Abstract: A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.

Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by the computer server.

Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.

Abstract: A method for authenticating an identity involves a computing device receiving a first credential over a first communications channel, and determining a second communications channel from a comparison between the first received credential and a first reference credential provisionally associated with the first credential. The computing device opens the second communications channel and receives second credential over the second communications channel, and the identity is authenticated based on a verification of the second credential. The computing device authenticates the identity by generating a first identity proof score from a correlation between the first received credential and the first reference credential, generating a second identity proof score from a correlation between the second received credential and a second reference credential, and generating an ultimate identity proof score from the first identity proof score and the second identity proof score.

Abstract: A method for authenticating an identity involves first receiving a first credential over a first communications channel, and determining a second communications channel provisionally associated with the first credential. The second communications channel is different from the first communications channel, and the first credential is provisionally associated with an identity. Then, a second credential is received over the second communications channel, and the identity is authenticated based on a verification of the second credential.

Abstract: A method of effecting secure communication over a network begins by interfacing a hardware token with a computer host. The hardware token includes security software and communication software stored thereon. The security software is stored in a memory of the hardware token. The computer host has a memory distinct from the hardware token memory. The authenticity of the security software is determined on the hardware token. Upon successful validation of the authenticity of the security software on the hardware token, the authenticity of the communication software is determined by loading the security software from the hardware token memory into the computer host memory and executing the loaded security software from the computer host memory. After successful validation of the authenticity of the communication software, the computer host facilitates communication between the hardware token and a remote computer by executing the communication software from the computer host memory.

Abstract: A method for protecting real estate from fraudulent changes in title begins by receiving a verification that a party requesting a change in title to a specific item of real estate is the true owner of the specific item of real estate. A title change authorization is provided if the identity of the requesting party is verified. A verification is received if the individual is a trusted authority authorized to modify title to real estate. The individual is authorized to effect the change in title to the specific item of real estate in accordance with the title change authorization.