Abstract: An identity server authenticates a first user identity for a user device through a first authentication exchange as part of a passwordless authentication system. The identity server registers with a relying party as an authenticator for a second user identity. The identity server initiates a second authentication exchange by obtaining from the relying party, a credential request associated with the second user identity. Responsive to a determination that the first user identity authenticated in the first authentication exchange is authorized to act as the second user identity, the identity server obtains a credential request response authenticated by the authenticator in the identity server. The identity server completes the second authentication exchange by providing the credential response to the relying party. The second authentication exchange authenticates the user device to the relying party without involving the user device.

Abstract: An identity server authenticates a first user identity for a user device through a first authentication exchange as part of a passwordless authentication system. The identity server registers with a relying party as an authenticator for a second user identity. The identity server initiates a second authentication exchange by obtaining from the relying party, a credential request associated with the second user identity. Responsive to a determination that the first user identity authenticated in the first authentication exchange is authorized to act as the second user identity, the identity server obtains a credential request response authenticated by the authenticator in the identity server. The identity server completes the second authentication exchange by providing the credential response to the relying party. The second authentication exchange authenticates the user device to the relying party without involving the user device.

Abstract: A computer-implemented method for providing an operating system level interface for communicating credential data between applications includes detecting, by an operating system, a field configured to receive an authentication credential and identifying a credential management application configured to provide authentication credentials. The method includes requesting, by the operating system and using an operating system interface configured to communicate authentication credentials, the authentication credential from the credential management application. And when the credential management application provides the authentication credential using the operating system interface configured to communicate authentication credentials, the method includes providing the authentication credential for entry into the field.

Abstract: A credential can be shared by one user with other users when sharing conditions are met. Sharing conditions can include a time, time range, date, date range and the geographic location of a user with whom the credential is to be shared. The credential can be shared so that it is not visible or accessible in plaintext to the shared-with user. Sharing conditions can include conditions that, when met, result in the revocation of a shared credential.

Abstract: A credential can be shared by one user with other users when sharing conditions are met. Sharing conditions can include a time, time range, date, date range and the geographic location of a user with whom the credential is to be shared. The credential can be shared so that it is not visible or accessible in plaintext to the shared-with user. Sharing conditions can include conditions that, when met, result in the revocation of a shared credential.