Conventionally, sensitive transactions can be compromised by an adversary manipulating hardware and/or software, by an adversary intercepting a user's physical mail, by an adversary observing user entry, by an adversary employing key-stroke loggers, by an adversary intercepting mouse, touch-screen, or gestural input events, and/or by an adversary scavenging the content of the memory in the graphics subsystem. Examples of such sensitive transactions include authentication dialogs for online commerce that require a user to enter passwords, account numbers, or other private information.
Typical existing solutions involve the use of a physical or a digital one-time pad and are expensive and inconvenient. In a physical example, a financial institution mails a customer a list of random numbers, each of which can be used for only one transaction, but the list can be intercepted from the mail, and when the user account information is obtained, the attacker can have unbridled access to the user's account. In a digital example, a trusted, auxiliary device becomes part of a session-unique challenge/response dialog. In the digital example, the user is required to enter a password into a secure, self-contained device, which then supplies a unique key that the user has to enter as part of the authentication dialog.
Another existing solution involves the use of a biometric sensor, such as a fingerprint reader, a retina scan, etc. The appropriate scanner is incorporated into terminal devices or add-on devices, which are susceptible to hardware attacks. It has been shown that fingerprint readers can be fooled making a replica that works with multiple commercial fingerprint readers. Regardless of the technical strength of biometric sensors, they are expensive to incorporate into a wide-spread service with a large, heterogeneous user group. They are also difficult to integrate into a general purpose platform in a way that cannot be compromised.