Technical Field
The embodiments herein generally relate to cryptography, and, more particularly, to a system and method of encrypting authentication information.
Description of the Related Art
Applications delivered through the Internet and executed with in a user's Internet browser (“browser”) are becoming increasing common on the Internet. Often, such applications involve sensitive user information and may include, for example, credential information, payment information, and/or personal account management information. For these and other reasons, it is often desirous to verify that the application is an authentic copy and has not been tampered with in any way. For example, sensitive user information could be severely compromised by a malicious entity by modifying an application to obtain sensitive user information and/or information from the user's computer or computer network. Moreover, when such a malicious entity tampers with the application delivered through the Internet, the malicious entity may also be capable of tampering with the user's computer or other computers on the computer network.
To protect sensitive information, conventional methods often exchange asymmetric public keys. The difficulties of such conventional methods for communication over a public network (such as the Internet), however, are numerous and publicly known. For example, the system providing the public key itself to a user may have been tampered with and therefore does not an authenticate copy of the public key. Conventional methods do not address such a situation and, significantly worse, create the illusion of a secure environment. It is therefore desirable to reduce exposure to an encryption system's private information and verify that an exchange of information over a public communications channel is an authentic copy.