Individuals and organizations increasingly rely on digital communications (e.g., via the Internet) to conduct their daily affairs. Due to the sensitivity of some transactions, these individuals and organizations may wish to communicate securely and to ensure that a party to a transaction is who the party claims to be.
In some cases, parties to a transaction may use a shared secret (e.g., information that each party has to the exclusion of the rest of the world) to communicate securely and/or to provide authentication. For example, a shared secret may be used to derive one or more encryption and/or authentication keys and/or to generate message authentication codes to authenticate messages. In some cases, a shared secret may be used to generate one-time passwords.
Unfortunately, the process of sharing a secret may allow a malicious third party to steal the secret (e.g., in transit or in storage), thereby potentially defeating the purpose of the shared secret to enable secure, authenticated communications. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for authenticating devices.