Applications often store cached user data on a device as a user interacts with an application in order to improve performance of the application. The cached user data may be sensitive user data and may need to be protected by encrypting the data. The encryption depends on some form of entropy to obscure the data so that it cannot be retrieved without the correct entropy. In order to provide a reasonable level of security, it is desirable to maintain the entropy separately from the encrypted data. In many cases, the user data is encrypted using some form of entropy from the user (e.g., password, passcode, gesture input, etc.), so that the entropy is maintained separately from the encrypted data and so that the encrypted data cannot be accessed by anyone other than the user.
However, as applications begin to become increasingly available on more various types of devices, potential problems with requiring frequent re-authentication from the user begins to create potential problems and inconveniences. In some cases, the display is highly visible and uses an on-screen keyboard (e.g., a media streaming device that displays a user interface on a television or projector), making it difficult to enter a password (or other authentication information) without exposing it to others. In addition to being exposed, as many devices are designed with a simple interface for viewing media, they lack a convenient method for inputting a password or passcode. When a user is faced with having to frequently enter a password using an inconvenient method, the user will often use simple and unsafe authentication information (e.g., passwords), making it easier to capture user data information.
It is desirable to secure user data in a manner convenient to the user, while also maintaining a secure, separate (non-resident) entropy