The attacker is not able to intercept the communication between client and server to obtain sensitive information that will enable him to identify the identity of the user before the verifier. For this feature it is assumed that the attacker is able to bypass Transport Layer Security (TLS). For example, through the certification authority or through Man-in-the-Middle attacks and can thus access the plain-text communication of both communication partners.