Technical Field
The embodiments herein generally relate to cryptography, and, more particularly, to a method of multi-factor authentication of identity during encrypted communications.
Description of the Related Art
Information such as personal data and other sensitive information may be passed across a network such as the Internet, for example to provide credential information, payment information, or personal account management information. To protect sensitive information, the information can be transmitted over a secure transmission connection provided by an encryption system.
Conventional encryption systems are often difficult to use and thereby introduce weaknesses in the overall systems. For example, asymmetric encryption relies on complex mathematics applied to private and public information (e.g., private and public keys) and is inherently inefficient. Symmetric encryption is significantly more efficient, but relies on secret information (e.g., a password, passphrase, or private key) that must remain private between all persons or devices with authorized access to the encrypted data.
Other conventional encryption systems are difficult to use because these systems make inconvenient restrictions to users, or else the entire system becomes compromised. For example, secure one-on-one communications (such as the Off-The-Record (“OTR”) messaging protocol) is desirable when two users require perfect forward secrecy and/or deniable authentication. OTR messaging, however, requires communication occur only between two specific computing/communication devices and does not permit any user to switch computing/communication device during a secure one-on-one conversation.
The difficulties of conventional encryption systems increase when the secret information is publicly known. For example, when the secret information is publicly known, the entire encryption system becomes compromised and must be revised (e.g., resetting passwords, passphrases, private keys, etc.). Since various methods to obtain this secret information are well known and frequently used—techniques such as such as man-in-the-middle attacks, social engineering, etc.—it is therefore desirable to reduce exposure to an encryption system's private information, especially when cross communicating between the various devices associated with a user, thereby reducing the potential attack surface of such an encryption system.