Abstract: A first server device receives a request for attributes, of a user, from a second server device associated with a receiving entity. The first server device determines whether the receiving entity is entitled to receive the attributes, and authenticates an identity of the user. The first server device also identifies the attributes based on the identity when the receiving entity is entitled to receive the attributes, and transmits the identified attributes to the second server device.

Abstract: An approach for authenticating parties engaged in a web-based transaction without compromising the integrity or anonymity of the parties is described. An authentication platform receives, from a first application associated with a first party, an authentication request that has been redirected in response to a transaction initiated with a second application associated with a second party. The authentication platform forwards knowledge based assessment information to the first application that is based on determined behavioral information for authenticating the second party to the first party. A valid response to the knowledge based assessment information by the first application provides authentication of the first party to the second party.

Abstract: Methods, apparati, and computer-readable media for providing authorization and other services. In a preferred embodiment, an authorization service includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service's messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant, which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service's messaging specification.

Abstract: A method, performed by a computer device, may include receiving personal data from a user device associated with personas, where each of the personas corresponds to at least one classification of requesters, associating the received personal data with at least one of the personas, and identifying any of the classifications that correspond to the personas associated with received personal data. The method may further include receiving, from a data requester, a query including a request for the personal data; associating the data requester with a classification; and comparing the classification associated with the data requester to the classifications associated with personal data. The method may further include sending, to the data requester, a message containing the personal data in response to the classification of the data requester corresponding to the classifications of the personal data.

Abstract: A first server device receives a request for attributes, of a user, from a second server device associated with a receiving entity. The first server device determines whether the receiving entity is entitled to receive the attributes, and authenticates an identity of the user. The first server device also identifies the attributes based on the identity when the receiving entity is entitled to receive the attributes, and transmits the identified attributes to the second server device.

Abstract: An approach for authenticating parties engaged in a web-based transaction without compromising the integrity or anonymity of the parties is described. An authentication platform receives, from a first application associated with a first party, an authentication request that has been redirected in response to a transaction initiated with a second application associated with a second party. The authentication platform forwards knowledge based assessment information to the first application that is based on determined behavioral information for authenticating the second party to the first party. A valid response to the knowledge based assessment information by the first application provides authentication of the first party to the second party.

Abstract: A method, performed by a computer device, may include receiving personal data from a user device associated with personas, where each of the personas corresponds to at least one classification of requesters, associating the received personal data with at least one of the personas, and identifying any of the classifications that correspond to the personas associated with received personal data. The method may further include receiving, from a data requester, a query including a request for the personal data; associating the data requester with a classification; and comparing the classification associated with the data requester to the classifications associated with personal data. The method may further include sending, to the data requester, a message containing the personal data in response to the classification of the data requester corresponding to the classifications of the personal data.

Abstract: A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.

Abstract: A system and method are disclosed for providing authorization and other services. In a preferred embodiment, an authorization service is defined that includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service's messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service's messaging specification.

Abstract: A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.

Abstract: A system and method are disclosed for providing authorization and other services. In a preferred embodiment, an authorization service is defined that includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service's messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service's messaging specification.

Abstract: A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.