In today's computing environment, the ability to securely authenticate users is quite significant (consider, for example, an Internet-based banking solution). The proof of identity generally lies in the presentation of a “secret” (such as a password) to the computer. Using these secrets in a secure manner relies, implicitly, on trust in the hardware/software combination which receives the secrets for the purpose of authentication.
However, current techniques may be vulnerable to problems introduced by operating systems (OS) which have been compromised by viruses or so-called “Trojan horses,” which can intercept all communication from the user to the machine. One example of this is “keyloggers” which are able to intercept passwords and credit card numbers and forward them to a malicious party.
Current approaches to prevent this copying include use of cryptographic tokens, such as smartcards, or built-in security hardware, such as the trusted platform module (TPM). However, these tokens usually do not have a display and/or keyboard. As a consequence, the running operating system has to relay the tokens during input to, and output from, the security device. The operating system, in general, cannot be trusted (for example, due the presence of malicious software) and will be able to interact with the token and use the token to authenticate or sign arbitrary messages without a user being able to notice.
One remedy that has been employed is to use more complex secure tokens, such as the RSA SecurID® device (registered mark of RSA Security, Inc., Bedford, Mass., USA). This device has a display and keyboard and can perform challenge-response protocols inside the trusted device. As a consequence, the data passed through the OS (challenge/response) is no longer security-critical.