Secure authentication in a multi-party system

We claim: 1. A method of authenticating a network user to another network entity, comprising: executing, on a first user operated device, a first program to: receive user inputted validation information; store a user credential on the first user operated device; executing, on a second user operated device, a second program to: receive information from another network entity via the network; further executing the first program to: receive an input transferring, to the first program, the information received by the second program from the other network entity; direct transmission, to an authentication server via the network, of the transferred information; receive, from the authentication server via the network, an identifier of the other network entity, other information, and authentication policy requirements of the other network entity; direct transmission, to the authentication server via the network, of the input validation information corresponding to the received other network entity authentication policy requirements; receive, from the authentication server via the network after directing transmission of the validation information, a request for a user credential; sign a message, including the transferred information and the received other information, with the stored user credential; direct transmission, to the authentication server via the network, of the signed message to authenticate the user; and generate user secret data; divide the generated secret data into multiple portions including a first portion and a second portion; encrypt the user credential with the generated secret data, wherein the stored credential is the encrypted credential; direct transmission, to the authentication server via the network, of the second portion of secret data; receive, from the authentication server via the network after directing transmission of the validation information, the second portion of secret data; combine the stored first portion of secret data with the received second portion of secret data; and decrypt the stored encrypted credential with the combined portions of secret data; wherein the message is signed with the decrypted user credential; and further executing the second program to: receive, from at least one of the authentication server and the other network entity via the network, an indication that the user has been successfully authenticated. 2. The method of claim 1 , wherein: the first user operated device and the second user operated device are the same device; the information is a random number that serves as a session identifier; and the other information is another random number. 3. The method of claim 1 , further comprising further executing the first program to: generate a private/public key pair for the user, wherein the stored user credential is the private key of the generated user private/public key pair; and direct transmission, to the authentication server via the network, of the public key of the generated user private/public key pair. 4. The method of claim 1 , further comprising further executing the first program to: receive user inputted user authentication policy requirements; direct transmission of the received user authentication policy requirements to the authentication server; receive from the authentication server with the authentication policy requirements of the other network entity, any additional authentication policy requirements based on any differences between the user authentication policy requirements and the other network entity authentication policy requirements; and direct transmission, to the authentication server via the network, of the received validation information corresponding to any received additional authentication policy requirements. 5. The method of claim 1 , wherein the information is first information and the other information is first other information, and further comprising, after the authentication server has been notified that the first user operated device is no longer in use or has been lost or stolen or the user credential has otherwise been compromised: further executing the second program to: receive, from the other network entity via the network, second information; executing, on the first or a third user operated device, the first program to: receive an input transferring, to the first program, the second information received by the second program from the other network entity; direct transmission, to the authentication server via the network, of the transferred second information; receive, from the authentication server via the network, an identifier of the other network entity, second other information, and authentication policy requirements of the other network entity; direct transmission, to the authentication server via the network, of the input validation information corresponding to the received other network entity authentication policy requirements; and receive, from the authentication server via the network in response to the transmitted validation information, a notification that the user has been validated but cannot be authenticated because the user credential has been invalidated. 6. The method of claim 5 , further comprising further executing the second program to receive, from the authentication server via the network, a redirection instruction, redirecting the user to the other network entity's reenrollment website on the network. 7. The method of claim 5 , further comprising further executing the first program to: receive a request for a replacement credential from the authentication server via the network; and in response to the received request for replacement credential, generate a replacement credential, store the generated replacement credential, and direct transmission of the generated replacement credential to the authentication server via the network. 8. The method of claim 5 , further comprising, after directing transmission of the generated replacement credential to the authentication server, further executing the first program to: direct transmission, to the authentication server via the network, of another message, including the second information and the second other information, signed with the replacement credential to authenticate the user. 9. The method of claim 1 , further comprising further executing the second program to: direct a presentation, on a display screen, of the received information; wherein the received information is in the form of an optical code; and wherein the input transferring the received information to the first program, is a digital photograph of the presented optical code. 10. The method of claim 1 , further comprising further executing the second program to: direct printing of the received information; wherein the input transferring the received information to the first program is a digital photograph of the printed optical code. 11. The method of claim 1 , wherein the first user operated device and the second user operated device are different devices operated by the network user. 12. An article of manufacture for authenticating a network user to another network entity, comprising: non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to: receive user inputted validation information; store a user credential; receive an input of information, wherein the information was obtained by the user from another network entity; direct transmission, to an authentication server via the network, of the input information; receive, f