Secure authentication protocol systems and methods

What is claimed: 1. A system for transferring authentication protocols between a sensor and a platform, the system comprising: a first input device to, during a pre-boot session: verify received data representative of a first authentication factor; store the verified first authentication factor; and store a credential logically associated with a prior session; verify the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; upon verifying the prior session, indicate the presence of the credential using a logical indicator; at least one circuit communicably coupled to the first input device; a data storage device communicably coupled to the at least one circuit, the data storage device including machine-readable instructions that, when executed by the at least one circuit, causes the at least one circuit to provide an authentication engine and causes the authentication engine to, during a current post-boot session: communicate a challenge to the first input device; receive a payload that includes the verified first authentication factor and the prior session credential from the first input device in response to the communicated challenge; verify the prior session credential received from the first input device; and generate a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. 2. The system of claim 1 wherein the at least one circuit provides the authentication engine in a trusted execution environment. 3. The system of claim 2 wherein the machine-readable instructions cause the at least one circuit to cause the authentication engine to further: cause a credential generator to generate a current post-boot session credential; and replace the stored prior post-boot session credential with the current post-boot session credential. 4. The system of claim 3 wherein the machine-readable instructions cause the at least one circuit to cause the authentication engine to further: provide user access to the post-boot environment responsive to a successful verification of the prior post-boot session credential by the authentication engine. 5. The system of claim 4 wherein the machine-readable instructions cause the at least one circuit to cause the authentication engine to further: request a second authentication factor responsive to an unsuccessful verification of the prior post-boot session credential by the authentication engine. 6. The system of claim 5 wherein the machine-readable instructions cause the at least one circuit to cause the authentication engine to further: provide user access to the current post-boot session responsive to a successful verification of the second authentication factor by the authentication engine. 7. The system of any of claims 1 through 6 , the first input device to further: receive data representative of a user-supplied first authentication factor. 8. The system of claim 7 wherein the first input device comprises at least one of: a knowledge factor input device, a possession factor input device, an inherence factor input device, a location factor input device, or a time factor input device. 9. The system of any of claims 1 through 6 wherein the credential includes a nonce previously supplied by the authentication engine to the data acquisition device. 10. The system of any of claims 1 through 6 wherein the credential includes a calculated value based at least in part on a known value previously supplied by the authentication engine to the data acquisition device. 11. An authentication method, comprising: during a pre-boot session: verifying, by a first input device, a first authentication factor; storing, by the first input device, the verified first authentication factor; and storing, by the first input device, a credential logically associated with a prior post-boot session; verifying the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; upon verifying the prior session, indicating the presence of the credential using a logical indicator; during a current post-boot session: generating, by an authentication engine, a query; communicating, by the authentication engine, the query to the first input device; receiving, by the authentication engine, the verified first user authentication data and the prior post-boot session credential from the first input device in response to the communicated query; verifying, by the authentication engine, the received prior post-boot session credential; and generating a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. 12. The method of claim 11 wherein verifying the prior post-boot session credential comprises: verifying, by the authentication engine, the prior post-boot session credential includes at least one credential representative of an immediately preceding post-boot session. 13. The method of claim 12 , further comprising: during the current post-boot session: generating, by a credential generator, a credential logically associated with the current post-boot session; and overwriting, by the authentication engine, the prior post-boot session credential with the current post-boot session credential. 14. The method of claim 11 , further comprising: causing at least one circuit to execute at least one machine-readable instruction set that causes the at least one circuit to provide at least a portion of the authentication engine. 15. The method of claim 14 wherein causing at least one circuit to execute at least one machine-readable instruction set that causes the at least one circuit to provide at least a portion of the authentication engine comprises: causing the at least one circuit to execute, in a trusted execution environment, at least one machine-readable instruction set that causes the at least one circuit to provide at least a portion of the authentication engine. 16. The method of claim 11 , further comprising: in the pre-boot session: receiving, by the first input device, a user-supplied first authentication factor. 17. The method of claim 16 wherein receiving the user-supplied first authentication factor comprises: receiving, by the first input device, at least one of: a knowledge factor, a possession factor, an inherence factor, a location factor, or a time factor. 18. The method of any of claims 11 through 17 , further comprising: providing, by the authentication engine, user access to the current post-boot session responsive to successful verification of the first user authentication factor by the authentication engine. 19. The method of any of claims 11 through 17 , further comprising: requesting, by the authentication engine, a second authentication factor responsive to an unsuccessful verification of the stored prior post-boot session credential; and verifying, by the authentication engine, the second authentication factor prior to providing user access to the current post-boot se