Our problem is simply stated: we need a way to store the user authentication information on the client in a trustworthy manner. If  we allow ourselves one connection to the client, we can authenticate the credentials and save a copy of the authentication information in a way that prevents it from being easily changed by the console. This means we don't have to perform any crypto on the client and can attempt begin  to trust think about trusting  the data that we have stored.