID together on one device; merchant payment, the civic console and business services come together onto a single screen — the device a citizen opens most, and the one that least ought to let them down.
- MID and MCID carry with selective disclosure
- Merchant pay + civic console + business desk in one
- MPC threshold wallet — seedless recovery
- Controlled offline transactions with deferred settlement
¥150 / ¥220 / ¥260 — three tiered indicative prices. Not subsidies. Not promotional. They correspond to three positions inside a household: a child's entry, an adult's anchor, an elder's relationship of care. A family can walk all the way up that ladder — three generations, one same set of trusted relations.
MID lifecycle
Identity has a life of its own:
applied for, verified, issued, used, recovered, set down.
Identity is not something that happens once. It has a life of its own — applied for, verified, issued, used through the years, sometimes lost and recovered, finally set down when it is no longer needed. Six stages, four kinds of participant. Meridian Phone is deliberately not an issuance node on this path; it does only four things — carry, assist, record, protect. That restraint is itself the reason a government can examine it with care.
Stage
Apply
Verify
Issue
Daily
Recover
Revoke
Issuer
●
●
●
○
●
●
Meridian Phone
○
○
·
●
○
○
Guardian / family
·
·
·
○
●
·
Verifier / service
·
·
·
●
·
·
Primary
Assists / carries
○ indirect · · not involved
Authority over identity belongs to institutions; the phone's authority is over one thing only — carrying.
That restraint is not a limit; it is the design. A thing entrusted to a person must be both trusted and bounded.
MPC threshold wallet
No one should lose ten years of their relationships
because they forgot a string of twelve words.
The traditional crypto wallet has, somehow, made this real — losing a seed phrase becomes losing everything. Meridian Phone uses an MPC threshold scheme that splits the private key across the device, a custodian and a guardian: no one party can act alone, and no single loss is fatal. An identity is no longer held inside a cold string of words; it is entrusted to a small, human-shaped network of people who know the holder.
And more importantly: the wallet is not the identity. It is only a capability MID can open, at a later, regulated stage — identity first, settlement second; relationship first, sums of money afterward.
2-of-3
Threshold key
Device · Custodian · Guardian
- No plaintext key
- No seed phrase
- Distributed generation
Recovery
Device recovery
Social guardian · Re-verification
- New device pairing
- Identity re-verification
- State remains traceable
Merchant pay and civic console
Trustworthy payment,
returned to the counter between people.
Behind every small transaction — breakfast in a quiet town, a prescription at a clinic, a contract signed in an office — there is already a relationship: who is buying, who is selling, who vouches for whom. For a decade we have compressed that relationship behind a QR code. Meridian Phone wants to put it back. When MID and MCID are both present, a transaction no longer has to begin from "who you are, who I am" — payment returns to the counter between people.
STEP 01
Mutual identity
The merchant's MCID and the citizen's MID present proof at the same time: who is trading, who is being paid, who is acting under whose authority — every link signed.
STEP 02
Minimal disclosure
The holder presents only the qualification the transaction requires — "of legal age," "licensed to sell" — without handing over any of the surrounding personal data.
STEP 03
Controlled settlement
Phase 1 does not open public on-chain transfers. Settlement runs through regulated rails. A settlement proof is anchored to Meridian Chain.
STEP 04
Auditable trace
Event hashes, timestamps and signed records are anchored to the memory layer — independently verifiable during compliance review.
One-stop service
- Identity proof, qualification checks, pre-filled forms.
- Residency notices, payments, appeals and renewals.
- Selective disclosure: prove what's needed, no more.
Entity and representation
- Entity status, authorized representatives and merchant capabilities — visible.
- Demonstrate qualifications without exhaustive due diligence.
- Merchant payment, receipts and service relationships, structured.
Security · privacy · boundary
Trust cannot be written in advertising.
It has to be written in three places.
A chip. A process. An audit. Trust, on a phone, has never come from a slogan — it has to come from those three places. Meridian Phone writes the trustworthy parts into hardware, the reviewable parts into procedure, and keeps what does not belong on a personal phone inside controlled environments. Only when all three stand up does a device deserve the word entrusted.
TEE + SE, two layers
Critical operations run inside a Trusted Execution Environment; credential keys live in a Secure Element — untouchable by regular apps and unreachable across OS boundaries.
ISO/IEC 24745 representation
No raw fingerprint or face image is stored — only a revocable, regenerable protected representation. A lost phone is not a leaked biometric.
STRIDE coverage
Cloning, replay, downgrade and supply-chain implantation each map to specific hardware, protocol or institutional controls — documented in the threat model.
Built to be reviewed from the outside
BOM, security baseline and threat model are signed off before manufacturing — and made available to independent third-party review from the design stage.
A trusted production line
Secure elements are pre-provisioned on a controlled line; every device can be traced back to its origin — supply-chain tampering has an answer.
Updates with a visible timeline
Every update is signed; the path from a vulnerability being discovered to being patched is on a public timeline, not in silence.
Set down with dignity
When a device retires, credentials are securely destroyed and the hardware is recycled — no debris, and no forgotten keys.
The boundary is written in a contract
The operator and the institution each carry their own share of responsibility. If anything goes wrong, somebody has signed for it.
Open standards alignment
No reinvented identity.
Standing on rails the world already trusts.
For a phone to be trusted by verifiers anywhere, it has to speak the international language of identity and authentication. That language is not set by any one company. It has been slowly agreed — by W3C, FIDO, ISO, by many nations and many researchers, working alongside each other — and it belongs to this age, and to everyone who lives in it. Meridian Phone aligns with the standards below, so that credentials, authentication and interoperability are never locked to a single vendor.
Decentralized identifiers
The identifier and resolution model shared by subjects and issuers.
Verifiable credentials
Signed, structured credentials supporting selective disclosure.
Passwordless auth
Device-bound strong authentication; biometrics never leave the device.
Identity federation
Identity and VC transport protocols for third-party services.
Mobile credentials
Mobile driver's license and similar credentials, including offline use.
Biometric template protection
Protected, revocable biometric representations — no raw templates.
EU digital ID wallet
The EU's wallet framework — a long-term alignment path.
Identity assurance levels
IAL / AAL / FAL tiers — services map to required verification strength.
Localisation & accessibility
One price framework,
shaped differently in every jurisdiction.
¥150 / ¥220 / ¥260 are pilot-stage indicative prices. Inside any specific jurisdiction, that framework is localised, subsidised, and reduced — whether an identity institution has reached those most easily left out is not finally a matter of language, but of a procurement schedule and a reductions table. Here is what that framework usually becomes, in practice.
Set together with the issuer
In each partner jurisdiction, final pricing is determined together with the accredited issuer — not imposed as a global flat rate. A device made to be used in a particular place should be made affordable in that particular place.
- Priced in local currency · set by issuer and jurisdiction together
- Volume procurement triggers stepped pricing
- SLA and service terms set under the jurisdictional contract
A door for those most easily left out
For people without a home, elders who cannot read, migrant workers, people with disabilities and the stateless, a tiered reductions schedule and accessibility configurations are kept open — whether an identity system can be trusted depends, first, on whether it leaves a door open for these people.
- Tiered reductions and zero-cost entry routes
- Accessibility modes (voice, magnification, contrast, one-handed)
- Verification pathway for people without a fixed address
Civic, education & elder-care
Bulk procurement channels for civic, education, health and social-security systems are aligned with each jurisdiction's budgets and intergenerational programmes. Care, in partner jurisdictions, can be folded into elder-care programmes — shared across government, family and philanthropy.
- Government framework procurement
- School / health / social-security pairing schemes
- Care elder-care three-way cost-share mechanism
Indicative prices are not the price. They are the starting point of a conversation. In each partner jurisdiction, the price, the subsidies, the procurement framework and the reductions schedule are decided together with the issuer and the government — and written into a contract both sides can refer back to.
Pilot path
A new city does not appear overnight.
Meridian Phone should not, either. We prefer to begin inside a single, well-defined pilot jurisdiction — in that one city, make identity, the merchant flow, the civic console and the recovery mechanism actually work; let an institution take root, slowly, inside a real set of relationships. Only when it is steady, talk about the next city. A thing made with care deserves to be allowed to be slow. The first city is never a test market; it is a partner — and the patience of a jurisdiction willing to be first is where this whole thing earns its right to be trusted.
Foundations
Identify the issuer, signing process, Path A boundary and pilot review packet. Hardware BOM, security baseline and threat model are signed off before manufacturing.
One goes live
The standard citizen variant first. MID carry, merchant pay, civic console and baseline audit run end-to-end — validating the underlying design.
Care and Kids join
Extend to elder and child editions on the same system. Family authorization, guardian recovery and derived sub-credentials open in sequence.
Cross-jurisdiction
Inter-recognition with other jurisdictions on the same standards. Wallets, settlement and additional services become regulated extensions, not preconditions.
Every phase corresponds to a set of controls already in place — boundary before feature, audit before scale, trust before expansion. It is a slowness, and it is also the patience required to make something worthy of being trusted.
FAQ
Answer the easy misreadings honestly,
so the harder conversations can be about substance.
This section is written for government reviewers and procurement partners. The easier misreadings are addressed first — so the harder discussions can be about substance. An institution that welcomes being questioned first, and discussed afterward, has begun to deserve the trust it asks for.
Does Meridian Phone issue identity?
No. The phone does not issue MID or MCID. Issuance authority remains with accredited bodies. The device carries, assists, records and protects.
Is Care a medical device?
No. Care offers companionship and advisory prompts (fall alerts, medication reminders) — no diagnosis, treatment or prescription. Medical compliance belongs on dedicated devices.
Where does the Kids "student identity" come from?
From a parent-derived sub-credential under explicit parental authorization — not issued directly by a school. This stays within Path A.
Does losing the phone mean losing identity?
No. With MPC threshold cryptography, no single share of the key can act alone. Through guardian and re-verification flows, access is restored on a new device.
Does identity data live on chain?
No. Only verifiable proofs — hashes, status and timestamps — are anchored on chain. Source identity material stays inside controlled environments and can be deleted when required.
Which jurisdictions is this for?
Jurisdictions with clear digital identity legislation, an accredited issuer and a willingness to adopt open standards (W3C, FIDO, ISO).
Why a phone, and not just an app?
Because identity is not only a sign-in step; it needs a trusted hardware root. An app can be uninstalled, replaced, screenshotted; a device made with care can hold the boundary at the hardware level (TEE + SE), so that "carrying an identity" is no longer just a software promise — it becomes a fact of physical structure.
How does this relate to Apple Wallet, EUDI Wallet, and others?
Complementary, not exclusive. Apple Wallet is a commercial ticket and credential container; EUDI is the EU's official wallet framework; Meridian Phone is a device aligned with W3C, FIDO and ISO standards, and is designed to interoperate with both in jurisdictions where it operates — not locking out, not replacing, and not pretending to solve what they were never meant to solve.
Next step
Place a digital identity, with care, in a person's hand.
Whether a digital age is worth looking forward to has less to do with how fast it runs than with whether it can gently carry an ordinary person — whether it can keep an elder from facing a new age alone; whether the first piece of identity a child ever holds can be one looked after with care; whether an adult can put the few most important things of a day onto a single device worth trusting. Meridian Phone does not try to replace institutions, and it does not try to replace trust. It only wants to be the thing of this age — a place where a relationship that has already been recognised can be carried, gracefully and safely and across generations, into a single person's hand.