Well that is one use of it, you can also use the two key method for verification of a user when accessing sites or resources. To access mypay.dfas.navy.mil you need the public key, saying you have CAC and you need the private key ( your pin ), I was simply trying to related to what his suggestion was.
In this case this second key you refer to is an authenticator? If it is, AFAIK, it is only a random number generator where you and the server you want to authenticate with have your seed, hence both know the generated number sequence.
The number generated by the authenticator is not used in the Public Key algorithm.
Good to know, but that method, would or could be used... could it not? for the authentication process and keeping things legit from outside sources to the master server? Honestly, at this point the best option just might be to use greenlight and use the SDK backend from valve. The issue with that is the cut they get... I dont know how much that is and you dont really find out till you enter in deals with them. They already have the framework to provide something with stores, and steamworks, and other fun little things. I guess that is something I will have to look into. Thanks for the help, you both have been very informative.