Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country.

Abstract: A system and method for securely storing customer data in a network-based commerce system. Customer data is received via a network connection through an application interface. A symmetric key is generated and the customer data is encoded with the symmetric key. The symmetric key is encoded with an asymmetric key to generate an encoded symmetric key. The encoded customer data and the encoded symmetric key are stored.

Abstract: A system and method for securely storing sensitive customer data in a network-based commerce system such that encryption keys are not exposed to the system is described. Sensitive customer data is received via a network connection through an application interface. A symmetric key is generated, and the sensitive customer data is encoded with the symmetric key. The symmetric key is encoded with an asymmetric key and the encoded sensitive customer data and the encoded symmetric key are placed in a self-describing data-structure. The encoded sensitive customer data and the encoded symmetric key are stored in a database.

Abstract: A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.

Abstract: A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country.

Abstract: A method and a system to generate a user profile and an associated profile manager are described. The user profile, in one embodiment, may comprise identity data such as static information about a user and behavior data comprising dynamic information about the user. The profile manager may be configured to monitor the activities of the user through an interface to collect behavior indicators, and to update the behavior data using the collected behavior indicators. In one embodiment, the user profile also comprises reputation data. The method and system may also be configured to receive an access request from a user and selectively grant the access based on the user profile.

Abstract: A method and a system to register a user include using some user information stored and provided by a third party system. For example, the user may provide an identifier associated with the third party system. The identifier may be used to retrieve the user information. The user information may be used to at least partially complete the user registration.

Abstract: A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.

Abstract: A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.