Abstract: Various embodiments are described herein for methods, devices and systems that can be used to authenticate a user identity attribute associated with a user during a transaction with a merchant. In one example embodiment, the method comprises receiving, at a payment processor, a unique identifier corresponding to a payment instrument provided by the user at a merchant terminal where the payment instrument is pre-linked to one or more user identity attributes, transmitting the unique identifier to an issuer network for payment verification, generating a transaction approval indicator and transmitting the unique identifier and an identity verification request from the payment processor to the third party server if payment verification is successful, receiving the one or more user identity attributes associated with the unique identifier from a third party server, and subsequently transmitting the one or more user identity attributes and the transaction approval indicator to the merchant terminal.

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

Abstract: An interface device includes a communication interface and a secure element. The communication interface receives input data and a selection of one of a plurality of secure modes to secure the input data for transmission to a secure external computing device, such as a banking web server. The secure element secures the input data based on the secure mode that was selected. The secured input data is then transmitted to the secure external computing device.

Abstract: Methods, systems and apparatus for performing client-server authentication using a device authentication and optional user authentication approach. In a device authentication stage, the client is unlocked to provide access to a cryptographic key used for authentication. In a user authentication stage, the user provides a personal data credential used to generate an additional cryptographic key.

Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

Abstract: An interface device includes a communication interface and a secure element. The communication interface receives input data and a selection of one of a plurality of secure modes to secure the input data for transmission to a secure external computing device, such as a banking web server. The secure element secures the input data based on the secure mode that was selected. The secured input data is then transmitted to the secure external computing device.

Abstract: Methods, systems and apparatus for performing client-server authentication using a device authentication and optional user authentication approach. In a device authentication stage, the client is unlocked to provide access to a cryptographic key used for authentication. In a user authentication stage, the user provides a personal data credential used to generate an additional cryptographic key.