Automatic replacement of passwords with secure claims

The invention claimed is: 1. A computer system, comprising: a network interface configured to transmit data over a network; a biometric sensor configured to acquire biometric data of a user; a secure storage element configured to store data including the biometric data acquired by the biometric sensor; an input device; one or more hardware processors operatively coupled to the network interface, the biometric sensor, the secure storage element, and the input device; and memory operatively coupled to the one or more hardware processors, the memory storing an operating system and an application program that includes instructions executable by the one or more hardware processors that, as a result of execution by the one or more hardware processors, cause the one or more hardware processors to: establish a secure session between the computer system and a server using a user credential; responsive to receiving a selection via the input device for authentication using the biometric data, configure the application program for authentication using the biometric data, and generate an asymmetric cryptographic key pair; store a first key of the cryptographic key pair in the secure storage element via the operating system, without storing the user credential in the secure storage element, wherein access to the first key is secured by the biometric data; transmit a second key of the cryptographic key pair to the server via the network for storage in association with a user account associated with the user; responsive to receiving a request to perform an action that requires the application program to authenticate an identity of the user of the computing system with the server, activate a presentation device associated with the computer system so as to prompt the user to input new biometric data using the biometric sensor; responsive to the operating system authenticating the identity of the user using the new biometric data, retrieve the first key via the operating system from the secure storage element; encrypt an authentication data object using the first key to form an encrypted data object; transmit the encrypted data object to the server to enable the server to authorize the action that required authentication in lieu of the user credential, based on decrypting the encrypted data object using the stored second key; and as a result of authorization by the server responsive to the decrypting of the encrypted data object using the stored second key, proceed to conduct the action requested. 2. The computer system of claim 1 , further comprising: a server having a network interface configured to transmit and receive data over a network, the server further having one or more server processors operatively coupled to the network interface, and having a memory storing instructions executable by the one or more server processors that, as a result of execution by the one or more server processors, cause the one or more server processors to: receive a first message via the network, the first message including a second key of an asymmetric cryptographic key pair; identify a user associated with the first message, and store the second key in association with a user account associated with the identified user; receive a second message via the network, the second message including an encrypted data object submitted for authorization to conduct a restricted action on the server; identify a user account associated with the second message; access the second key; utilize the second key to decrypt the encrypted data object; verify the decrypted data object; and responsive to verification of the decrypted data object, authorize the restricted action without receiving a user credential in connection with the request. 3. The computer system of claim 2 wherein: the one or more server processors are further configured to: responsive to the second message, before authorizing the requested action, transmit a challenge request to the computer system via the network, the challenge request specifying challenge information; receive a response to the challenge request including the specified challenge information; validate the received challenge information; and responsive to validation of the received challenge information, authorize the requested action. 4. A computer-implemented method, comprising: authenticating an identity of a user, and storing user personal authentication data; obtaining an asymmetric encryption key pair; storing a first key of the key pair in a secure storage element of a device by way of an operating system of the device, wherein access to the first key is secured by the user personal authentication data stored on the device, and wherein the user personal authentication data is required to access the first key, wherein the user personal authentication data comprises data of at least one of biometric data, private user knowledge data, or possession of an object; sending a second key of the pair to a remote server for storage in association with a user account, wherein the first key is a designated as a private key and the second key is designated as a public key; responsive to receiving a request that requires authentication with the remote server to permit a restricted action, request input of the user personal authentication data, and verify the identity of the user based on the input user personal authentication data; as a result of verification of the user identity, access the stored first key and utilize the first key to generate a cryptographically verifiable object, wherein the cryptographically verifiable object is generated by encrypting a nonce using the first key so as to be decryptable by the remote server using the second key, where decrypting the cryptographically verifiable object using the second key serves as cryptographic verification of the cryptographically verifiable object; and sending the cryptographically verifiable object to the remote server to enable the server to authorize the restricted action without the user personal authentication data or a user credential. 5. The method of claim 4 wherein the restricted action includes a purchase transaction. 6. The method of claim 4 further comprising: responsive to detecting that the device has dissociated from the user account, dissociating the stored first key from the user account; and resetting the first key stored in the remote server to a new key value received from the device, wherein the new key value is complementary to a new complementary key value securely stored on the device, while maintaining an existing user credential, and allowing access to the user account on the server from a different device based on the existing user credential. 7. The method of claim 6 wherein the object includes components to enable communication with the device comprising at least one of (a) near field communication, (b) short-range wireless communication, (c) WiFi connection, (d) wireless telecom network communication, (e) radio frequency communication, or (f) a physical cable connection to the device. 8. The method of claim 6 wherein the user personal authentication data comprises the biometric data acquired by at least one of a capacitive sensor, retinal scanner, infrared imaging sensor, microphone for voice recognition, or an optical sensor for facial recognition. 9. The method of claim 6 wherein sending a second key of the pair to the remote server includes authenticating to the remote server a source of the second key as one associated with an account on the remote server. 10. The method of claim 9 wherein authenticating the source of the second key includes sending authentication data unique to the user account,