Secure data exchange over a communications network is one of the most important issues in may businesses and industries. Various encryption methods and key schemes (public and private) have been used to securely transmitting electronic data. For example, an electronic mail exchange system is typically protected by a username and password, and usually offers an encryption function for contents and attachments for outgoing messages. Secure Socket Layer (SSL) protocols are typically used for encrypted communications in data exchange systems. Transport Layer Security (TLS) protocols may also used. An electronic certificate (digital ID) is also used to identify the user in electronic transactions. While data to be transmitted is encrypted and access to a data exchange server is restricted using passwords and certificates, such a conventional data exchange system does not protect the “communications path” during the transmission. For example, once the encrypted data was sent out from a source/sender, the encrypted data in he form of data packets may be hacked or altered before reaching the destination/recipient. After a user is allowed access to a data exchange server and starts downloading or uploading data, the data may be intercepted, eavesdropped, or filtered to hack information contained therein. In addition, in electronic transactions such as on-line shopping and on-line banking, a user is only initially authenticated and authorized (typically using the username and password) to log on to a secured site. During such an electronic transaction, a disguised user may log on to access the secured site, or the user may be led to an unintended site which tries to obtain personal information from the user. However, the conventional system does not provide means to confirm that the user is still the same authenticated user, and that the server is still the same server.