Servers on computer networks, such as the Internet, can provide secure services to users. Users are often required to provide an authenticated key to gain access to such secured services. Several methods can be used to distribute authenticated keys to authorized users. For example, an authenticated key can be printed on paper and mailed to an authorized user's home. In some situations, it may be desired to distribute authenticated keys electronically, such as with a server on the computer network. However, distributing authenticated keys this way can be problematic since it can be difficult to verify that the person requesting an authenticated key is an authorized user. For example, if a password is used to verify the identity of a person requesting an authenticated key, the server providing the key cannot differentiate between an authorized user and an imposter who stole the authorized user's password. Moreover, the problems of password distribution and key distribution are similar: passwords that provide high security (e.g., an arbitrary 128-character string) are too difficult to distribute by voice, and passwords that are easy to distribute by voice provide little security.
There is a need, therefore, for a method and system that can be used to distribute authenticated keys that overcomes the disadvantages described above.