Detecting matched cloud infrastructure connections for secure off-channel secret generation

I claim: 1. A method to establish cryptographically secure communication between a first party and a second party, the first party and the second party being separate computing devices, the method comprising: generating, by the first party, a session identifier; coordinating, by at least the first party, use of the session identifier by the first party and the second party; finding, by the first party, an available secure communication channel to a third party, wherein the third party is a datacenter computing system; transmitting, by the first party, the session identifier to the third party via the available secure communication channel; receiving, by the first party, via the available secure communication channel, a third party identifier and a session identifier-specific secret from the third party; sharing, by the first party, information about the received third party identifier with the second party; determining, by the first party, that the third party identifier received by the first party matches a third party identifier received by the second party; and generating a cryptographic key to secure communication between the first party and the second party using the session identifier-specific secret received with the matching third-party identifier. 2. The method of claim 1 , wherein the finding an available secure communication channel to a third party comprises querying an application programming interface. 3. The method of claim 1 , wherein the finding an available secure communication channel to a third party comprises identifying an application service that accepts messages directed to the third party. 4. The method of claim 3 , wherein the application service comprises an Android™ operating system Intents object to enable a first Android™ component to request functionality from a second Android™ component. 5. The method of claim 1 , wherein the transmitting the session identifier to the third party comprises transmitting an identifier of the first party to the third party. 6. The method of claim 1 , wherein the receiving of the third party identifier and identifier-specific secret occurs one or two times. 7. The method of claim 1 , wherein the generated cryptographic key is to authenticate communication between the first party and the second party. 8. A method performed by a computing device, comprising: establishing, by a first entity operating at the computing device, a session identifier shared by the first entity and a second entity that are each configured to exchange cryptographically secure messages with one or more third entities; providing, by the first entity, the session identifier to one or more of the third entities; receiving, by the first entity, from one of the one or more third entities, a third entity identifier and a secret in response to the session identifier; determining, by the first entity, that the third entity identifier received by the first entity matches a third entity identifier received by the second entity; generating, by the first entity, an encryption key using the secret received with the matching third entity identifier; and encrypting, by the first entity, with the encryption key, communication between the first entity and the second entity. 9. The method of claim 8 , wherein the second entity is a user. 10. The method of claim 8 , wherein the second entity is a merchant. 11. The method of claim 8 , wherein the second entity is an application. 12. The method of claim 11 , wherein the first entity and the second entity operate at the same computing device. 13. The method of claim 8 , wherein the cryptographic key is a symmetric key. 14. The method of claim 8 , wherein the generating an encryption key using the secret comprises applying a cryptographic key derivation function to the secret. 15. A method performed by a first entity in a computing system, the first entity having a secure connection to a datacenter computing system, to establish a secure communication channel with a second entity in the computing system, the second entity having a secure connection to the datacenter computing system, comprising: reading, by the first entity, a set of datacenter properties from the datacenter computing system; generating, by the first entity, a datacenter identifier and a secret based on the read set of datacenter properties; receiving, by the first entity, an identifier from the second entity; comparing, by the first entity, the generated datacenter identifier with the identifier received from the second entity; determining, by the first entity, that the generated datacenter identifier matches the identifier received from the second entity; and establishing, by the first entity, a secure communication channel with the second entity using the secret generated with the datacenter identifier. 16. The method of claim 15 , wherein the read set of datacenter properties comprises datacenter address information. 17. The method of claim 15 , wherein the read set of datacenter properties comprises datacenter state information. 18. The method of claim 15 , wherein the read set of datacenter properties comprises results of datacenter API tests. 19. The method of claim 15 , wherein the generating of the datacenter identifier and a secret comprises applying a first cryptographic hash function to the read set of datacenter properties to generate the datacenter identifier and applying a second cryptographic hash function to the read set of datacenter properties to generate the secret. 20. The method of claim 15 , wherein the establishing of a secure communication channel comprises exchanging increasingly complex keys until a desired bit depth of security is reached. 21. The method of claim 15 , wherein the cryptographic key is a symmetric key. 22. A system to securely provide a secret to a first party and a second party, the first party and the second party being separate computing devices, the system comprising: a processor and memory; a secret-providing component that, in response to receiving a session identifier via a first secure connection, generates by the processor a secret-providing component identifier and a session identifier-specific secret, and returns the secret-providing component identifier and the session identifier-specific secret via the first secure connection; a first secret-requesting component, associated with the first party, that: generates a session identifier in coordination with a second secret-requesting component, sends the session identifier to the secret-providing component via a second secure connection, receives a secret-providing component identifier and a session identifier-specific secret via the second secure connection in return, and determines that the secret-providing component identifier received by the first secret-requesting component matches a secret-providing component identifier received by the second secret-requesting component; and a second secret-requesting component, associated with the second party, that: generates a session identifier in coordination with the first secret-requesting component, sends the session identifier to the secret-providing component via a third secure connection, receives a secret-providing component identifier and a session identifier-specific secret via the third secure connection in return, and determines that the secret-providing component identifier received by the second secret-requesting component matches a secret-providing