Abstract: A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

Abstract: A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

Abstract: Verifying identity of a person using remote communication (e.g., Internet) is difficult because images of identity documents can be fraudulent or copied and distributed to adversaries without the person's permission. A user device and a server use facial scanning to verify identity of a person and to provide strong authentication. The user device captures a scanned image of an identity document (e.g., a driver license, a passport, a credential document, etc.) extracts the photo of the person from the identity document. The user device also captures an image of the person's face (e.g., a selfie photo) and compares this image with the extracted photo from the identity document. If the faces match, then the person's identity is verified. The verification of the identity and a related action (e.g., registration of the person, logging into a system, etc.) are authenticated using strong authentication such as Fast Identity Online (FIDO) authentication.

Abstract: A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

Abstract: It is typically difficult for a user to have any awareness of which private data is being used by a third party and to control the flow of the private data to the third party. A computing system is provided with a trusted node that stores encrypted private data. When the third party wishes to obtain information types from the user, the trusted node generates a scope document that specifies the requested information types. This scope document is sent to the user device as a challenge. The user device uses the scope document to display the requested information types, and the user provides input to permit providing the information types to the third party. The user device returns a signed challenge response, which includes the scope document. The trusted node then decrypts the encrypted private data, which corresponds to the requested information types, for the third party.