In the mobile domain, challenges exist with respect to the generation of keys and protecting secrets or sensitive assets. Existing approaches include the following procedures for attempting to protect a secret on a mobile device: implementing a hardware security module, incorporating stable system values, and/or utilizing a passphrase and/or passcode authentication.
Additionally, in existing approaches, the majority of mobile devices include neither a hardware root of trust nor a prevalent hardware-based method of protecting a key. Other devices include embedded secure elements (such as smart cards), but such devices do not provide open application programming interfaces (APIs) that can be accessible to developers. Further, stable system values such as an international mobile subscriber identity (IMSI) are isolated from a developer. Accordingly, mobile device and/or application management tools (mobile device management (MDM) and mobile application management (MAM), respectively) generally use passphrases to protect secrets and/or sensitive assets. However, passphrases and personal identification numbers (PINs) used in connection with mobile devices commonly have low amounts of entropy, making such security features vulnerable to attack.
Consequently, a need exists to add entropy to password-based authentication systems.