Method and system for a virtual safe

1. A cost effective, remote multi-tiered, policy-driven identity and consent management infrastructure based on user domicile, driven by policy and legally bound strong authentication that enables powerful security and privacy enhancement when processing electronic data and transactions over conventional, internet/intranet networks in a wired/wireless environment, allowing users to easily use the same platform for accessing and enabling secure transactions in different sectors including:

• Business, Financial, Insurance, Institutional, Entertainment, Healthcare and Government, characterized by;
  
  means for authenticating all parties involved in a transaction including;
  
  the user(s), the application, the network access, the transaction and the communication layers, providing a legally binding mechanism between a secure processing environment and strong user(s) authentication;
  
  means for strongly authenticating other user(s) required to initiate a transaction including user collective/assembly authentication and/or strong resource reference validation such as server/computer/device/application log-off authentication by user(s);
  
  means for allowing a user to carry out online personalized, anonymous, pseudonymous or any other type of an accountable transaction without having to provide vendors with sensitive personal information such as address, credit card number, telephone number, SIN/SSN and/or health data, said system acting as a trusted third party or TrustBROKER, means for mediating user present, or user non-present, anonymous, accountable transactions between customers, government, business such as merchants, payment processors, shippers, and other potential e-commerce partners, those who need online financial transaction such as micro payment can be settled between all parties, including VirtualSAFE Syndication parties, administrative and/or legal transaction settlement can be conducted according to the agreements between parties;
  
  said system based on third party trust, the principal of VirtualSAFE Authentication Authority (VSAA) and add-on VirtualSAFE Attribute Authentication Authority (VSAAA), a principal enabling new or existing application to enhance security or business process to comply with legislations and standards;
  
  a security and privacy framework infrastructure which provides user-only control over their personal information in compliance with the USA HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, the Canadian PIPEDA/Bill C-6, the European Union (EU) Directives, Japanese and Australian privacy, data protection and other legislations, wherein said system provides user-only control over their personal information while operating in multi-jurisdictional interoperable node architecture that supports global corporate applications such as business, finance/insurance, institutional, entertainment, healthcare and government;
  
  hence, supporting industry wide integration of its modules to comprehensive requirements of global business, seamlessly comply with ongoing European Union (EU) Directives, privacy issues and international agreements, such as Safe Harbor or integrating seamlessly new security and privacy standards and empowering exchange of customer private information, according to consensual agreement, hence reducing administrative and operational costs as well as liability;
  
  wherein the unique communication and transaction environment is defined by a user-centric algorithm, and application is optionally defined such as VirtualSAFE or other third party application(s);
  
  wherein communication between different environments is enabled by highly standardized by numbers of industry standard interface or modular design enabled with standard interface, allowing implementation interchange with different applications, implemented as a new security layer in round of existing applications;
  
  means for communicating or inter-exchanging with numbers of different standard-by-standard interfaces where application dependable data received by said system can be processed to change format of Public Key Infrastructure (PKI) vendor (Entrust, VeriSign, Baltimore, etc) or type of application (private, business, financial, insurance, health, government etc.) and forwarded to user(s) or his/her application/repository (central or distributed, internal or external);
  
  links between data sources being protected using user(s) unique encryption as defined by data bundling, policy;
  
  anonymity, attribute/value-driven dislocation of modules, architecture and database store procedure empowered data dislocation-called “
  
  data granulation”
  
  providing an additional security layer;
  
  the application/repository described/set-up by application dynamic policy being regulated by a transaction risk management or Risk Management Module (RMM), part of Back-End Authentication and managed by Transaction Fulfillment Mechanism (TFM), such policy regulating the process of all transactional data;
  
  fulfillment, being stored in anonymous format, securely linking transactional data with user name which can be matched only if granted user'"'"'s or Power of Attorney'"'"'s authorization or consent that will release true secure process user(s) uniquely granulated escrow or backup keys and decrypt data, such as name or user information true secure process to continue required data encryptions, using user unique application process that enables strong authentication dependable to access to site, request to legally bind transaction or access, initiate transaction or access to government or restricted government network, optionally using any type of tokens such as smart card, virtual smart card, etc. or devices that can be wired or wireless such as cellular, RF, combination of active or passive, RFID, Proximity, different protocol tag application, device or application based ID, process uniquely emulating smart cards or virtual smart card, enables security emulation enhancement of POS/ATM, using wireless device to conduct communication and transaction, also enabling process and security enhancement of Physical Access Control (called SAFE Pac), unique single or assembly/collective data encryption algorithm(s), unique pin(s)/password(s) and unique user keys (private/public) stored in encrypted format that are accessible only by user presence in a session of the invention and/or user Power of Attorney module and/or user proxy authorization;
  
  thereby enabling processing or fragmentation of data in a correlation with a cryptographic algorithm which will dislocate symmetrically/asymmetrically fragments of cryptographic material and fattening material to different locations, known only to user(s) triangulation of granulated and dislocated data, dependable to user algorithm empowered by database store procedure calls and algorithms, according to a cryptographic algorithm and Guaranteed Secure Communications protocol (GSC), where architecture structure introduce Power of Attorney module, part of CEV that controls and manages highly secure access, to user original and backup/escrow keys and/or data, storing and encrypting user data according to user consent, segment of secure algorithm, so that only authorized access is to user back-up/escrow of VirtualSAFE, web and ID keys and/or data.