The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely sophisticated devices, and computer systems may be found in many different settings. Computer systems typically include a combination of hardware, such as semiconductors and circuit boards, and software, also known as computer programs. As advances in semiconductor processing and computer architecture push the performance of the computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago.
Today's more powerful computers are often connected in networks, and a user at one computer, often called a client, may wish to access information at multiple other computers, often called servers, via a network. Many applications on these servers require a password before allowing access, in order to safeguard confidential information. For example, users might need passwords to access various accounts, such as business e-mail, personal e-mail, online banking, mortgage accounts, news services, classified ads, or online shopping.
In the past, users typically accessed these accounts via a trusted client, such as a client that the user is certain does not contain a key-logging program or Trojan horse that could eavesdrop on the user's keystrokes and capture the user's password. For example, users may trust their own home computers because they personally execute anti-virus and anti-spyware tools on these clients on a regular basis. But, increasingly, users are accessing their accounts from computers that are non-trusted clients because the users do not personally control them. For example, users may wish to check their bank account balances from a client computer at an Internet cafe or a public library. A user of such non-trusted clients has little opportunity to verify that the clients do not contain harmful code, which could misappropriate the user's password.
Hence, a better technique for protecting a user's password from misappropriation at a non-trusted client is needed.