Abstract: A method for authenticating communications may include registering the first device by receiving a device public key and a repository public key that are specific to the second device. The method may also include authenticating a communication from the first device by receiving the communication, a first digital signature generated by the first device using a device private key, and a second digital signature generated by the secure repository using a repository private key. The second digital signature may be generated by the secure repository only after the first device is authenticated by the secure repository. The method may further include authenticating the first digital signature using the device public key, authenticating the second digital signature using the repository public key, and authenticating the communication based on authenticating the first digital signature and authenticating the second digital signature.

Abstract: A method for disabling a device associated with a virtual identity may include receiving, from the device, a request to use the virtual identity, where the request that may include a passcode guess and a device identifier. The method may also include determining that the passcode guess does not authorize use of the virtual identity and incrementing a number of incorrect passcode guesses received within a time interval. The method may additionally include determining that the number of incorrect passcode guesses received within the time interval is greater than or equal to a threshold. The method may further include storing an indication that subsequent requests associated with the device identifier should not authorize use of the virtual identity.

Abstract: A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.

Abstract: A method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device.

Abstract: According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device.

Abstract: According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device.

Abstract: A method of providing secure information for a transaction between an access device and a relying party device may include sending, from the relying party device to the identity repository, a first transmission. The first transmission may include the identifier. The identifier may be associated with a user account and the user account may be maintained by an identity repository. The first transmission may also include an information request. The method may also include sending, from the identity repository to the access device, a second transmission including a request to authorize the transaction. The method may additionally include sending, from the access device to the identity repository, a third transmission including an indication that the transaction has been authorized. The method may further include sending, from the identity repository to the relying party device, a fourth transmission comprising information responsive to the information request.

Abstract: A method of processing a digital invoice may include receiving, at the access device, a digital invoice for the transaction; sending, from the access device to an identity repository, information associated with the digital invoice; receiving, from the identity repository, a first signature for the digital invoice; providing, by the access device, a second signature for the digital invoice; and sending, from the access device, the first signature and the second signature for use in the transaction.

Abstract: A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.

Abstract: A method of making a payment using an encoded graphic by a user device may include acquiring an image of the encoded graphic, and determining payment information using information associated with the encoded graphic. The method may also include sending a request to an identity repository for a first signature for the payment. The method may additionally include receiving the first signature for the payment from the identity repository. The method may further include sending the payment information and the first signature to a payment gateway.

Abstract: A method of populating form data may include accessing an electronic form provided by a website. The electronic form may include a plurality of fields. The method may also include using the plurality of fields to request information associated with the plurality of fields from an identity repository and receiving the information associated with the plurality of fields from the identity repository. The method may additionally include using the information associated with the plurality of fields to populate the plurality of fields of the electronic form.

Abstract: A method for disabling a device associated with a virtual identity may include receiving, from the device, a request to use the virtual identity, where the request that may include a passcode guess and a device identifier. The method may also include determining that the passcode guess does not authorize use of the virtual identity and incrementing a number of incorrect passcode guesses received within a time interval. The method may additionally include determining that the number of incorrect passcode guesses received within the time interval is greater than or equal to a threshold. The method may further include storing an indication that subsequent requests associated with the device identifier should not authorize use of the virtual identity.

Abstract: A method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device.

Abstract: According to an embodiment of the present invention, a method of authorizing a transaction includes providing a processor, receiving a request for a proposed transaction from an entity, and retrieving a list of devices associated with the entity. The method also includes transmitting a notification related to the proposed transaction to the devices associated with the entity. The method further includes determining, using the processor, (a) that an approval is received from all the devices associated with the entity, or (b) that a predetermined time period has expired, and (c) transmitting an approval of the proposed transaction to a transaction processor. Or, determining, using the processor, (a) that a rejection is received from one or more of the devices associated with the entity; and (b) transmitting a disapproval of the proposed transaction to the transaction processor.

Abstract: According to an embodiment of the present invention, a method for determining a transaction authentication level includes receiving transaction information associated with a transaction between a user and a relying party, receiving relying party preferences, and determining a relying party authentication level based on the transaction information and the relying party preferences. The method also includes accessing user preferences, and determining a user authentication level based the transaction information and the user preferences. The method further includes determining the transaction authentication level using the user authentication level and the relying party authentication level.

Abstract: According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device.