Authentication and personal data sharing for partner services using out-of-band optical mark recognition

What is claimed is: 1. A method programmed in a non-transitory memory of a mobile device comprising: recognizing an optical mark displayed on a device screen of a device, wherein the optical mark comprises at least two concentric circles, wherein the optical mark is calibrated by comparing at least three different colors within a calibration region within the at least two concentric circles to an encoding palette, wherein a portion of the optical mark within the at least two concentric circles, comprises a plurality of segments wherein each segment of the plurality of segments comprises one color of the at least three different colors; detecting the optical mark using the registration mark and the calibration region by identifying and assigning values to the plurality of segments of the segmented portion and decoding an optical code based on the assigned values; and authenticating an on-line identity for a client based on the optical code of the optical mark and based on the on-line identity of the client. 2. The method of claim 1 wherein the portion of the optical mark is based on the at least three different colors and each color is associated with the optical code comprising a number. 3. The method of claim 1 wherein the optical mark is oriented by positioning a registration mark relative to the portion of the optical mark. 4. The method of claim 1 wherein recognizing the optical mark comprises recognizing the optical mark over an air-gapped channel between the mobile device and the device screen of the device. 5. The method of claim 1 further comprising: storing a first key, wherein authenticating the on-line identity for the client comprises signing a transaction completion request with the first key stored in the mobile device; and verifying the on-line identity for the client by using a corresponding second key stored by a computer of a web service provider. 6. The method of claim 5 wherein verifying the on-line identity for the client comprises evaluating personal biometry. 7. The method of claim 5 further comprising: constructing an authorization assertion; and passing the authorization assertion to the web service provider. 8. The method of claim 7 wherein passing the authorization assertion comprises passing an OAuth2 token, SAML token, or RP token to the web service provider. 9. The method of claim 1 wherein recognizing the optical mark comprises scanning the optical mark by a camera of the mobile device. 10. The method of claim 5 wherein the first key comprises a private key, and wherein the second key comprises a public key. 11. The method of claim 6 wherein evaluating the personal biometry comprises retina scanning or fingerprint scanning. 12. An apparatus comprising: a non-transitory memory configured for storing an application, the application configured for: recognizing an optical mark displayed on a device screen of a device, wherein the optical mark comprises at least two concentric circles, wherein the optical mark is calibrated by comparing at least three different colors within a calibration region within the at least two concentric circles to an encoding palette, wherein a portion of the optical mark within the at least two concentric circles, comprises a plurality of segments wherein each segment of the plurality of segments comprises one color of the at least three different colors; detecting the optical mark using the registration mark and the calibration region by identifying and assigning values to the plurality of segments of the segmented portion and decoding an optical code based on the assigned values; and authenticating an on-line identity for a client based on the optical code of the optical mark and based on the on-line identity of the client; and a processor configured for processing the application. 13. The apparatus of claim 12 wherein the portion of the optical mark is based on the at least three different colors and each color is associated with the optical code comprising a number. 14. The apparatus of claim 12 wherein the optical mark is oriented by positioning a registration mark relative to the portion of the optical mark. 15. The apparatus of claim 12 wherein recognizing the optical mark comprises recognizing the optical mark over an air-gapped channel between the mobile device and the device screen of the device. 16. The apparatus of claim 12 wherein the application is configured for: storing a first key, wherein authenticating the on-line identity for the client comprises signing a transaction completion request with the first key stored in the mobile device; and verifying the on-line identity for the client by using a corresponding second key stored by a computer of a web service provider. 17. The apparatus of claim 16 wherein verifying the on-line identity for the client comprises evaluating personal biometry. 18. The apparatus of claim 16 wherein the application is configured for: constructing an authorization assertion; and passing the authorization assertion to the web service provider. 19. The apparatus of claim 18 wherein passing the authorization assertion comprises passing an OAuth2 token, SAML token, or RP token to the web service provider. 20. The apparatus of claim 12 wherein recognizing the optical mark comprises scanning the optical mark by a camera of the mobile device. 21. The apparatus of claim 16 wherein the first key comprises a private key, and wherein the second key comprises a public key. 22. The apparatus of claim 17 wherein evaluating the personal biometry comprises retina scanning or fingerprint scanning. 23. A method programmed in a non-transitory memory of a mobile device comprising: recognizing an optical mark displayed on a device screen of a device, wherein the optical mark comprises at least two concentric circles, wherein the optical mark is calibrated by comparing at least three different colors within a calibration region within the at least two concentric circles to an encoding palette; detecting the optical mark using the registration mark and the calibration region by decoding an optical code; and authenticating an on-line identity for a client based on the optical code of the optical mark and based on the on-line identity of the client. 24. The method of claim 23 wherein a portion of the optical mark is based on the at least three different colors and each color is associated with the optical code comprising a number. 25. The method of claim 23 wherein the optical mark is oriented by positioning a registration mark relative to a portion of the optical mark. 26. The method of claim 23 wherein recognizing the optical mark comprises recognizing the optical mark over an air-gapped channel between the mobile device and the device screen of the device. 27. The method of claim 23 further comprising: storing a first key, wherein authenticating the on-line identity for the client comprises signing a transaction completion request with the first key stored in the mobile device; and verifying the on-line identity for the client by using a corresponding second key stored by a computer of a web service provider. 28. The method of claim 27 wherein verifying the on-line identity for the client comprises evaluating personal biometry. 29. The method of claim 27 further comprising: constructing an authorization asser