Method for distributed trust authentication

What is claimed is: 1. A method for distributed authentication of a user attempting to access a service provider operating on a network, the method comprising: providing, by the service provider, a private/public cryptographic key pair; generating, by the service provider, using the private key of the private/public cryptographic key pair, a first private key share and a second private key share; distributing, by the service provider, to different remote locations via the network each of the public key, the first private key share, and the second private key share; in response to the user attempting to access, via a computing device, the service provider: performing a first authentication of the user, wherein when the first authentication is successful, generating a first partial signature using the first private key share; performing a second authentication of the user, wherein when the second authentication is successful, generating a second partial signature using the second private key share; and generating a composite digital signature using the first partial signature and the second partial signature; validating the composite digital signature using the public key; and providing, to the user, access to the service provider based on a successful validation of the composite digital signature. 2. The method of claim 1 , wherein the different locations comprise a primary authentication system, a secondary authentication system, and the service provider, wherein the public key is distributed to and stored at the service provider. 3. The method of claim 2 , wherein: the first authentication is performed at the primary authentication system; and the second authentication is performed at the secondary authentication system. 4. The method of claim 3 , wherein the secondary authentication system and the first service provider do not have access to the first private key share; wherein the primary authentication system and the first service provider do not have access to the second private key share. 5. The method of claim 3 , further comprising: transmitting a secondary authentication request from the primary authentication system to the secondary authentication system in response to successful primary authentication of the user, wherein performing the secondary authentication comprises performing the secondary authentication only after receiving the secondary authentication request. 6. The method of claim 2 , wherein the primary authentication system comprises an independent identity provider and the secondary authentication system comprises a two-factor authentication service. 7. The method of claim 1 , wherein: in response to performing the first authentication, generating a first authentication response; transmitting the first authentication response; and generating a second authentication response based on the first authentication response. 8. The method of claim 1 , wherein performing the primary authentication of the user and validating the first composite digital signature are conducted by a same entity comprising an identity provider and the service provider. 9. The method of claim 8 , wherein performing the secondary authentication of the user includes performing the primary authentication at a remote authentication service that is a two-factor authentication service. 10. The method of claim 1 , further comprising: transmitting the first partial digital signature to the computing device of the user; transmitting the second partial digital signature to the computing device of the user; wherein combining the first and the second partial digital signatures comprises combining the first and the second partial digital signatures at the computing device of the user. 11. The method of claim 1 , wherein generating the second partial digital signature comprises generating the second partial digital signature in response to both of the successful primary authentication and the successful secondary authentication. 12. The method of claim 1 , wherein a first authentication factor used in performing the first authentication comprises a knowledge factor, and wherein the first partial digital signature is generated for a first authentication response to the first authentication using the knowledge factor. 13. The method of claim 12 , wherein the knowledge factor is a password to a user account associated with the first service provider. 14. A system for distributed authentication of a user attempting to access a service provider operating on a network, the system comprising: a primary authentication system authenticates the user over the network via a computing device; a secondary authentication system authenticates the user over the network via the computing device, subsequent to the primary authentication system; a service provider provides the user with one or more services; wherein: a first private key is distributed to the primary authentication system, a second private key is distributed to the secondary authentication system, a public key is distributed to the service provider, the public key is a part of a private/public key pair, and the first private key and the second private key are generated using the private key of the private/public key pair; at the primary authentication system: in response to the user attempting to access, via the computing device, the service provider performing a first authentication of the user, wherein when the first authentication is successful, generating a first partial signature using the first private key; at the secondary authentication system: performing a second authentication of the user, wherein when the second authentication is successful, generating a second partial signature using the second private key; and at one of the primary authentication system, the secondary authentication system, and the computing device: generating a composite digital signature using the first partial signature and the second partial signature; at the service provider: validating the composite digital signature using the public key; and providing, to the user, access to the one or more services of service provider based on a successful validation of the composite digital signature. 15. The system of claim 14 , wherein: the primary authentication system comprises an identity provider; and the second authentication system comprises a two-factor authentication service. 16. A method for distributed trust authentication of a user attempting to access a service provider operating on a network, the method comprising: distributing, by the service provider, a first private key share, a second private key share, and a third private key share to a first authentication system, a second authentication system, and a third authentication system over the network, respectively, wherein the first authentication system is an identity provider for a first service provider the second authentication system is an independent authentication service; distributing, to the first service provider, a first public key paired with a first private key comprising the first private key share and the second private key share, wherein the first public key corresponds to the first private key used to generate the first and second private key shares; distributing, to a second service provider, a second public key paired with a second private key comprising the second private key share and the third private key share, wherein the second public key corresponds to the second private key used to generate the third private key share, wherein the first and