Modern computer usage requires that data be provided to a variety of entities, both local and remote, such as over the internet. This has given rise to fraudulent obtaining of data, for example via identity theft such as “phishing.” Current approaches do not effectively prevent this from occurring.
Existing ways to provide data do not provide a guarantee of who may obtain the data. Data may be misused by a party who should not have access to the data. Examples of such data include passwords, financial identifiers such as credit card numbers and bank account numbers, and personal information such as social security numbers and driver's license numbers. Additionally, input intercepting hardware and software such as keyloggers and screenloggers can compromise data.
External hardware devices have been deployed as second authentication factors. However, such use is cumbersome, both because of the necessity of manually entering authentication data such as a time-varying key, and because of the need for carrying an extra hardware device that is superfluous when not obtaining an authentication key. Furthermore, such hardware authentication devices do not authorization data on the computer, and are susceptible to man-in-the-middle attacks.
It would be useful to ensure that provided data is received and/or usable only by an intended recipient of the data. It would further be useful to do so in a manner that ensures that only a user with an associated hardware device can authenticate, and to secure such authentication in a manner that protects against man-in-the-middle attacks on a user's computer.