Ensuring that data is securely communicated between computers continues to be a concern. For instance, an attacker may attempt to eavesdrop on communications (e.g., by conducting a man-in-the-middle attack). Thus, an attacker may attempt to intercept data, such as a public key, that can be used to infer the identity of a user, a client computer, or a server computer. An attacker may also attempt to intercept identification data, such as a computer identifier or a public key of the computer, or authentication data, such as a password, transmitted by the computer. The intercepted data could be used to track the user device or it may be used for illicit purposes. Further complicating matters is the prior state of the computers before communicating. In some cases, the client computer and the server may not previously store a digital certificate of each other—in other words, the client computer and the server computer may not trust each other a priori. Conducting secure communications in such circumstances may pose a challenge.
Embodiments of the present invention address these and other problems individually and collectively.