Abstract: Federated identity is the means of linking a person's electronic identity and attributes, such that the user can be authenticated with a single sign-on, across multiple systems and organizations. A system and a method is proposed to provide a unique user digital identifier which is different for each security identity services subscriber.

Abstract: A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.

Abstract: A system for using an encrypted version of a password or access code which is stored in the open on a computer or other device, which utilizes a hardware token to decrypt the password or access code utilizing a secure secret which is stored inside the device, and which never leaves the device, to allow the owner of the device to have access to the Secure System. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the Secure System as long as the user token was previously registered to the Master token and the Master Token was previously registered to the Grand master token before the secured resource was locked by the user token.

Abstract: A system for encrypting Secure Volumes using an encryption key which is saved in the open after being encoded inside a hardware token device utilizing a secure secret which is stored inside the device, and which never leaves the device. The encrypted volume can be accessed again only after a hardware token has decoded this encryption key. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the volume as long as the user token was previously registered to the Master token, and the Master Token was previously registered to the Grand master token before the secured volume was encrypted. Also, the system allows members of user groups so designated at the time the volume is encrypted, to be able to have access to the volume as long as their token was previously registered with the same Master Token as the user that encrypted the volume and as long as the token encrypting the volume was also a member of the authorized user group.