Use of the Internet, and in particular, of cloud-based storage and applications, is becoming increasingly integral to everyday life. The Internet is a communication medium between end points, such as a mobile device and a server that is openly accessible to the public. Cloud-based storage on an end point of the Internet provides ubiquitous access of user's files and applications from any capable end point. With the increased usage, comes an increased exposure to unscrupulous users of the Internet that can seek to randomly cause havoc or steal sensitive information from specific users.
The traditional paradigm for protection of sensitive information stored in cloud-based locations on the Internet is a password. For access, a user presents log-in credentials to a server that are verified against known credentials stored at the server. Problematically, the comparison paradigm is vulnerable to phishing or key-logging attacks by imposters, hacking or network sniffing, and even guessing by trial and error. Once exposed, the user files and applications are open not only to undetected theft by copying, but to vandalism by deletion. Moreover, the entire account is exposed at once because individually protecting each file and application with a unique password is not practical. Conventional encryption techniques are similarly vulnerable, especially when a cryptography key is stored on an end point.
Furthermore, users are currently burdened with memorizing and protecting more and more passwords. Some users have a single, default password which is not recommended because all accounts are vulnerable to a single password interception. Also, various systems have varying strength requirements for passwords. As a result, users are requested to provide hard to memorize passwords that include numbers, capital letters, or non-traditional characters, adding to user confusion.
What is needed is a technique for protecting digital assets without a password, while overcoming the deficiencies of the prior art.