Increasingly, the affairs of individuals and enterprises are being conducted over the Internet and via the World-Wide Web (WWW). This has provided for a geographically dispersed world economy and created many opportunities, which previously did not exist.
One major issue associated with conducting affairs over the WWW is security. Just as the WWW has grown, so too has the sophistication of the criminals that lurk on the Internet attempting to acquire passwords and other sensitive data of users as that data becomes exposed on the Internet during network transactions.
To address these concerns a variety of security mechanisms are typically used, such as a Public and Private Key Infrastructure (PKI) transactions, Virtual Private Networks (VPN's), and other key distribution and encryption techniques. Still, even these mechanisms are not full proof and each mechanism has its own security issues that have to be addressed because of the increasing sophistication of today's Internet hackers.
One particular approach, which is used for enhancing security, is to split a key into multiple pieces. Key splitting is particularly useful for a user when the user forgets his/her key. The original key can be split into pieces and then escrowed with multiple parties, such that each of the pieces from each escrow agent is needed to reassemble the key. Should the user ever forget the key and want to reacquire it, escrow agents supply their pieces and the key is reassembled for the user. Key splitting is also useful in other scenarios as well, such as when multiple parties are needed to access a secure asset, where each party includes a piece of an overall key needed to access that asset. Sometimes key splitting should also be done in such a way that if the key is divided into ‘n’ pieces and escrowed with multiple parties, then the original key should be able to be reassembled by using any ‘k’ escrow agents pieces, where k=n and should not be able to be reassembled into the original key by any number of pieces less than k.
However, conventional key splitting techniques do not validate the individual key pieces; rather, the entire re-assembled key having all the pieces is validated. The problem with this approach is that it is not efficient and cannot detect a problem before all the key pieces are acquired and reassembled; so, any issue with a key is only noted once a final version of the key is reassembled from all the individual pieces.
For these and other reasons, it can be seen that improved and automated techniques are desirable for validating and sharing secrets, such as keys.