Many techniques for authenticating a mobile device (e.g., a smart phone) to an immobile device (e.g., a multi-function device) exist. However, techniques that allow the immobile device to establish that a user of the mobile device is who he claims to be do not necessarily establish a trust relationship from the immobile device to the mobile device. In other words, some techniques do not permit the mobile device to establish that it is communicating over a network connection with the intended immobile device and only that immobile device, rather than, for example, a malevolent device configured to spoof the intended immobile device. The user of the mobile device also desires assurance that his communications to the immobile device are safe from, e.g., man-in-the-middle and eavesdropping attacks. Often public key infrastructure (“PKI”) is used to establish security and a chain of trust between devices. However, PKI and other such techniques require a trusted third party. Further, such techniques must be properly implemented to provide the desired trust, but some implementations use self-signed certificates for cost and administrative reasons, thereby omitting the trust that would have been provided by the trusted third party.