Paper credentials are documents that attest to the identity or other attributes of an individual or entity called the subject of the credentials. Some common paper credentials include passports, birth certificates, driver's licenses, and employee identity cards. The credentials themselves are authenticated in a variety of ways: traditionally perhaps by a signature or a seal, special papers and inks, high quality engraving, and today by more complex mechanisms, such as holograms, that make the credentials recognizable and difficult to copy or forge. In some cases, simple possession of the credentials is sufficient to establish that the physical holder of the credentials is indeed the subject of the credentials. More commonly, the credentials contain biometric information such as the subject's description, a picture of the subject or the handwritten signature of the subject that can be used to authenticate that the holder of the credentials is indeed the subject of the credentials. When these paper credentials are presented in-person, authentication biometrics contained in those credentials can be checked to confirm that the physical holder of the credential is the subject. Typically, electronic identity credentials bind a name and perhaps other attributes to a token. In e-authentication, typically, the claimant authenticates to a system or application over a network. Therefore, a token used for e-authentication is a secret and the token must be protected. In some cases, the token may, for example, be a cryptographic key, that is protected by encrypting it under a password. Typically, authentication systems are often categorized by the number of factors that they incorporate: i) something you know (for example, a password); ii) something you have (for example, an ID badge or a cryptographic key); and iii) something you are (for example, a voice print or other biometric).