In order to perform an online transaction in a distributed computing system such as, for example, an online transaction system accessible via the Internet, a user is often required to authenticate himself/herself to the system. This authentication takes place prior to the user being permitted to perform the transaction or otherwise gain access to an application or computing resource that supports the actual transaction. There are many existing challenge-response mechanisms available that can be used by such online transaction systems that are intended to authenticate the user.
Furthermore, while data transmitted over the Internet is typically encrypted, there are many chances for hackers to steal important user information via mechanisms such as a key-logger (a program that secretly records key strokes of the user and transmits them to a hacker), a mouse-tracker (a program that secretly records mouse clicks of the user and transmits them to a hacker), or other malicious software (so-called “malware”) resident on the computing device of the user. Generally speaking, for most input hardware devices already integrated in a personal computer, they can be easily hacked. Even in the case of voice authentication (the process of authenticating a user via voice biometrics), a bugging device can be planted on the audio channel to steal voice data and thus voice biometric information of the user.