Application developers must protect sensitive content on devices where access to an embedded, pluggable or external hardware secure element is not feasible. Developers have limited options to ensure the protection of their sensitive content. Typical methods either rely on the native platform protection mechanisms, such as an application sandbox for separating running programs, combined with optional encryption under a global disk encryption key or derive an encryption key from a weak user personal identification number (PIN) or password.
For example, FIDO (Fast Identity Online) is a security industry organization addressing problems that users face with creating and remembering multiple usernames and passwords for web sites and cloud applications. FIDO has specified a Universal Authentication Framework (UAF) and a Second Factor Authentication (U2F) technique. Generally, FIDO protocols are based on public key cryptography and are resistant to phishing attacks.
Nonetheless, a need remains for new techniques for protecting one or more secret keys on devices, such as mobile devices. A further need exists for new techniques for protecting key material using white-box cryptography and split key techniques.