And one you don't fully own/control. Fully owned devices will be unsupported, obviously.

I feel the idea of public key encryption could be done without a phone but the device locking makes it harder to transfer the token off device. Like the parent comment said, I think 90% is all we can aim for. Nothing is going to be perfect.

Could probably be implemented by a smartcard or yubikey-like device as well. Shoot, just build it into my state issued ID card.

Identity wallets can be made to work anywhere.

You can have an ID card. Just like for buying alcohol and cigarettes.

Secure Enclave on a mobile phone, or an NFC smart card both work fine. It could be your passport, drivers license, national ID, whatever.