What once felt novel, such as sharing a digital credential instead of a plastic card, is quickly becoming familiar. Across industries, people are starting to recognize the value of credentials they control, interactions that respect privacy, and trust systems that just work. As this awareness grows, more organizations are exploring what digital trust infrastructure can enable, not just as a future vision but as a near-term priority.
At MATTR, we’re supporting this momentum by delivering capabilities that work in real-world environments with all their complexities and constraints. Whether you're integrating with enterprise-grade PKI, building mobile apps, or fine-tuning credential lifecycles, our latest product updates are designed to help you move faster with confidence.
Let’s take a look at what’s new this quarter.
Meeting flexible PKI requirements and integration patterns
Many organizations already operate mature Public Key Infrastructure (PKI) systems to meet internal or regulatory requirements. To support these environments and the varying security models they require, we’ve introduced powerful new capabilities that make it easier to integrate MATTR’s platform into existing trust infrastructure.
External root CA certificate support
We’ve expanded support for external root CA certificates across our platform to give organizations more flexibility in how they integrate MATTR into existing trust ecosystems.
For many regulated industries, PKI is not optional. It is the foundation of compliance, auditability, and operational assurance. By allowing customers to bring their own root CAs into MATTR’s trust model, we enable them to align with internal PKI policies and regulatory frameworks while still unlocking cutting-edge digital credential capabilities.
This means you can adopt the latest in mDoc issuance, verification, and trust list publication without stepping outside of your mandated PKI governance. You keep control of your trust anchors and certificate lifecycle management, while taking advantage of MATTR’s standards-based infrastructure to deliver modern, user-friendly digital trust experiences.
For sectors like government, financial services, and healthcare, this capability ensures that innovation does not come at the cost of compliance - it amplifies both.
Hardware security module (HSM) integration
For organizations with stringent key protection requirements, we’ve introduced support for MATTR-managed Hardware Security Modules (HSMs) as part of our core key management capabilities. With HSMs:
- All cryptographic operations are performed within secure hardware environments, ensuring keys are never exposed
- Keys can be stored in shared, dedicated, or even offline configurations, depending on your deployment model
- You gain assurance aligned with high-trust standards and regulatory expectations
Together, these enhancements provide the tools needed to integrate digital credential workflows into your existing enterprise infrastructure safely, flexibly, and on your terms.
Support for OID4VCI pre-authorized code flow
We’ve added support for the OID4VCI pre-authorized code flow, expanding the options for how credentials can be issued.
In the previously supported Authorization Code flow, a user must actively authenticate and request their credential at the moment of issuance. The pre-authorized code flow introduces a different pattern: the issuer can provide a one-time code or link in advance, which the holder then uses to directly claim their credential.
This approach is especially useful when:
- A user has already been authenticated out-of-band (for example, through an onboarding process or in-person check)
- Credentials need to be delivered without requiring the user to repeat the authentication step
- The issuance journey must be streamlined to minimize friction while still maintaining strong security
By supporting both Authorization Code and Pre-Authorized Code flows, we enable organizations to design issuance journeys that balance security, compliance, and user experience. Whether you need a tightly controlled process or a frictionless delivery path, the MATTR platform provides the flexibility to tailor credential issuance to your requirements.
The OID4VCI Pre-authorized Code flow is now supported across MATTR VII (as the issuing platform), the MATTR Pi Holder SDKs (for building wallet applications that can claim credentials) and MATTR GO Hold (for white-labelled wallet solutions).
Future-dated credentials: activate when ready
Not every credential needs to be valid the moment it is issued. With support for future-dated credentials, issuers can now define exactly when a credential becomes active and when it should expire, giving them more control over lifecycle management and user journeys.
This capability unlocks new flexibility for real-world scenarios, such as:
- Issuing a student ID before the semester begins, but only activating it once classes start
- Providing employees with credentials ahead of onboarding, ready to use on their first day
- Offering event passes or travel documents that are prepared in advance but only valid during a specific window
- Managing temporary entitlements or benefits that expire automatically at the end of an eligibility period
By giving issuers the ability to design credentials with built-in activation and expiry, this feature supports tailored issuance journeys that align with regulatory requirements, operational processes, and user expectations. It also helps prevent misuse by ensuring credentials are only valid when they should be.
For issuers, this opens the door to more creative and efficient workflows — enabling them to prepare, automate, and fine-tune credential lifecycles in a way that best fits their services.
MATTR GO app enhancements: a faster path to production
Our MATTR GO Hold and MATTR GO Verify apps are more than just examples — they are white-label applications that can be branded and configured to reflect your organization’s identity. This gives you a fast track to deploying production-ready solutions without needing to invest heavily in custom app development from day one.
Recent updates focus on making verification more flexible, credential status clearer, and the overall experience more intuitive for end users.
MATTR GO Verify
- Dynamic verification presets: Update verification rules centrally, making them available for the app to retrieve without requiring a new version of the app. This reduces time to respond to new requirements and avoids costly release cycles.
- Dynamic trusted issuer lists: Trust frameworks change quickly, and this capability ensures your verifier app always reflects the latest trusted issuers.
- Clearer verification results: Enhanced results screens make outcomes simple to understand, building trust with users during sensitive checks.
- NFC support on Android: NFC creates seamless “tap-to-verify” flows, ideal for high-volume or time-critical scenarios like ticketing, travel, or event entry.
MATTR GO Hold
- Support for OID4VCI Pre-Authorized Code flow: Holders can now receive credentials directly from issuers without needing to authenticate at the time of issuance.
- Transparent status messages: Users see clear explanations if a credential is revoked, expired, inactive, untrusted, or unsupported. This builds confidence and helps people take the right next step.
- Improved stability and security: Ongoing performance and security enhancements make the wallet more robust, ensuring readiness for real-world deployment at scale.
Together, these updates reinforce the MATTR GO apps as flexible white-label solutions for organizations that want to deploy quickly while retaining the option to expand into fully customized apps built on our SDKs.
Verifier authentication support: empowering privacy-aware users
We’ve implemented support for mDoc Reader authentication as defined in ISO/IEC 18013-5:2021. This feature allows the holder to decide whether to share their credential when the verifier cannot be authenticated.
By giving the user control in these scenarios, we enhance the privacy posture of mDoc-based workflows and support more sensitive or selective credential interactions. This is especially important in privacy-critical sectors like healthcare, finance, and government.
Available now across both iOS and Android SDKs.
What it all means
This update is about meeting you where you are. Whether you’re integrating with existing infrastructure, scaling trust networks, or rolling out apps quickly with high assurance, we’ve got you covered.
From flexible PKI integration and HSM support to user-friendly credential flows and privacy-aware interactions, we’re delivering the tools to make digital trust real, reliable, and ready for deployment at scale.
Let’s talk about how these capabilities can support your next step in digital trust.
We’d love to hear what you're building.
