The present invention relates generally to the field of multiple computer communication, and more particularly to communication authentication techniques.
Authentication of a user and/or a device is a basic problem in the modern digital society. A user desires remote access to various accounts using a variety of devices. However, that same user desires security that does not allow an adversary (someone looking to improperly access the user's accounts) similar access to the user's various accounts, even if the adversary has access to a device belonging to the user.
Conventional methods of authentication employ a variety of primitives including, but not limited to: digital signatures; encryption; attribute-based credentials; and/or message authentication codes (MACs). These primitives require a variety of high-entropy cryptographic material. For example, an RSA key pair or a secret key. Questions arise as to where cryptographic material is stored. Storing cryptographic material on a user's device creates exposure if a device is lost or stolen. Alternatively, hardware tokens, which securely store and operate on cryptographic material (e.g., smart cards, trusted platform modules (TPMs)), can be cumbersome, expensive, or technically impossible to implement. For example, hardware tokens can be inconvenient for a user, introduce additional costs for hardware, introduce additional costs for distribution, and may require various hardware tokens for different devices and/or platforms. Further alternatives include storing cryptographic material for various users on a server, exposing many accounts if an adversary attacks the server.